Privacy Policy

Effective Date: March 11, 2026

1. Introduction

New Life Pentecostal Church ("we," "us," or "our") operates the Church Management platform (the "Service"). This Privacy Policy describes how we collect, use, store, and protect information when you use our Service, including how we interact with third-party services such as Plaid.

We are committed to protecting the privacy and security of our members, staff, and administrators. By using the Service, you agree to the practices described in this policy.

2. Information We Collect

Information You Provide

• Account Information: Name, email address, phone number, and login credentials when you create or are assigned an account
• Giving and Contribution Data: Records of tithes, offerings, and donations processed through the Service
• Contact Information: Addresses, phone numbers, and communication preferences for church directory and ministry coordination

Information Collected Automatically

• Usage Data: Pages visited, features used, timestamps, and session duration
• Device Information: Browser type, operating system, IP address, and device identifiers
• Authentication Data: Login events, multi-factor authentication activity, and session tokens

Information from Third-Party Services

Only authorized administrators with multi-factor authentication can initiate or manage Plaid connections. No congregant or donor financial account data is collected, accessed, or stored through Plaid. We do not store full bank account numbers, routing numbers, or login credentials — Plaid handles all direct communication with the financial institution.

For more information on how Plaid handles your data, please refer to Plaid's End User Privacy Policy.

Stripe, Inc. — We use Stripe to process online giving and contributions. Payment card information is handled entirely by Stripe and is never stored on our systems. See Stripe's Privacy Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Administering church operations including membership, ministry scheduling, and communications
• Processing and recording tithes, offerings, and contributions
• Importing and reconciling the church's own bank transactions for fund accounting
• Generating contribution statements and financial reports
• Authenticating users and maintaining the security of the Service
• Sending church communications, bulletins, and ministry updates
• Complying with legal, regulatory, and tax reporting obligations

4. How We Protect Your Information

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
• Encryption at Rest: All data stored in our databases is encrypted using AES-256 encryption
• Multi-Factor Authentication: Administrative access to the Service requires SMS-based multi-factor authentication
• Access Controls: Role-based access controls ensure users can only access data appropriate to their role
• Monitoring: We monitor for unauthorized access attempts and suspicious activity

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

• Service Providers: With trusted third-party providers who assist in operating the Service (Plaid for bank connectivity, Stripe for payment processing, Twilio for SMS verification, MailerSend and Resend for email communications), subject to their own privacy policies and data protection obligations
• Legal Requirements: When required by law, court order, or governmental regulation
• Tax Reporting: Contribution data may be used to generate tax-related documents (e.g., annual giving statements) as required by IRS regulations
• With Your Consent: In any other circumstance, only with your explicit consent

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this policy, or as required by law. Specifically:

• Contribution Records: Retained for a minimum of seven (7) years to comply with IRS record-keeping requirements
• Account Information: Retained as long as your account remains active, and for a reasonable period thereafter
• Bank Transaction Data: Church account transaction data imported via Plaid is retained as long as necessary for financial reconciliation and reporting
• Authentication Logs: Retained for ninety (90) days for security monitoring purposes

7. Your Rights

You have the following rights regarding your information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request that inaccurate or incomplete data be corrected
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Opt-Out of Communications: Unsubscribe from non-essential communications at any time

To exercise any of these rights, please contact us using the information provided below.

8. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately so we can take appropriate steps to remove that information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: