Last updated April 26, 2026.
When you create an account, we collect your email address (for sign-in and account recovery) and, if you sign in with Google, the name and profile photo Google provides. When you have a conversation, we store the messages you send and the responses generated, tied to your account, in our database (Supabase). For paid users with memory enabled, we also store a structured profile derived from your conversations (your name, family details you have shared, ongoing themes, recent life events) so that future conversations can feel continuous.
Free users have their conversations saved so they can return to them in the sidebar. Paid users get an additional layer: a memory feature that lets the assistant remember what you have shared across conversations, the way a friend would remember. You can turn memory off in settings at any time, and you can delete your account whenever you want.
We do not use your conversations to train AI models. We do not sell your data. We do not share it with advertisers. We do not let third parties access it for marketing. The model that generates responses is provided by Anthropic, which has committed not to train its models on traffic from paid API usage such as ours.
You can see your own conversations in the sidebar. Authorized site personnel may access stored conversations only when necessary for technical support, debugging, legal compliance, or safety review (for example, if a user reports concerning behavior). We do not read conversations routinely, casually, or out of curiosity. Access is logged.
If you want a stronger privacy guarantee, you can use cometojesus.co without an account: anonymous users get five conversations with no storage tied to identity, processed in memory and discarded. You can also turn off memory in settings to limit what is remembered across conversations.
To operate this service we use the following providers, each governed by their own privacy practices:
• Anthropic processes your messages to generate AI responses.
• Supabase hosts our database and authentication.
• Stripe processes subscription payments. Your payment card details never touch our servers.
• Cloudflare provides bot protection (Turnstile), DNS, and privacy-preserving analytics.
• Vercel hosts the application and provides privacy-minded web analytics.
• Resend sends transactional emails (sign-up confirmation, password reset).
We use Cloudflare Web Analytics and Vercel Web Analytics for aggregate page views and site performance. We also collect lightweight first-party funnel events, such as when someone clicks begin, enters the chat, sends a first message, hits a usage limit, starts checkout, or completes a subscription. These events help us understand where the product is confusing or broken. We do not store chat text, generated replies, prompts, passwords, or payment details in analytics events.
We do not use tracking cookies. We use your browser's local storage to remember a few small things: that you have visited before (so the welcome screen does not show every time), the ID of your current conversation (so refreshing the page returns you to where you left off), a random analytics ID for first-party funnel counts, and your authentication session if you are signed in. Clearing your browser storage will sign you out and reset these.
You can delete your account at any time from settings. When you do, your conversations and stored memory are removed within 30 days. You can turn memory off at any time in settings, after which no new memory is collected and the assistant treats each conversation as fresh. You can request a copy of your data by emailing support@cometojesus.co.
This service is not intended for anyone under 13. Users between 13 and 17 should only use this service with a parent or guardian's knowledge and consent. We do not knowingly collect information from children under 13.
We use industry-standard security: HTTPS everywhere, hashed passwords (handled by Supabase Auth), Row Level Security policies on database tables to enforce that users can only read their own data, and Stripe's PCI-compliant payment processing. No system is perfect, but we take this seriously.
Our infrastructure is hosted in the United States. By using the service, you consent to your data being processed in the US. We comply with applicable data protection laws including GDPR and CCPA where they apply.
This policy may be updated. Significant changes will be communicated to signed-in users via email when feasible. Continued use after changes constitutes acceptance.
Questions, concerns, or data requests: support@cometojesus.co
See also the terms of use.