Privacy Policy

FaithNexus App LLC ("FaithNexus," "we," "us," or "our") respects your privacy. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use the FaithNexus church management software platform (the "Service"). Capitalized terms not defined here have the meaning given in our Terms of Service.

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

1. Roles: Controller vs. Processor

FaithNexus acts in two capacities:

• As a controller, with respect to information we collect directly from Members and Customer Church administrators to provide the Service.
• As a processor, with respect to congregant information that Customer Churches load into the Service. The Customer Church is the controller of its congregant data.

If you are a congregant of a Customer Church and have questions about how your information is used by that church, contact the church directly.

2. Information We Collect

A. Information you provide

• Account: name, email, password (stored as a cryptographic hash), phone number, role within your Customer Church.
• Church administrative: church name, address, congregation size, administrator contacts, payment information (tokenized by Stripe; we do not see or store full card numbers).
• Content: announcements, prayer requests, events, group information, volunteer schedules, and any other content you enter.
• Communications: emails, support tickets, and other messages you send us.

B. Information Customer Churches load about congregants

• Contact information: names, emails, phone numbers, addresses.
• Giving records: donation amounts, dates, tokenized payment methods, pledge information.
• Attendance records: events attended, check-ins, absences.
• Children's check-in records (see the Children's Privacy Notice).
• Volunteer records: assigned roles, schedules, availability.

C. Information collected automatically

• Usage: pages viewed, features used, timestamps, referring URLs.
• Device and connection: IP address, browser type, operating system, device identifiers, approximate location derived from IP.
• Cookies and similar technologies: session cookies for authentication and a limited number of analytics or preference cookies. We do not use third-party advertising cookies.

3. How We Use Information

• Provide, operate, maintain, secure, and improve the Service;
• Authenticate users, prevent fraud and abuse, and enforce our Terms;
• Process payments and donations through Stripe;
• Send transactional communications (password resets, receipts, service announcements);
• Send notifications authorized by Customer Churches (church announcements, prayer request alerts) via SMS, email, or push;
• Provide customer support and respond to inquiries;
• Analyze usage trends to improve reliability and features;
• Comply with legal obligations and protect our rights and the safety of users.

We do not sell personal information. We do not use personal information for targeted advertising or for cross-context behavioral advertising.

We may use de-identified or aggregated data derived from personal information — data that cannot reasonably be used to identify any individual — for any lawful purpose, including product development, analytics, benchmarking, marketing, and research.

4. How We Share Information

• With Customer Churches: Member information is shared with the Customer Church(es) in which the Member participates.
• With Sub-Processors: We share information with service providers who perform services on our behalf (Stripe, Twilio, Supabase, Vercel, email delivery providers, and others listed on our website). Sub-Processors are contractually required to use information only to provide services to us.
• For legal reasons: We may disclose information if required by law, subpoena, or legal process, or if we reasonably believe disclosure is necessary to protect our rights, prevent fraud, enforce our Terms, respond to a government or regulatory inquiry, or protect the safety of users or the public.
• In a business transfer: If FaithNexus is involved in a merger, acquisition, financing, sale of assets, or bankruptcy, personal information may be transferred; we will notify affected users.
• With your consent: We may share information in other ways with your express consent.

5. Data Retention

• Active account data: retained for the duration of your subscription plus 30 days after cancellation.
• Donation and financial records: retained for at least seven years to support tax recordkeeping obligations.
• Children's check-in records: retained only as long as necessary, and in no event longer than one year after the child's last check-in, unless the Customer Church requests a longer period with documented parental consent.
• Backups: residual copies in encrypted backups may persist for up to 90 days after deletion from live systems.
• Support and legal records: retained as long as reasonably necessary for our legitimate business and legal purposes.

6. Security

We implement reasonable administrative, technical, and physical safeguards, including: encryption in transit (TLS 1.2 or higher); encryption at rest for database storage; row-level security policies in our database; role-based access controls; and routine monitoring. However, no system is completely secure. We cannot guarantee absolute security. You use the Service at your own risk.

If we become aware of a security incident affecting your personal information, we will notify you and applicable regulators as required by law.

7. Your Privacy Rights

Depending on your jurisdiction, you may have rights including:

• Right of access to know what information we hold about you.
• Right to correct inaccurate or incomplete information.
• Right to deletion, subject to exceptions (such as legal recordkeeping).
• Right to data portability.
• Right to opt out of certain uses (e.g., marketing emails).
• Right not to be discriminated against for exercising your rights.

If you are a congregant whose data was loaded by a Customer Church, direct most privacy requests to that Customer Church. For information we control directly, contact privacy@faithnexus.app.

Virginia residents (VCDPA)

Virginia residents have the rights listed above and may appeal a denial of a request by contacting privacy@faithnexus.app with "VCDPA Appeal" in the subject line.

California residents (CCPA/CPRA)

California residents have the rights listed above and additional rights under the California Consumer Privacy Act as amended. We do not sell personal information or share it for cross-context behavioral advertising. Californians may designate an authorized agent to submit requests on their behalf.

Residents of other states

Residents of Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive consumer privacy laws have rights similar to those above.

8. Children's Privacy

See our separate Children's Privacy Notice for how we handle personal information of children under 13 collected through the children's check-in feature. That Notice is incorporated into this Privacy Policy by reference.

9. International Users

FaithNexus is based in the United States, and the Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We do not currently market the Service to residents of the European Economic Area or the United Kingdom.

10. Cookies and Tracking

We use cookies and similar technologies to operate the Service, remember preferences, and analyze usage. Strictly necessary cookies enable authentication; disabling them may prevent the Service from functioning.

11. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on the Service and, for significant changes, by email.

12. Contact

FaithNexus App LLC
Attn: Privacy
44679 Endicott Dr Suite 300
Ashburn, VA 20147
Email: privacy@faithnexus.app