Privacy Policy

Summary in plain English

• We only collect information you give us directly (your email when you subscribe, your message when you ask a question, your card information when you make a payment).
• We don't sell or share your personal data with anyone for advertising. Ever.
• You can unsubscribe from emails with one click, anytime.
• You can ask us to delete every piece of information we have about you. We'll do it within 30 days.

1. Who we are

HonestApologist is an independent Christian apologetics ministry operated as a sole proprietorship by the site owner ("we", "us", "our"). We are the data controller for the information described in this policy.

Site: honestapologist.com
Contact: contact@honestapologist.com

2. What information we collect

We only collect what we actually need to run the site. Specifically:

• Newsletter signups. Your email address, optional first name, the topics you said you're interested in, and your preferred frequency. We also store the date and time you signed up plus a hashed version of your IP address for fraud / abuse prevention. We do not store your raw IP.
• Questions and prayer requests. What you wrote, your name and email if you provided them, and a hashed IP address. Public display only happens if you check the consent box.
• Donations and store purchases. Your name, email, billing address (when shipping is needed), the items you bought, and the amount. Card numbers go directly to Stripe — we never see them or store them.
• Reader accounts. If you sign in to bookmark, comment, or react, your email address (via Google or Microsoft sign-in through Firebase Authentication), your display name, and your activity on the site.
• Server logs. Cloudflare automatically records each request your browser makes to our site (IP address, user agent, response code, timestamp). We use this only for security and abuse prevention. Cloudflare retains these per their privacy policy.

We do not collect: your phone number, your physical location beyond what's in a billing address, your contact list, your browsing history outside our site, or anything from cookies that track you across other sites.

3. How we use your information

• To send you the newsletter you asked for, and only that.
• To respond to your questions or prayer requests.
• To process and fulfill your donations or orders.
• To run and secure the site (block spam, prevent fraud, fix bugs).
• To comply with legal obligations (tax records for donations, lawful subpoenas).

We do not use your information for advertising, profiling, or automated decisions that legally affect you.

4. Who we share it with

We share information only with the service providers we need to run the site. Each is bound by their own contract and privacy policy:

• Cloudflare — hosts the site, our forms, and our database (Workers + Durable Objects). All site traffic flows through Cloudflare. Privacy policy.
• Resend — the email-sending service we use for newsletter delivery. Receives your email address and the email content. Privacy policy.
• Stripe — handles all card payments. Receives your name, email, billing address, and card details. Privacy policy.
• Firebase (Google) — handles reader sign-in. Receives your email and authentication tokens. Privacy policy.
• OpenAI — used by the site owner to draft newsletter content. Recent published article titles and summaries are sent to OpenAI to generate drafts. No subscriber email addresses or personal data are sent. Privacy policy.

We never sell your personal data. We never share it with advertisers, data brokers, or marketing partners. The only other situations where we might disclose information are: (a) to comply with a valid legal request, (b) to protect against fraud or abuse of the site, or (c) if HonestApologist is ever transferred to another operator, in which case we will notify subscribers in advance.

5. Cookies and similar technology

HonestApologist does not use advertising or tracking cookies. The only cookies and local-storage items we set are:

• Strictly necessary: sign-in session token (when you log in), language preference, font-size preference, and similar essentials. These can't be turned off without breaking the site.
• Cloudflare security: Cloudflare may set short-lived cookies (e.g. __cf_bm) to distinguish humans from bots. See their privacy policy.

We do not use Google Analytics, Facebook Pixel, or any third-party advertising or analytics SDKs.

6. How long we keep it

• Newsletter subscriptions: until you unsubscribe, plus a tombstone record (email + unsubscribed-at date) so we don't accidentally re-add you. You can request full deletion any time (see "Your rights").
• Questions and prayer requests: until you ask us to delete them, or up to 5 years if archived.
• Donations and orders: 7 years, as required by US tax law for charitable receipts. Payment details are kept by Stripe under their retention policy.
• Reader account data: until you delete your account.
• Server logs: per Cloudflare's retention policy (typically 30 days for analytics-level logs).

7. How we protect it

• HTTPS across the entire site, with HSTS, a strict Content-Security-Policy, and other modern security headers.
• Admin access is gated by Cloudflare Access (Google sign-in plus an explicit email allowlist) and requires two-factor authentication.
• Passwords are never stored by us — sign-in goes through Google / Microsoft (Firebase Auth) and never touches our servers.
• Card numbers are never stored by us — they go straight to Stripe via their secure JavaScript SDK.
• API keys and secrets are stored only as Cloudflare Worker secrets, never in source code.
• IP addresses on form submissions are hashed before storage so we cannot reverse-engineer them.
• The full security playbook lives at SECURITY.md.

We will notify you and any required regulator within 72 hours if we discover a personal-data breach, in line with GDPR Art. 33–34 and equivalent obligations under LFPDPPP and US state laws.

8. Your privacy rights

Wherever you live, you can:

• Unsubscribe from emails with one click using the link at the bottom of every newsletter, or by writing to contact@honestapologist.com.
• Access the personal data we hold about you.
• Correct any information that is wrong.
• Delete all of it. We'll do this within 30 days unless we're legally required to keep some part (donation records, etc.).
• Object to certain uses, such as processing for marketing.
• Receive a copy of your data in a portable format (JSON or CSV).

To exercise any of these, email contact@honestapologist.com from the address you used on the site. We may ask one follow-up question to confirm it's really you.

9. For visitors in the EU / UK (GDPR / UK GDPR)

HonestApologist is the data controller. Our lawful bases for processing are:

• Consent (Art. 6(1)(a)) for the newsletter, optional account features, and any optional cookies. You can withdraw consent at any time without affecting earlier processing.
• Contract (Art. 6(1)(b)) for processing donations, orders, and account features you signed up for.
• Legitimate interest (Art. 6(1)(f)) for site security, fraud prevention, and basic server logs. You may object to processing under this basis at any time.
• Legal obligation (Art. 6(1)(c)) for retaining donation records to meet tax / charitable-organization rules.

You have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office. In each EU country there is a national authority — see edpb.europa.eu.

We do not transfer personal data outside the EEA / UK except as needed to use the service providers listed above. Each of those providers has its own GDPR safeguards (Standard Contractual Clauses or equivalent).

10. Para visitantes en México (Aviso de Privacidad — LFPDPPP)

Esta sección cumple con la Ley Federal de Protección de Datos Personales en Posesión de los Particulares.

Responsable. HonestApologist (operado como ministerio independiente). Contacto: contact@honestapologist.com.

Datos personales recabados. Los descritos en la sección 2 anterior: correo electrónico, nombre opcional, mensaje (en preguntas u oraciones), información de pago (procesada por Stripe), y datos de inicio de sesión (procesados por Firebase).

Finalidades del tratamiento. Las descritas en la sección 3: enviar el boletín, responder mensajes, procesar donaciones y compras, asegurar el sitio, y cumplir con obligaciones legales.

Transferencias. Compartimos datos únicamente con los proveedores de servicios listados en la sección 4. No vendemos ni transferimos sus datos a terceros con fines comerciales.

Derechos ARCO. Usted tiene derecho a:

• Acceso: conocer qué datos tenemos sobre usted.
• Rectificación: corregir datos incorrectos.
• Cancelación: solicitar la eliminación de sus datos.
• Oposición: oponerse a usos específicos.

También puede revocar su consentimiento o limitar el uso o divulgación de sus datos en cualquier momento. Para ejercer cualquiera de estos derechos, escriba a contact@honestapologist.com desde la dirección que usó en el sitio. Responderemos dentro de los 20 días hábiles que establece la LFPDPPP.

Si considera que su derecho a la protección de datos personales ha sido vulnerado, puede acudir al Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI).

11. For California residents (CCPA / CPRA)

If you live in California, you have the right to:

• Know what personal information we collect, use, disclose, and (for completeness) "sell" or "share" — though we do not sell or share your personal information for advertising.
• Delete personal information we collected from you, with limited exceptions.
• Correct inaccurate personal information.
• Opt out of any "sale" or "share" of personal information. (Again — we don't.)
• Non-discrimination for exercising your rights.

To make any of these requests, email contact@honestapologist.com. We will respond within 45 days.

12. Children

HonestApologist is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete it.

13. Changes to this policy

If we change this policy in a way that materially affects how we use your information, we'll notify newsletter subscribers by email and post a notice at the top of this page for at least 30 days. The "Last updated" date at the top of this page always reflects the current version.

14. How to contact us

For any privacy-related question or to exercise any right described above:

Email: contact@honestapologist.com
Web: honestapologist.com

If you want a written reply by mail, please include a return address in your message and we will respond using the contact channel you specify.