Privacy Policy

1. Scope and roles

ChurchKoala ("ChurchKoala," "we," "us," or "our") provides software and related services that help churches manage people, teams, groups, communications, and public-facing websites across web and mobile experiences (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you access or use the Services.

When a church, ministry, or its administrators upload or manage member, visitor, team, or website data in the Services ("Customer Data"), that organization generally decides what data to collect and how to use it. In those cases, the church or organization is generally the controller or business, and ChurchKoala acts as its processor or service provider. For information we collect directly about our own relationship with you, such as account, support, billing, security, and product-usage information, ChurchKoala acts as the controller or business.

2. Information we collect

• Account and identity data. This may include name, email address, authentication identifiers, church role or membership, invite status, and account preferences.
• Church, directory, and operational data. Churches may store names, email addresses, visitor or membership status, campus and group information, notes, tags, profile images, and similar church-management records.
• Website, domain, and media content. We process text, images, branding assets, subdomain choices, custom domain details, and other content that churches upload, draft, or publish through the website tools.
• Email messaging data. For email announcements we process opt-in status, subscription state, message content, timestamps, and delivery events (including bounces and unsubscribes). Email-sending providers may process additional technical metadata needed to route or deliver messages.
• Usage, device, and log data. This may include IP address, browser or device details, approximate location derived from IP, referral URLs, crash and diagnostic logs, feature interactions, and security events.
• Cookies and similar data. We and our providers may use cookies, local storage, pixels, and similar technologies for authentication, session continuity, security, preferences, analytics, and service performance.
• Third-party and integration data. We may receive data from identity providers, infrastructure providers, analytics vendors, messaging vendors, mapping providers, and the churches or users who invite you into the Services.
• AI feature inputs and outputs. If you use AI-assisted features, we may process prompts, uploaded text, structured records, and generated suggestions or outputs related to those features.

3. How we use information

We use information to:

• provide, host, maintain, support, and secure the Services;
• authenticate users, manage permissions, and administer church workspaces;
• process directory, group, communication, website, and media workflows requested by churches and users;
• operate church websites, map features, domain connections, and related publishing tools;
• send service notices, support communications, and, where permitted, product updates or administrative messages;
• process messaging subscriptions when enabled, enforce opt-out or help workflows, and support applicable carrier and messaging compliance requirements;
• provide analytics, troubleshoot bugs, monitor performance, and improve the Services;
• detect, investigate, prevent, and remediate fraud, abuse, security incidents, or misuse;
• develop aggregated or de-identified insights, reporting, and product improvements; and
• comply with law, enforce our Terms of Service, and protect the rights, safety, and integrity of ChurchKoala, our users, and third parties.

4. Legal bases for processing

Where applicable law requires a legal basis for processing, we rely on one or more of the following: your consent, performance of a contract, compliance with legal obligations, and our legitimate interests in operating, securing, supporting, and improving the Services. Churches and organizations that use ChurchKoala remain responsible for their own legal bases and notices for Customer Data they submit to the Services.

5. How we disclose information

We do not sell personal information for money. We may disclose information in the following circumstances:

• Service providers. We use vendors and subprocessors that help us deliver the Services, such as hosting, database, storage, authentication, analytics, messaging, mapping, AI, support, and domain-infrastructure providers.
• Churches and admins. Information may be visible to the church, ministry, or admins who manage the workspace, as directed by product permissions and the church's own choices.
• Public websites and public content. Information a church chooses to publish on a public site, share through a public link, or place in a public asset may be accessible to visitors and search engines.
• Professional advisors and business transfers. We may disclose information to auditors, lawyers, insurers, and in connection with financing, merger, acquisition, reorganization, or sale of assets.
• Legal, safety, and enforcement. We may disclose information when we believe it is reasonably necessary to comply with law or legal process, respond to lawful requests, protect rights or safety, investigate fraud or abuse, or enforce our agreements.
• De-identified information. We may use and disclose aggregated or de-identified information that cannot reasonably identify an individual.

6. Cookies, analytics, and session technologies

We use cookies and similar technologies for login sessions, security, remembering preferences, and product analytics. We may use analytics tools that measure page usage, clicks, navigation flow, and feature engagement. We may also use session-replay or performance tools that help us diagnose bugs and usability issues. Those tools may capture interaction patterns such as page views, clicks, scrolling, and approximate session timing, and we may configure masking for certain sensitive fields.

You can control some browser-level cookies through your browser settings, but disabling them may impair functionality such as login, saved preferences, or workspace continuity.

7. AI-assisted features

Some features may use third-party AI providers to analyze text, transform content, suggest labels, summarize materials, or generate draft outputs. When you use those features, the data you submit for that feature may be shared with those providers as necessary to return the requested result. You should not submit sensitive personal information to AI-assisted features unless doing so is necessary, lawful, and permitted by your organization and applicable law.

8. Electronic communications

Where churches use email announcement features, ChurchKoala sends those messages on behalf of the church from the platform’s mail-sending domain. You may sign up only through a church-provided signup link, and you can unsubscribe using the link in each email or as instructed in the product. Subscription state, delivery events (including bounces), and unsubscribe records are used to operate these features and honor opt-out requests.

Churches and administrators remain responsible for obtaining appropriate consent, providing any required notices, and complying with applicable laws for their messaging practices.

9. Data retention

We retain information for as long as reasonably necessary to provide the Services, maintain business and tax records, resolve disputes, enforce our agreements, support security and fraud prevention, and comply with law. Retention periods vary based on the data type, the role the data plays in the Services, legal requirements, and whether a church or user continues to maintain an active account. We may also retain copies in backups and archives for a limited period after deletion.

10. Security and access

We use reasonable administrative, technical, and organizational safeguards designed to protect information. No method of transmission, storage, or security control is completely secure, and we cannot guarantee absolute security. Churches and users are responsible for maintaining the confidentiality of their credentials, limiting admin access appropriately, and using the Services in a manner consistent with their own security obligations.

11. Your choices and privacy rights

You may be able to update certain account information through the Services. You can opt out of non-essential promotional emails by using the unsubscribe link in those emails or by managing your subscription preferences in your account.

If your information was provided to ChurchKoala by a church or organization, you should direct most privacy requests to that church first because it often controls the Customer Data in the workspace. We may still assist where legally required or contractually appropriate.

Depending on where you live, you may have rights to request access to, correction of, deletion of, or restriction of certain personal information, or to object to or limit certain processing. We may need to verify your identity and authority before acting on a request.

If you are a California resident, you may have additional rights under the CCPA/CPRA, including rights to know, delete, and correct personal information, and to opt out of certain data sharing practices where applicable. ChurchKoala does not sell personal information for money, and we do not use customer directory data for third-party behavioral advertising.

12. International transfers

ChurchKoala is based in the United States, and we or our service providers may process information in the United States and other countries where we or they operate. Those countries may have data protection laws that differ from the laws of your jurisdiction.

13. Children and sensitive data

The Services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 for our own purposes. If you believe we have done so, contact us and we will take appropriate steps.

Churches may choose to store information about minors, families, or other sensitive contexts in Customer Data. Those organizations are responsible for providing any required notices, permissions, and lawful basis for that processing. Unless we expressly agree otherwise in writing, the Services are not intended for storing highly sensitive data such as government identification numbers, payment card data, full bank account data, or protected health information subject to HIPAA.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the Last updated date above. If we make material changes, we may provide additional notice where required or appropriate.

15. Contact

Questions about this Privacy Policy or our privacy practices can be sent to support@churchkoala.com.