Legal

Privacy Policy

Last updated: May 14, 2026

Parishly™ is built for pastors and church administrators. We handle sensitive pastoral data — member contact information, care visit records, counseling notes. We take that responsibility seriously. This policy explains exactly what we collect, why, and how we protect it.

1. What Data We Collect

Pastor and Staff Accounts

  • Name and email address — used to create your account and send notifications
  • Password (hashed) — stored as a one-way hash; we cannot recover your plaintext password
  • Church name and organization details — used to set up your church tenant
  • Subscription and billing history — payment processing is handled by Stripe; we store plan type and status, not raw card data

Congregation Member Data

  • Member profiles — name, email, phone number, and any notes your team enters
  • Care log entries — type of visit (pastoral visit, counseling, phone call, etc.), date, and pastor notes
  • Follow-up status — which members need follow-up and the dismissal/snooze state set by pastors

Visitor Check-In Data

  • Self-submitted visitor information — name, email address, and/or phone number entered voluntarily by visitors through your church's public check-in page
  • Visit timestamps — when the check-in occurred and whether it's a repeat visit

Usage and Technical Data

  • Session data — authentication session stored in a server-side cookie (see Section 7)
  • Server logs — IP addresses, request paths, and timestamps, retained for security and debugging

2. How We Use Your Data

  • Provide the service — display member profiles, care logs, follow-up alerts, and check-in records to authorized users in your church organization
  • Generate AI follow-up suggestions — care log data is sent to our AI proxy to generate re-engagement message drafts for pastor review. Data sent to the AI is limited to what's necessary to generate the suggestion
  • Send authorized emails — when a pastor explicitly chooses to send a re-engagement email or invite a team member, we send that email on your behalf via our email proxy
  • Analytics and service improvement — aggregate, non-identifiable usage patterns help us improve the product
  • Billing — subscription management via Stripe

3. Data Sharing

We do not sell your data. Period. We do not share congregation member data with advertisers, data brokers, or other third parties for commercial purposes.

We share data only with the following service providers who help us operate the platform:

  • Stripe — payment processing. Governed by Stripe's Privacy Policy
  • Render — application hosting and servers
  • Neon — managed PostgreSQL database hosting
  • Cloudflare — CDN and network security
  • Polsia AI proxy — routes AI requests to underlying model providers; no persistent storage of your data

Each provider is contractually obligated to protect your data and use it only to provide their service to us.

We may disclose data if required by law, court order, or to prevent serious harm — and we will notify you where legally permitted to do so.

4. Data Retention

  • Active accounts — data is retained while your account is active
  • After cancellation — we retain your data for 90 days, during which you may request an export at support@parishly.polsia.app
  • After 90 days — all church and member data is permanently deleted from our systems and backups
  • Right to deletion — you may request deletion of your data at any time. We will process the request within 30 days

5. Data Security

We take the following measures to protect your data:

  • All data transmitted between your browser and our servers is encrypted via TLS (HTTPS)
  • Passwords are stored as bcrypt hashes — never in plaintext
  • Each church's data is isolated at the database level; queries are scoped by church ID
  • Access to production systems is restricted to authorized personnel
  • Database backups are encrypted at rest

No system is 100% secure. In the event of a data breach affecting your organization, we will notify you within 72 hours of discovery.

6. Children's Privacy (COPPA)

Parishly is designed for church administrators and pastoral staff — adults in professional ministry roles. We do not knowingly collect personal information from children under 13. Congregation members under 13 should not have independent profiles created for them without guardian consent.

If you believe we have inadvertently collected data from a minor, contact us immediately at support@parishly.polsia.app and we will delete it promptly.

7. Cookies and Session Data

We use a single session cookie to keep you logged in. It:

  • Is set when you log in and expires after 7 days of inactivity
  • Is marked HttpOnly and Secure (HTTPS only in production)
  • Contains a session identifier only — not your personal data
  • Is deleted when you log out

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — update inaccurate personal data
  • Deletion — request permanent deletion of your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to specific processing activities

To exercise any of these rights, email us at support@parishly.polsia.app. We will respond within 30 days.

9. Changes to This Policy

We may update this policy as the product evolves. We will notify you by email at least 14 days before material changes take effect. The "last updated" date at the top of this page reflects the most recent revision.

10. Contact Us

Privacy questions, data requests, or concerns:

support@parishly.polsia.app

We treat these inquiries seriously. Every privacy request is handled by a human, not a bot.

Read our Terms of Service →