Privacy Policy

When you create an account, we collect your name, email address, and authentication metadata from your sign-in provider (currently Google). When you join a church as a member or admin, we also store information your church chooses to record about you — for example, your contact details, giving history, and pledges.

We do not knowingly collect information from children under the age your church determines to be a minor for record-keeping purposes.

We use your information to operate ChurchFlow — including authenticating you, scoping you to the churches you belong to, recording giving on behalf of your church, generating reports for authorised admins, and sending operational emails (for example, invitation acceptance and sign-out notifications).

We do not sell your personal data, and we do not use it for advertising. We use a minimal set of essential cookies (a session cookie to keep you signed in and a CSP nonce per request) — no tracking cookies or third-party analytics that profile you.

Every church is its own tenant in ChurchFlow. Members of one church cannot read another church's data. Tenant isolation is enforced on the server, not just in the user interface. A super-admin role exists for platform operations and is used sparingly; super-admin actions are audited.

We share information with the infrastructure providers required to run the service — including our authentication provider (Google Firebase), our database host, and the cloud provider that runs our servers. Each of these providers is bound by their own data-processing terms.

We may disclose information if required to do so by law, or if we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Personal information is retained for as long as your church maintains an active account, and for a reasonable period afterwards to satisfy tax and audit obligations applicable to religious nonprofits. You can request export or deletion of your personal information at any time by contacting your church admin, who can then escalate the request to us.

You can sign out of any device, sign out of all devices at once, update your profile, or ask your church admin to update or remove information your church has recorded about you. If you'd like a copy of your data or want it deleted entirely, contact your church admin first; we will work with them on the request.

We may update this Privacy Policy from time to time. When we do, we'll update the "last updated" date at the top of this page, and — for material changes — surface a notification in the app the next time you sign in.

Questions? Email us at japhethlouie@gmail.com. We read every message and aim to respond within a few business days.