Privacy Policy

1. Scope and roles

Faith Care HQ operates the service described in this policy. A church or ministry that creates an account generally controls the ministry and pastoral-care information entered into its workspace. Faith Care HQ processes that information to provide the service on the organization's behalf.

This policy also applies to information we collect directly from account owners, staff users, volunteers, website visitors, and people who use a church's public intake forms.

2. Information we collect

We collect information that you provide, information generated through use of the service, and information received from enabled integrations.

• Account and organization details, including church name, names, email addresses, roles, locale, authentication credentials, subscription status, and billing identifiers.
• Ministry records, including member and household details, contact information, prayer requests, care requests, care cases, assignments, visits, tasks, notes, workflow settings, and volunteer information.
• Public-form submissions and communications, including the content and contact details a submitter chooses to provide.
• Technical and usage data, including IP address, device and browser information, session and cookie data, page activity, feature usage, errors, audit events, and security logs.
• Information imported from connected services such as Planning Center, including member, household, contact, membership, and organization data authorized by the church.

3. Sensitive pastoral-care information

The service may contain highly sensitive pastoral, counseling, health-related, family, prayer, and ministry information. Churches and authorized users are responsible for deciding what information is appropriate to enter, obtaining any required permissions, and assigning access consistent with their legal and pastoral obligations.

Faith Care HQ uses tenant separation, role-based access, restricted records, and audit features to support careful handling. No system can guarantee absolute security, and the service is not a substitute for emergency services, licensed medical care, or a clinical health-record system.

4. How we use information

• Provide, secure, maintain, support, and improve the service.
• Authenticate users, enforce permissions, isolate church workspaces, and investigate misuse or security incidents.
• Process care workflows, notifications, emails, reports, integrations, billing, and customer-support requests.
• Generate optional AI-assisted summaries, recommendations, briefings, or workflow drafts when an authorized user requests those features.
• Measure product performance and reliability, understand feature usage, and comply with legal obligations.

5. Cookies, analytics, and monitoring

We use necessary cookies and similar storage for authentication, security, locale, theme preferences, and session continuity. We may use PromoteKit to attribute referrals and affiliate commissions, PostHog for product analytics and error capture, and New Relic for application performance, diagnostics, and reliability monitoring.

These providers may receive technical identifiers, referral information, account email addresses, and usage events as needed for their stated purposes. We configure these services to support referrals, operations, and product improvement, not to sell pastoral-care information or build advertising profiles from sensitive ministry content.

6. Service providers and integrations

We disclose information to service providers only as reasonably needed to operate requested features. These may include hosting and infrastructure providers, PostgreSQL and storage systems, email delivery providers, payment and billing providers, PromoteKit, PostHog, New Relic, OpenAI, and Planning Center.

When an authorized user invokes an AI feature, relevant content may be sent to the configured AI provider to produce the requested result. When a church connects Planning Center, authorized information is exchanged according to that integration's settings. Third-party services also apply their own terms and privacy practices.

We may disclose information when required by law, to protect rights and safety, in connection with a business transfer, or with the direction or consent of the controlling church or affected user.

7. Data retention and deletion

We retain account and ministry information while an account is active and as reasonably necessary to provide the service, maintain security and audit records, resolve disputes, enforce agreements, satisfy financial or legal duties, and preserve backups.

Church administrators may update or remove many records through the service. Requests for account closure, export, correction, or deletion may be sent to the contact below. Some information may remain in backups, audit trails, or records that must be retained by law. Churches are responsible for responding to requests concerning data they control.

8. Security and incident response

We use administrative, technical, and organizational safeguards designed for the nature of the information, including encrypted connections, access controls, tenant scoping, filtered logs, audit histories, and production monitoring.

Users must protect credentials, use appropriate devices and networks, promptly remove access that is no longer needed, and report suspected unauthorized access. We will investigate confirmed incidents and provide notices when required by applicable law or contractual commitments.

9. Choices, access, and privacy rights

Depending on location and applicable law, individuals may have rights to request access, correction, deletion, restriction, portability, or information about disclosures. We may need to verify identity and may direct requests about church-controlled records to the relevant church.

Users can control certain profile, locale, theme, integration, notification, and ministry-record settings in the service. Browser controls may limit cookies, but disabling necessary storage can prevent authentication or other features from working.

10. Children, international use, and changes

The service is intended for organizations and authorized adult users, not for children to create independent accounts. Churches must use appropriate consent and safeguards when entering information about minors.

Information may be processed in the United States and other locations where service providers operate. We may update this policy as the service or legal requirements change. We will post the revised policy with a new last-updated date and provide additional notice when appropriate.