Privacy Policy

Churchday (“Churchday,” “we,” “us,” or “our”) is a church management platform that helps churches manage events, people, communication, and team scheduling. Churchday is operated by Zion Design, LLC, a New Jersey limited liability company doing business as Churchday. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Churchday platform, website, and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: When you create an account, we collect your name, email address, password, and church or organization name.
• Mobile Phone Number: If you provide your mobile number when signing up, registering for an event, or updating your account preferences, we store it so that you and your church can use SMS features (see Section 3 below). Providing a mobile number is optional, and you can remove or change it at any time in your account settings.
• Church Member Data: As an administrator, you may enter information about your church members, including names, email addresses, phone numbers, mailing addresses, roles, group memberships, and notes.
• Event Data: Information about events you create, including event names, dates, times, locations, descriptions, and registration details.
• Attendance Records: Check-in and attendance data for events, including who attended, when they checked in, and how (manual entry or QR code scan).
• Communication Content: The content of emails and SMS messages you create and send through the Service, including subject lines, body text, and recipient lists.
• Schedule Data: Team assignments, volunteer roles, availability preferences, and scheduling confirmations.
• Consent Records: When you opt in to receive SMS text messages from Churchday or a church on Churchday, we record the date, time, source (for example, event RSVP form or account settings), and the language of the consent disclosure you saw. This record is maintained to comply with applicable laws and carrier requirements.
• Payment Information: If applicable, payment details are processed by our third-party payment processor and are not stored on our servers.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, actions taken, and time spent.
• Device Information: Browser type, operating system, device type, screen resolution, and language preferences.
• Log Data: IP addresses, access times, referring URLs, and error logs for security and troubleshooting purposes.

1.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how the Service is used. You can control cookie preferences through your browser settings, though disabling cookies may limit certain features of the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: To operate, maintain, and deliver the features and functionality of the platform, including event management, people tracking, email and SMS communication, and team scheduling.
• Account Management: To create and manage your account, authenticate your identity, and provide customer support.
• Communication: To send you service-related notices, updates, security alerts, and support messages. We will not send you marketing emails or marketing SMS without your explicit consent.
• Analytics and Improvement: To understand how the Service is used, identify trends, and improve functionality, performance, and user experience.
• Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

3. SMS / Text Messaging Program

Churchday offers SMS and MMS text messaging as a communication channel so that churches can reach their members with event invitations, reminders, schedule notifications, and other essential updates. This section explains how we collect, use, and protect your mobile phone number in connection with the SMS program. It applies in addition to the rest of this Privacy Policy.

3.1 How we collect consent

We collect your mobile phone number and SMS consent in the following ways:

• Event RSVP form: When you register for an event on Churchday, you can optionally provide your mobile number and check an unchecked opt-in box to receive text message reminders for that event and future communications from the host church.
• Account settings: When you are signed in to Churchday, you can enable SMS notifications in Account → Notifications. The toggle is off by default.
• Keyword opt-in: When you text a keyword (for example, JOIN) to a Churchday long code or short code, and confirm your enrollment via our reply.
• Administrator-initiated messages with implied consent: If you previously provided your phone number directly to a church that uses Churchday for the purpose of church communications, that church may initiate SMS to you through Churchday under applicable nonprofit exemptions to the Telephone Consumer Protection Act (TCPA). You may opt out at any time (see Section 3.5).

Consent is never pre-checked, never bundled with acceptance of these Terms or Privacy Policy, and never required in order to use the free features of Churchday. You can withdraw consent at any time.

3.2 Types of messages we send

Depending on the consent you have provided and the church you belong to, you may receive:

• Event invitations and RSVP requests
• Event reminders (typically 1 week, 1 day, and 2 hours before an event)
• Volunteer schedule notifications and position confirmations
• Updates from your church (announcements, location changes, cancellations)
• Service-related messages (for example, account verification codes and security alerts)
• Replies to messages you send to us or your church

Churchday does not use your phone number for telemarketing and does not send marketing messages about third-party products or services.

3.3 Message frequency

Message frequency varies based on your church’s activity and the events you are attending. A typical member receives between 1 and 4 Churchday messages per week. You will not receive more than one automated reminder for the same event on the same channel.

3.4 Costs

Message and data rates may apply. Churchday does not charge you to receive SMS or MMS messages; however, your mobile carrier may apply standard messaging and data rates based on your plan. Contact your carrier for details.

3.5 How to opt out and get help

You can stop receiving SMS messages from Churchday at any time by any of the following methods:

• Reply STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to any Churchday message. This will stop all Churchday SMS to your mobile number.
• Reply with a church-specific opt-out keyword included in a message from a particular church to stop messages from only that church while still receiving messages from other churches you belong to.
• Turn off SMS notifications in your Churchday account under Account → Notifications.
• Email us at hello@churchday.co and ask us to remove your number.

After you opt out, you will receive one confirmation message acknowledging that you have unsubscribed, and no further Churchday SMS will be sent to your number unless you opt back in.

For help, reply HELP to any Churchday message, contact us at hello@churchday.co, or visit churchday.co/help.

3.6 How we protect your phone number and SMS data

No sharing for marketing.Mobile information, including phone numbers and SMS consent data, will NOT be shared with, sold to, rented to, or otherwise disclosed to third parties or affiliates for their marketing or promotional purposes. This applies to both Churchday’s own marketing and to any third-party marketing.

More specifically:

• We disclose your mobile number only to the service providers and subprocessors strictly necessary to deliver the SMS message (see Section 4), to the church you belong to, or when legally required.
• We do not sell, rent, or trade your phone number or SMS consent data under any circumstances.
• All categories of personal data we collect exclude SMS opt-in data and consent. Opt-in information will never be shared with any third party.
• If you opt out, your mobile number is recorded on our suppression list so that it is not accidentally re-contacted.

3.7 Carrier disclaimer

Carriers are not liable for delayed or undelivered messages. SMS and MMS are delivered on a best-effort basis and may be subject to carrier outages, delays, or filtering that are outside our control.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or your church member data to third parties. We may share information in the following limited circumstances:

• Service Providers (Subprocessors): We work with trusted third-party service providers who assist in operating the platform. These include:
  • Supabase, database hosting, authentication, and file storage
  • Vercel, website hosting and content delivery
  • Amazon Web Services (SES), transactional and campaign email delivery
  • Twilio, SMS and MMS message delivery (Twilio is our A2P messaging provider and only receives the phone number, message body, and delivery metadata needed to send messages on our behalf)
  • Sentry, error tracking and performance monitoring. Sentry receives crash reports and performance metrics but does NOT receive member data, form contents, or other sensitive information (we mask all text and inputs in session replay).
  • UptimeRobot, uptime monitoring of our public website (no access to customer data)
  All subprocessors are bound by contractual obligations to protect your data and use it only for the purposes we specify. No subprocessor is permitted to use your mobile phone number or SMS consent data for its own marketing purposes.
• Within Your Organization: Church administrators and authorized team members within your organization may access member data, event records, and other information as part of normal platform use.
• Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is subject to a different privacy policy.
• With Your Consent: We may share information for any other purpose with your explicit consent.

5. Data Ownership

Your church owns its data. All member information, event records, attendance data, and other content you enter into the Service belongs to your organization. We are a data processor acting on your behalf. You may export or delete your data at any time.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of data at rest
• Row-level security policies in our database
• Regular security assessments and monitoring
• Role-based access controls within the platform
• Secure authentication with password hashing

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing industry-standard protections.

7. Data Retention

We retain your account data and church data for as long as your account is active or as needed to provide you the Service. If you close your account, we will delete or anonymize your data within 90 days, unless we are required to retain it for legal, accounting, or compliance purposes. Opt-out records for SMS are retained indefinitely to ensure suppressed numbers are not re-contacted. You may request earlier deletion by contacting us.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

California Residents (CCPA)

If you are a California resident, you have the right to: know what personal information we collect; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal data); and not be discriminated against for exercising your rights.

European Residents (GDPR)

If you are in the EEA or UK, you have the right to: access your personal data; rectify inaccurate data; request erasure; restrict processing; data portability; and object to processing. Our lawful basis for processing is contract performance (to provide the Service) and legitimate interests (to improve and secure the platform).

All Users

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to certain legal exceptions.
• Export: Request a portable copy of your data in a commonly used format.
• Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.

How to Exercise Your Rights

You can exercise your core rights directly in your account with one click:

• Download Your Data: Go to Account Settings → Your data → “Download my data.” You will receive a JSON file containing all personal data we have about you (profile, account metadata, organization memberships, activity, tasks, and comments).
• Delete Your Account: Go to Account Settings → Your data → “Delete my account.” Your profile, organization memberships, personal activity, task assignments, and authentication record are deleted immediately. Task comments you authored are anonymized (content preserved, attribution removed) so your team’s work continues uninterrupted.
• Other Requests: For corrections, restrictions, objections, or any request we do not handle automatically, contact us at the address below. We will respond within 30 days.

9. Children's Privacy (COPPA)

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. Churches may store information about minors as part of their membership records (e.g., children's ministry check-in). In such cases, the church acts as the data controller and is responsible for obtaining appropriate parental consent under COPPA and applicable laws. We provide tools to help churches manage this data responsibly, including the ability to delete member records. If we learn that we have collected personal information from a child under 13 without verified parental consent, we will take steps to delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our service providers may operate in the United States and other jurisdictions. We ensure that any international data transfers comply with applicable data protection laws and that appropriate safeguards are in place.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Last updated” date. For significant changes, we will provide additional notice via email or an in-app notification. Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: