Privacy Policy
Soar is designed to collect as little personal data as possible. There is no behavioural advertising, sale of personal data, or cross-site analytics. The public website works without an account and does not store an AI conversation history in your browser. The iPhone app remains usable without signing in; a Soar Account is optional and is described below.
1. Controller
Kian Oliver Peters
Johann-Gottlieb-Fichte-Str. 9
61118 Bad Vilbel, Germany
Email: [email protected]
2. Website delivery and security
When you open the website or use an online feature, our European hosting provider and Cloudflare process the technical request data needed to deliver and protect the service. This can include the IP address, time, requested URL, browser or device information, response status, and security signals. Cloudflare may set strictly necessary security cookies or present a challenge when it detects suspicious traffic. Soar does not add advertising or analytics cookies.
For AI abuse prevention, Soar converts the requesting IP address into a salted one-way hash held in the running server process. The raw IP is not written to the Soar rate-limit store. Minute counters expire after one minute and daily counters after 24 hours or when the process restarts. Infrastructure security logs are retained only for as long as required to operate, secure, and troubleshoot the service, according to the configured hosting and Cloudflare retention periods.
The legal basis is our legitimate interest in reliable, secure, and abuse-resistant operation (Art. 6(1)(f) GDPR).
3. Soar AI and search
When you submit a question, search, follow-up, or other AI request, the text you enter is sent
to soarbahai.com. Soar retrieves potentially relevant passages, asks external model
services to rank or generate a response, and then checks quotations and source references before
showing the result. Do not enter confidential information or personal data that is not needed for
your question.
The following service providers may receive the question and, where needed, selected source passages:
- Google Gemini API – primary answer generation and verification. Soar uses a paid API service; Google states that paid-service prompts and responses are not used to improve its products, although limited abuse-monitoring retention may apply.
- Voyage AI – query embeddings and reranking for semantic source search.
- Cohere – fallback answer generation if the primary generator is unavailable.
AI requests are not attached to your Soar Account identity. To reduce repeated model calls, Soar may store a normalized question together with its verified answer and source references in a bounded server cache. Cache entries contain no account identifier or IP address and remain until displaced by newer entries, invalidated by a corpus or model change, removed during maintenance, or erased following a valid request where the entry can be identified.
The legal basis is performance of the feature you request (Art. 6(1)(b) GDPR). Service security and cost-abuse controls are based on our legitimate interests (Art. 6(1)(f) GDPR). We do not use your questions for advertising or profiling.
4. Data that stays on your iPhone
Without a Soar Account, saved passages, prayer and song favourites, personal collections, reading continuity, reflections, settings, and reminder preferences remain on your device. Location used by the Qiblih compass is processed on the device and is not sent to Soar. Deleting the app removes its local data, subject to normal device or operating-system backups.
5. Soar Account, sync, and Shared Song Collections
A Soar Account is optional. It provides encrypted server backup and restore and is required only for Shared Song Collections. You may authenticate with Apple or Google. We receive the provider’s stable account identifier and may receive the name and email address that provider makes available.
Our server stores:
- the linked Apple or Google identifier and optional profile details;
- hashed session credentials, which expire after 90 days, with at most ten active sessions;
- where supplied, an encrypted Apple authorization token used to revoke Sign in with Apple when the account is deleted;
- an encrypted backup of saved content, favourites, personal collections, reading continuity, reflections, and related settings; and
- for Shared Song Collections, the collection name, stable Songbook IDs, membership, role, invite code, and revision data.
The personal backup is encrypted at rest, but it is not end-to-end encrypted: the Soar server can decrypt it to validate, merge, back up, and restore the data. Shared Collection records are stored separately so authenticated members can collaborate. They do not contain reflections, saved notes, or reading-continuity details.
Account and sync data are kept while the account exists. Processing is necessary to provide the account, sync, restore, and collaboration features you choose (Art. 6(1)(b) GDPR).
6. Account deletion and provider revocation
You can delete the account in the iPhone app under More → Settings → Soar Account → Delete account, or request deletion by email. Deletion removes the account, server-side backup, sessions, linked identities, Shared Collection memberships, and Shared Collections owned by that account. It does not delete local data from your device. If automated Apple revocation cannot be completed, the app explains that Sign in with Apple access must also be revoked in your Apple ID settings. Signing out only revokes the current session and local Shared Collection cache; it does not delete the account or server data.
7. Contributions, support email, and PayPal
Song suggestions, recordings, and support requests use your email app. The website does not upload or store attachments. If you email us, we process the address, message, and attachments to answer or review the contribution and retain them only while needed for that purpose or applicable legal obligations. The legal basis is handling your request (Art. 6(1)(b) GDPR) and our legitimate interest in support and contribution review (Art. 6(1)(f) GDPR).
Optional support opens PayPal in a separate service. PayPal processes payment and account data under its own privacy policy. Soar may receive the details PayPal makes available to a recipient, such as the supporter name, amount, transaction reference, and contact details. Support is optional, unlocks nothing, and is not a contribution to a Bahá’í Fund or Ḥuqúqu’lláh.
8. Recipients and international transfers
Depending on the feature used, recipients can include our hosting provider, Cloudflare, Google, Voyage AI, Cohere, Apple, Google Sign-In, PayPal, and our email provider. Some providers process data in the United States or other countries outside the EEA. Where required, transfers rely on an applicable adequacy decision, the EU Standard Contractual Clauses, or another lawful safeguard. Provider-specific retention and security processing may also apply.
9. Your rights
Subject to the legal requirements, you have rights of access, rectification, erasure, restriction, objection, and data portability. Where processing is based on consent, you may withdraw it for the future. You may also complain to a competent data protection supervisory authority. To exercise your rights, email the controller above. Because anonymous AI cache entries are not linked to an account or IP address, please include the exact question and approximate date if you ask us to locate one.
10. Children
Soar does not knowingly use children’s data for advertising or profiling. Online AI and account features should be used in accordance with the age requirements of the relevant platform and identity provider. If you believe a child has submitted personal data that should be removed, contact us.
11. Changes
We may update this policy when the product, providers, or legal requirements change. The current version and update date are always available at this URL.
Soar is an independent private initiative and is not affiliated with any Bahá’í institution. AI can make mistakes; verify quotations and context using the linked official sources.