Legal

Privacy Policy

Last updated: May 22, 2026

Victory Dasmariñas ("we," "us," or "our") operates the church management platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and Service. By accessing or using the Service, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Information You Provide to Us

We collect information you voluntarily provide when you:

  • Create an account: Name, email address and phone number.
  • Set up or join an organization: Church name, location details, and your role within the organization.
  • Use the Service: Member profiles, ministry assignments, service schedules, event details, attendance records, volunteer information, and any other data you enter into the platform.
  • Contact us: Any information you include in your communications with us, such as support requests or feedback.

1.2 Information Collected Automatically

When you access the Service, we may automatically collect:

  • Log data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and time spent on pages.
  • Device information: Device type, unique device identifiers, and screen resolution.
  • Cookies and similar technologies: We use cookies, local storage, and similar technologies to maintain your session, remember your preferences, and understand how you interact with the Service. See Section 7 for more details.

1.3 Information from Third-Party Services

If you choose to sign in using Google OAuth, we receive your name, email address, and profile picture from Google, in accordance with the permissions you grant.

If you connect your Google account to enable calendar synchronization, we additionally request the Google Calendar scope https://www.googleapis.com/auth/calendar.events. This permission allows the Service to create, view, edit, and delete events on the Google Calendar you authorize, solely for the purpose of synchronizing church services and events that you or your organization administrators schedule in the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service: Create and manage your account, process transactions, and deliver the features you request.
  • Manage church operations: Facilitate member management, ministry coordination, service scheduling, event planning, attendance tracking, and volunteer management.
  • Communicate with you: Send transactional emails (account verification, password resets, service notifications), respond to inquiries, and provide customer support.
  • Improve the Service: Analyze usage patterns, diagnose technical issues, and develop new features and enhancements.
  • Ensure security: Detect, prevent, and address fraud, unauthorized access, and other illegal or harmful activities.
  • Comply with legal obligations: Fulfill our legal and regulatory requirements.

We do not sell your personal information to third parties. We do not use your information for targeted advertising.

3. How We Share Your Information

We may share your information in the following circumstances:

3.1 Within Your Organization

Information you provide may be visible to other members of your organization based on their role and permissions. Administrators and leaders within your organization can view member profiles, attendance records, and other data relevant to their responsibilities.

3.2 With Service Providers

We share information with trusted third-party service providers who assist us in operating the Service, including:

  • Stripe — for payment processing
  • Resend — for transactional email delivery
  • Google — for OAuth authentication
  • Hosting and infrastructure providers — for data storage and server operations

These providers are contractually obligated to use your information only to perform services on our behalf and to maintain its confidentiality.

3.3 For Legal Reasons

We may disclose your information if required to do so by law or in good faith belief that such action is necessary to:

  • Comply with a legal obligation, court order, or legal process.
  • Protect and defend our rights or property.
  • Prevent or investigate possible wrongdoing in connection with the Service.
  • Protect the personal safety of users or the public.

3.4 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you or your organization administrator requests deletion of your account, we will delete or anonymize your personal information within 30 days, unless we are required to retain it for legal, accounting, or regulatory purposes.

Organization data (member records, attendance history, etc.) is retained for as long as the organization's account remains active. Organization administrators may export or delete their data at any time through the Service.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information, subject to certain legal exceptions.
  • Data portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to the processing of your personal information for certain purposes.
  • Restriction: Request that we restrict the processing of your personal information under certain circumstances.
  • Withdraw consent: Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided in Section 11. We will respond to your request within 30 days.

6. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

Where organizations use the Service to manage children's ministry programs (such as Kids Church), the organization is responsible for obtaining any necessary parental or guardian consent for the collection and use of children's information. The organization acts as the data controller for such information, and we process it on their behalf as a data processor.

If we become aware that we have collected personal information from a child under 13 without appropriate consent, we will take steps to delete that information promptly. If you believe a child's information has been collected improperly, please contact us immediately.

7. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential cookies: Required for the Service to function properly, including session management and authentication. These cannot be disabled.
  • Preference cookies: Remember your settings and preferences (such as language and theme) to provide a personalized experience.
  • Analytics cookies: Help us understand how visitors interact with the Service so we can improve it. These collect aggregated, anonymous data.

You can manage your cookie preferences through our cookie banner or your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

8. Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit using TLS/SSL.
  • Encryption of sensitive data at rest.
  • Role-based access controls within the Service.
  • Regular security assessments and monitoring.
  • Two-factor authentication (2FA) available for all accounts.

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users in the event of a data breach, in accordance with applicable law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer your data internationally, we take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy and applicable data protection laws.

10. Google API Services User Data Policy

Our use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

10.1 Scopes We Request

When you connect your Google account, the Service may request the following OAuth scopes:

  • openid, email, profile — to identify your account and display your name and profile picture during sign-in.
  • https://www.googleapis.com/auth/calendar.events — to create, read, update, and delete events on the Google Calendar(s) you authorize, for the sole purpose of synchronizing church services and events scheduled within the Service.

You are prompted for each scope at the time you connect your Google account, and you may revoke access at any time at https://myaccount.google.com/permissions.

10.2 How We Use Google User Data

We use Google user data only to provide and improve user-facing features of the Service:

  • Calendar events created or updated in the Service are pushed to your authorized Google Calendar so volunteers and staff can see them in their personal calendars.
  • Event metadata (title, description, time, location, attendees) is read back from Google Calendar only when needed to reflect external changes inside the Service.
  • We do not use Google user data to train generalized AI/ML models.
  • We do not transfer Google user data to third parties except as necessary to provide and improve the user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • We do not use or transfer Google user data for serving advertisements, including retargeted or personalized advertising.
  • Human access to Google user data is limited to (a) the minimum necessary for security investigations or to comply with applicable law, (b) operations required to perform the user-facing features (e.g. troubleshooting a sync failure with your written permission), or (c) aggregated and anonymized data used to improve the Service.

10.3 Storage and Retention of Google User Data

We store the minimum information needed to keep your calendar in sync:

  • OAuth access and refresh tokens, encrypted at rest, used solely to call Google APIs on your behalf.
  • The Google Calendar event ID associated with each Service event, so we can update or delete the correct event later.

We do not maintain a separate copy of your full Google Calendar. When you disconnect your Google account from the Service, or delete your account, we revoke the stored OAuth tokens and delete the associated identifiers within 30 days.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Victory Dasmariñas

Website: https://victorydasma.org

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.