Privacy Policy | Churchflow

1. Overview

Churchflow provides SMS messaging software that enables churches, nonprofits, and businesses ("Clients") to communicate with their members, attendees, customers, and contacts ("Recipients").

This Privacy Policy explains what information we collect, how we use it, and how we protect it.

Churchflow acts primarily as a data processor or service provider on behalf of its Clients. Clients control the content and recipients of messages sent using the Churchflow platform and are responsible for their own compliance obligations related to consent and lawful communications.

Where Churchflow determines limited purposes and means of processing for our own business operations (such as account administration, billing, security, fraud prevention, and legal compliance), Churchflow may act as an independent controller of that information.

2. Information We Collect

We collect the following categories of information:

A. Information Provided by Clients

When a Client uses Churchflow, we may process:

Organization name
Administrator names
Email addresses
Phone numbers
Billing information
Contact lists uploaded by the Client, including names and phone numbers of Recipients
Message content created by the Client

B. Automatically Collected Information

When users access Churchflow, we may collect:

IP address
Browser type
Device information
Log data
Usage analytics used for operational, service, and reliability purposes only

C. Messaging Metadata

For SMS delivery, troubleshooting, abuse prevention, and regulatory compliance, we may process:

Sender phone number
Recipient phone number
Message timestamps
Delivery status
Carrier responses, such as delivered, failed, or opt-out indicators

We do not intentionally collect sensitive personal information unless provided by Clients, and Clients are instructed not to upload or transmit sensitive data through Churchflow unless legally permitted and strictly necessary.

3. How We Use Information

We use collected information solely to:

Provide and operate the Churchflow messaging platform
Deliver SMS messages on behalf of Clients
Maintain compliance with telecommunications regulations, including 10DLC and carrier policies
Process payments and manage subscriptions
Provide customer support
Improve system reliability, performance, and security
Prevent fraud, abuse, or unlawful activity
Enforce our agreements and protect our legal rights

We do not use message data or phone numbers for advertising, profiling, or third-party marketing.

Churchflow does not sell, rent, or share personal information with third parties for their own marketing purposes.

Information may be disclosed only as reasonably necessary to:

Telecommunications providers (including SMS carriers and routing partners) strictly for message delivery and compliance
Payment processors and financial service providers for billing, collections, and fraud prevention
Vendors that support infrastructure, hosting, analytics, monitoring, security, or support functions under contractual confidentiality obligations
Governmental, regulatory, law enforcement, or judicial authorities if required by law, subpoena, court order, or legal process
Protect the rights, safety, property, operations, users, or legal interests of Churchflow, Clients, or others where legally permitted
A successor entity in connection with a merger, acquisition, financing, reorganization, sale of assets, or insolvency proceeding, subject to applicable confidentiality safeguards

All service providers are expected to process data only for authorized purposes and to implement appropriate safeguards.

5. Client Responsibilities

Clients are solely responsible for:

Obtaining proper consent from Recipients before sending messages
Providing clear and legally compliant opt-in disclosures
Maintaining accurate contact information and valid lawful basis for processing
Honoring opt-out and revocation requests without delay
Complying with applicable laws, regulations, and carrier rules, including TCPA, CTIA guidelines, and related requirements where applicable

Churchflow processes data according to Client instructions and is not responsible for Client content, campaign legality, recipient list quality, or Client compliance failures.

6. Data Retention

We retain data only for as long as reasonably necessary to:

Provide services
Comply with legal, accounting, tax, audit, and telecommunications obligations
Resolve disputes and investigate incidents
Enforce agreements and protect legal rights

Clients may request deletion of account data upon termination, subject to our legal retention obligations, fraud prevention needs, backup cycles, and legitimate business recordkeeping requirements.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction.

Despite these efforts, no method of transmission, storage, or security control is completely secure. To the maximum extent permitted by law, Churchflow disclaims any guarantee of absolute security and is not liable for unauthorized access or events beyond our reasonable control.

8. Children's Privacy

Churchflow is not directed to children under 13 and is not intended for direct use by children. We do not knowingly collect personal information directly from children under 13.

If you believe a child has provided personal information in violation of this policy, contact us and we will take reasonable steps to review and address the issue.

9. International Users

Churchflow may store and process information in jurisdictions outside your location, including jurisdictions that may have different data protection laws than your home country.

By using the service, you acknowledge and consent to such transfers and processing, subject to applicable legal requirements and contractual safeguards where required.

10. Privacy Rights and Requests

Depending on applicable law, individuals may have rights to access, correct, delete, or limit use of certain personal information.

Because Churchflow primarily processes Recipient data on behalf of Clients, requests relating to Recipient records should generally be directed to the relevant Client (the organization that collected your information). We will assist Clients in responding to valid requests as required by law.

We may require verification of identity and authority before processing requests, and we may deny requests where legally permitted or required.

11. Legal Disclosures and Limitations

This Privacy Policy is provided for transparency and does not create contractual rights beyond those provided by law or express written agreement.

To the fullest extent permitted by law, Churchflow disclaims indirect, incidental, special, consequential, exemplary, or punitive damages arising from or related to privacy, security, or data handling events.

Where permitted by law, any claim relating to this Privacy Policy must be brought within one year after the cause of action arises, or such claim is permanently barred.

If you are a Client, additional responsibilities, allocations of risk, indemnification duties, and liability limits may be set out in your agreement with Churchflow and will govern in the event of conflict.

12. Changes to This Policy

We may update this Privacy Policy from time to time by posting a revised version on our website.

Changes are effective when posted unless otherwise stated. Continued use of the platform after an update constitutes acceptance of the revised policy.

13. Contact Information

If you have questions about this Privacy Policy or privacy-related requests, contact us:

Email: sonny@churchflow.io
Website: https://churchflow.io

Churchflow Privacy Policy