Privacy Policy

ChurchServant ("we," "us," or "our") is committed to protecting the privacy of your congregation's data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information when you use the ChurchServant platform ("Service").

1. Information We Collect

Account Information

When you register, we collect your name, email address, and password (stored in hashed form). If you enable two-factor authentication, we store encrypted authentication data.

Congregation and Church Data

We collect your church name, address, contact information, logo, branding colors, and configuration settings you provide to customize the Service.

Member and Family Information

The Service stores information you enter about your congregation members, including:

• Names (first, middle, last, preferred, maiden)
• Contact information (email addresses, phone numbers, home addresses)
• Dates (birthdays, membership dates, wedding anniversaries)
• Gender, occupation, and role within the congregation
• Photos uploaded by account administrators
• Family relationships and household groupings
• Service role assignments and eligibilities

Financial Data

If you use our treasury tools and connect a bank account through Stripe Financial Connections, we receive read-only access to account information and transaction data. We do not have the ability to initiate transfers or modify your bank accounts. Budget categories, ledger entries, and contribution records you enter are also stored.

Communications Data

When you use our messaging features, we store the content and delivery status of SMS messages, voice calls, and emails sent through the Service, along with recipient information.

Content and Media

We store content you create or upload, including bulletin content, slide decks, website pages, prayer requests, event details, announcements, sermon recordings and transcripts, video clips, social media posts, and images.

Technical and Session Data

We collect standard technical information necessary to operate the Service, including session data, IP addresses, browser type, and device information. Sessions are stored in our database and expire after 120 minutes of inactivity.

2. How We Use Your Information

We use your information to:

• Provide the Service — generate bulletins, slide decks, rosters, directories, and websites using your congregation data
• Send communications — deliver SMS, voice, email, and push notifications on your behalf to the recipients you select
• Process with AI — generate content suggestions, transcribe sermons, analyze sermon audio, and create video clips using AI services
• Manage finances — sync bank transactions, categorize expenses, and generate financial reports
• Host your website — serve your congregation's public website on a subdomain or custom domain
• Manage your account — authenticate users, manage permissions, and process payments
• Improve the Service — fix bugs, develop new features, and improve reliability

3. Third-Party Service Providers

We use the following third-party services to operate the platform. Each processes data only as necessary to provide its specific function:

We require our third-party service providers to handle your data in accordance with their respective privacy policies and applicable law. We do not sell your data to any third party.

4. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it, including:

• Passwords are stored using secure one-way hashing
• Sensitive credentials (OAuth tokens, API keys) are encrypted at rest
• Two-factor authentication is available for all accounts
• Role-based access controls restrict data visibility within congregations
• Each congregation's data is logically separated from other congregations
• HTTPS encryption for all data in transit
• CSRF protection on all forms and API endpoints
• Signed URLs for sensitive document generation

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active. Member records may be archived (rather than deleted) to preserve historical information such as attendance records and communication logs.

If you cancel your account, we will retain your data for a reasonable period to allow you to reactivate or export your data. After that period, your data will be permanently deleted from our systems, except where retention is required by law.

6. Cookies and Tracking

The Service uses the following cookies, which are essential to its operation:

• Session cookie — maintains your authenticated session (expires after 120 minutes of inactivity)
• CSRF token cookie — protects against cross-site request forgery attacks
• Remember me cookie — keeps you signed in between sessions (optional, only when selected)

We do not use third-party analytics tracking cookies, advertising cookies, or social media tracking pixels on the platform.

7. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

• Service providers — with the third-party services listed in Section 3, solely to provide the Service
• Public websites — content you choose to publish on your congregation's public website is visible to anyone
• Legal requirements — if required by law, court order, or governmental request
• Safety — to protect the rights, safety, or property of ChurchServant, our users, or the public
• Business transfers — in connection with a merger, acquisition, or sale of assets, with notice provided to you

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your personal data
• Export — request a machine-readable copy of your data
• Opt-out — opt out of certain data processing activities

Account administrators can access, modify, and delete most congregation data directly through the Service. For requests that cannot be handled through the Service, or for individual data subject requests, please contact us at the address below.

9. Children's Privacy

The Service is designed for use by congregation administrators and leaders. While member directories may include information about minors (such as names and birthdays for birthday lists), we do not knowingly collect personal information directly from children under the age of 13. The congregation administrator is responsible for ensuring appropriate consent has been obtained for any minor's information entered into the Service.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise your California privacy rights, contact us using the information in Section 12.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the Service. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

ChurchServant
Email: privacy@churchservant.com