Privacy Policy

Last updated: December 22, 2025

Introduction

Welcome to Gatherflow. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website and use our services, and tell you about your privacy rights and how the law protects you.

Information We Collect

We collect and process the following types of information:

  • Account Information: Name, email address, phone number, and profile picture
  • Church Information: Church name, campus details, and organizational data
  • Member Information: Contact details, attendance records, group memberships, and pathway progress
  • Authentication Data: Passwords (encrypted), Google OAuth tokens, and biometric credentials (stored securely on your device)
  • Usage Data: Log data, IP addresses, browser type, and interaction patterns
  • Payment Information: Processed securely through Stripe (we do not store full credit card details)

How We Use Your Information

We use your information for the following purposes:

  • To provide and maintain our church management services
  • To manage user accounts and authentication
  • To process payments and subscriptions
  • To send important updates, notifications, and announcements
  • To improve our services and develop new features
  • To provide customer support and respond to inquiries
  • To ensure security and prevent fraud
  • To comply with legal obligations and protect our rights

Data Security

We implement appropriate technical and organizational security measures to protect your personal data:

  • Encryption of data in transit using SSL/TLS certificates
  • Encrypted password storage using bcrypt hashing
  • Secure database hosting with Prisma Accelerate and PostgreSQL
  • Regular security audits and updates
  • Multi-factor authentication options (biometric login)
  • Access controls and role-based permissions

Third-Party Services

We use the following third-party services:

  • Google OAuth: For authentication (subject to Google's Privacy Policy)
  • Stripe: For payment processing (subject to Stripe's Privacy Policy)
  • Google Maps: For address autocomplete and location services
  • OpenAI: For AI-powered features (optional)
  • Prisma/PostgreSQL: For secure data storage

Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Within Your Church Organization: Church administrators and authorized staff can access member data within their organization
  • Service Providers: With trusted third-party vendors who assist in providing our services (under strict confidentiality agreements)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your data (subject to legal obligations)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Restriction: Request restriction of processing in certain circumstances
  • Withdrawal of Consent: Withdraw consent for data processing at any time

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal data within 30 days, except for data we are required to retain for legal, accounting, or security purposes.

Cookies

We use cookies and similar tracking technologies to improve your experience:

  • Essential Cookies: Required for authentication and basic functionality
  • Preference Cookies: Remember your settings (theme, language, sidebar state)
  • Analytics Cookies: Help us understand how you use our service

You can control cookies through your browser settings, but disabling certain cookies may limit functionality.

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete such information.

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable data protection laws.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at:

Email: privacy@gatherflow.co

Address: Gatherflow, Inc.
[Your Business Address]

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

To exercise these rights, please contact us using the information above.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the rights listed above in "Your Rights" section. You also have the right to lodge a complaint with your local data protection authority.