Privacy Policy
Last Updated: March 2, 2026
Core Commitment: Your church data is yours. We never sell, share, or use your data for any purpose beyond operating ShepherdAI. Each church's data is completely isolated and accessible only by authorized users from that church.
1. Data We Collect
1.1 Church Account Information
When you create a ShepherdAI account, we collect:
- Church name
- Email address (used for login and notifications)
- Password (securely hashed with bcrypt — we never store plain-text passwords)
- Subscription status (trial, starter, or pro plan)
1.2 Visitor Information
Through your visitor form, we collect information submitted by your church visitors:
- Visitor name
- Email address
- Phone number (optional)
- Submission timestamp
1.3 Prayer Requests
We collect prayer requests submitted through your church's form:
- Requester name
- Prayer request text
- Status (new, praying, answered)
1.4 Analytics & Usage Data
To help you understand visitor engagement, we collect:
- Page views on your visitor form and landing pages
- Visitor IDs (anonymous identifiers, not linked to personal data)
- Browser information (user agent)
- IP address (for security and analytics)
- Referrer URLs (to show where visitors come from)
1.5 Payment Information
We use Stripe for payment processing. We store:
- Subscription plan (Starter or Pro)
- Subscription status (active, expired, canceled)
- Payment confirmation IDs
Important: Credit card information is processed and stored by Stripe, not ShepherdAI. We never see or store your full credit card details.
2. How We Use Your Data
2.1 Core Service Operations
- Visitor follow-ups: Send personalized welcome emails and automated follow-up sequences
- Prayer request management: Store and display prayer requests in your dashboard
- Church administration: Track visitor engagement, email delivery, and follow-up status
- Analytics: Show you visitor trends, page views, and engagement metrics
2.2 Account Management
- Authentication: Verify your identity when you log in
- Communication: Send account notifications, subscription updates, and service announcements
- Support: Respond to your questions and troubleshoot issues
2.3 AI-Generated Content
We use OpenAI's GPT models to generate:
- Personalized welcome emails for your visitors
- Follow-up emails (Day 3 and Day 7 check-ins)
- Content for email guides sent to landing page subscribers
OpenAI Data Policy: Visitor names and church names are sent to OpenAI to generate personalized content. OpenAI processes this data according to their Privacy Policy and does not use API data to train their models.
3. Data Storage & Security
3.1 Where Your Data is Stored
- Database: PostgreSQL (Neon) — encrypted at rest
- Application hosting: Render.com (US-based servers)
- Session storage: PostgreSQL-backed sessions with HTTP-only, secure cookies
3.2 Security Measures
- Password hashing: All passwords are hashed with bcrypt (industry-standard encryption)
- Secure sessions: HTTP-only, secure cookies with 7-day expiration
- Data isolation: Each church's data is completely isolated — one church cannot access another's data
- SQL injection protection: All database queries use parameterized statements
- HTTPS encryption: All data transmitted between your browser and our servers is encrypted
- Access control: Only authenticated users from your church can access your church's data
- Rate limiting: Login and signup endpoints are protected against brute-force attacks
3.3 Data Isolation
Critical Security Feature: Every visitor, prayer request, and analytics record is tagged with a church_id. API endpoints verify that users can only access data belonging to their own church. This ensures complete isolation between churches using ShepherdAI.
4. Data Sharing & Third Parties
4.1 We Do NOT Sell or Share Your Data
Your data is never sold, rented, or shared with third parties for marketing purposes.
4.2 Service Providers We Use
We share limited data with trusted service providers who help us operate ShepherdAI:
- OpenAI: Processes visitor names and church names to generate personalized email content
- Polsia Email Proxy: Sends transactional emails (welcome emails, follow-ups, notifications)
- Stripe: Processes subscription payments
- Neon (PostgreSQL): Stores encrypted database records
- Render.com: Hosts the application infrastructure
All service providers are contractually required to protect your data and only use it for the purposes we authorize.
4.3 Legal Requirements
We may disclose data if required by law, such as:
- Responding to valid legal requests (subpoenas, court orders)
- Protecting our rights, property, or safety
- Investigating fraud or security issues
5. Data Retention & Deletion
5.1 How Long We Keep Your Data
- Active accounts: Data is stored as long as your account is active
- Canceled accounts: Data is retained for 90 days after cancellation, then permanently deleted
- Visitor data: Retained as long as your church account is active
- Analytics data: Aggregated analytics may be retained indefinitely (de-identified)
5.2 Your Right to Delete Data
You can request deletion of your data at any time by emailing shepherdai@polsia.app. We will:
- Permanently delete your church account within 30 days
- Remove all visitor data, prayer requests, and analytics
- Confirm deletion via email
Note: Some data may be retained in backups for up to 90 days but will not be accessible after account deletion.
6. Cookies & Tracking
6.1 Cookies We Use
- Session cookie (connect.sid): Keeps you logged in (expires after 7 days or on logout)
- Visitor tracking cookie (polsia_vid): Anonymous identifier for analytics (expires after 1 year)
6.2 Analytics Tracking
We use Polsia Analytics (our own analytics platform) to track page views and visitor behavior on your landing pages and visitor forms. This helps you understand where visitors come from and which pages they visit.
No third-party trackers: We do not use Google Analytics, Facebook Pixel, or other third-party tracking tools.
7. Your Rights
You have the right to:
- Access your data: Request a copy of all data we store about your church
- Correct inaccuracies: Update or correct incorrect information in your dashboard
- Delete your data: Request permanent deletion of your account and all associated data
- Export your data: Download a copy of your visitor list and prayer requests
- Opt-out of emails: Unsubscribe from marketing emails (service emails will continue)
To exercise these rights, email shepherdai@polsia.app.
8. Children's Privacy
ShepherdAI is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has submitted data through your visitor form, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email if the changes materially affect your rights
Continued use of ShepherdAI after changes indicates acceptance of the updated policy.
10. Contact Us
For questions, concerns, or data requests, contact us at:
- Email: shepherdai@polsia.app
- Subject line: "Privacy Request" or "Data Deletion Request"
We will respond within 7 business days.
Built with Privacy in Mind: ShepherdAI was designed from day one to protect your church data. Every architectural decision prioritizes security, isolation, and your control over your data.