Last updated May 24, 2026 (Messaging update)
Biblical Communities is a directory and network that helps Scripture-first believers find one another. This policy explains, in plain language, what information we collect about you, why we collect it, who else sees it, and what choices you have. We have tried to keep the policy short and the product simple so the two can stay aligned.
Biblical Communities is operated as a personal project (not a registered nonprofit at this time). For privacy questions, account deletion requests, or anything else covered by this policy, write to admin@yeesh.life or use the contact form.
When you create an account we require your name, email address, a password (stored hashed — we never see the original), and a short statement of faith and intent.
Optional profile information you may add later: a free-form location (city, state, country, or a more specific address if you choose), year and month of birth (we do not store the day), sex, phone number (kept private — see below), short bio, short statement, an avatar image, a cover image, links to your own websites or social accounts, and a chosen username for your profile URL.
When you list a community we collect the community name, description, location, schedule, audience tags, contact details you choose to publish, and optional logo/banner images.
When you submit a form (registration, contact, support request, giving inquiry, claim on a community listing) we store the contents of that submission along with a timestamp and the IP address it came from. IP is used for spam defense, fraud signals, and to debug delivery issues.
Identity-change audit log: whenever you (or an administrator on your behalf) change identity-shaping fields on your account — name, email, sex, date of birth, username, verified status, account type, or status — we record the before/after values, who made the change, the IP, and a short snippet of the browser user-agent string. This log exists for fraud prevention and is visible only to administrators.
Outgoing email log: when the system sends you an email (account approval, welcome message, password reset, community-join notification, etc.) we keep a record of the recipient, subject, type, and whether delivery succeeded. This helps us diagnose delivery problems and is visible only to administrators.
We use the information you give us to operate the account, show you relevant communities and events, allow other members to find and contact you when you opt in, send transactional email about your account, defend the site against abuse, and respond to your questions. We do not sell your personal information. We do not show third-party advertising. We do not use your data to train machine-learning models.
Other logged-in members can see profile fields you've chosen to share with members. Members-only visibility is the default for most profile content.
The public web sees only what you explicitly opt in to publish. Your account is not listed publicly unless you turn on the public-listing toggle on your profile. Even then, each individual field (location, age, sex, bio, statement, resource links, cover image) has its own public-visibility switch you control.
Your phone number and email address are never shown to other members or to the public web, regardless of any other setting.
Administrators can see every field on your account, including audit-log entries and the email log, so they can review submissions, moderate listings, and respond to support requests.
Law enforcement and legal process: if we receive a valid subpoena, court order, or comparable legal demand, we may disclose information you've stored on the site to the extent the demand requires.
Members may send each other direct messages once verified. Verification is a brief phone or video call with an administrator; submitting a verification request creates a record containing your stated reasons, your preferred contact method, the phone number you supply (if any), and your stated availability. This information is visible to administrators only and is retained while your account is active so future reviews have context.
Encryption at rest: every direct-message body is encrypted in our database using libsodium authenticated encryption (XSalsa20-Poly1305, 256-bit key). The encryption key is stored on the server filesystem, separate from the database, so a database leak alone cannot decrypt messages. Message metadata — who messaged whom, when, and whether the message has been read — is stored unencrypted so we can render your inbox, send notifications, and detect abuse patterns.
What this is NOT: this is not end-to-end encryption. Administrators can decrypt messages when investigating abuse reports, responding to safety concerns, or when legally required. Every administrative decryption is recorded in our identity audit log along with the administrator's identity and IP. We use this access sparingly and only for moderation purposes.
Notification emails about new messages never include the body of the message — they only identify the sender and link to your inbox. This avoids reintroducing plaintext message content into third-party mailboxes such as Gmail. You can turn message notifications off entirely from your Account page.
Administrative broadcasts: administrators may send announcements to all active members. These ignore your per-account "allow messages" toggle (since administrative communications are sometimes operationally necessary), but you can still turn off email notifications and respond to or archive the conversation like any other.
Blocking and reporting: you can block any member from your inbox; doing so prevents them from starting new conversations with you. You can also report a conversation to administrators, who will review it and take action as needed. Reports are visible to administrators only.
Retention: messages, conversations, block-list entries, and report records are kept while your account is active. When you delete your account, message content tied to your identity is removed; however, copies sent to other members' inboxes may persist there (you cannot retract a message after it's been sent, only delete it from your own view subject to moderator review).
The site loads resources from, or sends data to, the following third parties. Each is used for a single specific purpose:
We set a single first-party cookie named BCSESSID
so you stay logged in across pages. It is a session cookie (it expires
when you close your browser), marked HttpOnly and SameSite=Lax, and is
sent only over HTTPS. We do not set advertising, analytics, or
cross-site tracking cookies.
You can view and change most of your stored information from your Account page and your Public Profile page once logged in. The Public Profile page also holds every per-field visibility toggle (Self / Members / Public).
To delete your account, email admin@yeesh.life from the address on file and we will remove your account and personal profile information. Audit-log entries and email-log entries connected to your account may be retained in anonymized form for fraud prevention and operational diagnostics, and content you published publicly (a community listing, an event) may be retained where doing so does not identify you.
The site is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has created an account, please contact us at admin@yeesh.life and we will remove it.
We keep your account information as long as your account is active. Passwords are stored using a one-way hash and cannot be read back. Sessions, traffic between you and the site, and form submissions are protected by HTTPS. No system is perfectly secure; please notify us promptly at admin@yeesh.life if you believe your account has been compromised.
If we make material changes we will update the date at the top of this page and, where appropriate, send a notice to members by email or via a banner on the site. Continued use of the site after a change means you accept the revised policy.
Questions, corrections, or requests under this policy go to admin@yeesh.life or via the contact form.