At Church And AI, we take your privacy seriously. This Privacy Policy explains how Significant Stories LLC ("we," "us," or "our") collects, uses, and protects your information when you use our website and services (the "Service").
Our Privacy Commitment
We believe in a privacy-first approach:
- Nothing is sold. Ever. We do not sell your personal information to third parties.
- Nothing is shared with any other party. Your data stays with us.
- You can delete your account anytime. When you do, your account and personal data are permanently removed (we retain only the minimal contribution records the law requires us to keep for accounting).
1. Information We Collect
Information You Provide
When you create an account:
- Email address — Your email is how you sign in and how we identify your account, so we store it (encrypted) for as long as your account exists. We use it to send your sign-in codes and, only if you opt in, content announcements.
- Contribution details — If you make a voluntary contribution, our payment processor (Stripe) collects your payment information. We receive and store a record of the contribution, including the email and receipt number you provide at checkout, which we store encrypted. We never receive or store your card details.
We do not require passwords. We use passwordless authentication — we email you a one-time sign-in code — for your security and convenience.
Information Collected Automatically
When you use the Service, we automatically collect:
- Reading activity — Which articles you read and your reading progress (for logged-in users only)
- Anonymous usage data — Page views and basic interaction data, collected without identifying you personally
What We Do NOT Collect
- We do not use third-party tracking cookies
- We do not use advertising or marketing trackers
- We do not collect or store payment card information — all payment processing is handled by Stripe (see Third-Party Services below and our Contribution Terms)
- We do not collect precise location data
2. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Remember your reading progress across devices
- Send you announcements about new content (only if you opt in)
- Improve the Service based on aggregate usage patterns
- Respond to your questions or requests
3. Our Privacy-First Analytics
We use a privacy-preserving approach to understanding how our Service is used:
- Server-side only — All analytics are processed on our servers, not through third-party tracking scripts
- No cookies for tracking — We only use strictly necessary cookies for authentication
- Hashed identifiers — We use cryptographic techniques to analyze patterns without identifying individuals
- Weekly rotation — Anonymous identifiers for non-logged-in users reset weekly
4. Data Storage and Security
Your data is stored securely using Google Cloud services in the United States. We implement appropriate technical and organizational measures to protect your information, including:
- Encryption in transit — All connections use HTTPS.
- Encryption of your email at rest — Your email address (and any contribution email/receipt number) is encrypted before it is stored, using a key managed by Google Cloud Key Management Service that is held separately from the stored data. To let you sign in and to prevent duplicate accounts, we also store a one-way cryptographic fingerprint (a keyed hash) of your email that lets us match it without decrypting it.
- Secure passwordless authentication — We never store passwords; sign-in is by emailed one-time code.
- Access controls and monitoring
5. Data Retention
- Account data — Retained while your account is active; removed when you delete your account
- Reading history — Retained while your account is active
- Contribution records — If you make a voluntary contribution, the transaction record (including the encrypted contribution email and receipt number) is retained for legal and accounting purposes even after account deletion, as described in our Contribution Terms
- Anonymous analytics — Retained for up to one year, then automatically deleted
6. Your Rights and Choices
All Users
- Access — View your reading history in your account
- Deletion — Delete your account and all associated data at any time
- Opt out of communications — Manage announcement preferences in your account settings
- Site Memory — Control whether your reading activity is tracked. Toggle this setting on your Account page. When disabled, your historical analytics data becomes permanently unlinked from your account through cryptographic techniques.
European Users (GDPR)
If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:
- Right of access — Request a copy of your personal data
- Right to rectification — Request correction of inaccurate data
- Right to erasure — Request deletion of your data (available via account deletion)
- Right to data portability — Request your data in a portable format. Contact us if you need your data exported.
- Right to object — Object to certain processing of your data
Our legal basis for processing your data is your consent (for account creation) and legitimate interests (for service improvement).
California Users (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act:
- Right to know — What personal information we collect and how we use it
- Right to delete — Request deletion of your personal information
- Right to non-discrimination — We will not discriminate against you for exercising your rights
We do not sell personal information as defined by the CCPA.
7. Children's Privacy (COPPA)
The Service is not intended for children under 13. In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can delete it.
8. Third-Party Services
We use the following third-party services:
- Google Cloud — For hosting and infrastructure. Account sign-in is handled by our own system; your email is stored encrypted and not shared with third parties for authentication.
- Postmark — For sending emails (sign-in codes, announcements)
- Stripe — Our payment processor for voluntary contributions. Stripe collects payment information (card details, billing address) directly — we never see or store this data. See our Contribution Terms and Stripe's Privacy Policy for details.
These services have their own privacy policies and are bound by data processing agreements with us.
How We Handle Your Sign-In
We use passwordless authentication for your security and convenience:
- No passwords — To sign in, you enter your email and we send you a one-time code. There is no password to store, leak, or reuse.
- Your email, encrypted — Because your email identifies your account, we store it (encrypted) for as long as your account exists. Deleting your account removes it. Announcement preferences control whether we email you, not whether your email is stored.
9. International Data Transfers
Your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new effective date. We encourage you to review this policy periodically.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, please contact us at:
Significant Stories LLC