← Back to sign in

Privacy Policy

Last updated: April 26, 2026

1. Introduction

CongreFlow ("we", "us", "our") operates a church management platform at congreflow.com. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using CongreFlow you agree to this policy.

2. Information We Collect

Account & Profile Data

  • Name, email address, and profile photo
  • Phone number (if you sign in via phone OTP)
  • Social profile data from Google or Facebook when you choose to sign in with those services

Church & Organization Data

  • Church name, address, and organization settings
  • Member records: name, contact details, gender, date of birth, membership status
  • Attendance records linked to check-in sessions
  • QR codes used for member identification at events

Usage Data

  • Log data, IP addresses, browser type, and pages visited — collected automatically
  • Device information when accessing the platform

Third-Party Integration Data

If your organization connects Planning Center Online (PCO), we store OAuth access tokens on your behalf to sync member records you explicitly authorize.

3. How We Use Your Information

  • To provide and operate the CongreFlow platform for your church
  • To authenticate users via email, phone, Google, or Facebook sign-in
  • To sync and display member data authorized by your organization
  • To send transactional emails (password resets, account confirmations)
  • To improve the platform through aggregated, anonymized analytics
  • To comply with applicable laws and regulations

We do not sell your data to third parties.

4. Data Sharing

We share data only with the following sub-processors as necessary to operate the service:

  • Supabase — database, authentication, and file storage (EU/US)
  • Vercel — application hosting and CDN (US)
  • Google — OAuth sign-in and Maps API
  • Meta (Facebook) — OAuth sign-in
  • Planning Center Online — member data sync (only when explicitly connected by your org)

All sub-processors are bound by their own privacy and security commitments.

5. Data Retention

We retain your account and organization data for as long as your account is active. When you delete your account, we permanently delete your personal data within 30 days, except where retention is required by law.

6. Cookies & Tracking

CongreFlow uses strictly necessary cookies to maintain authenticated sessions. We do not use tracking or advertising cookies.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to or restrict certain processing
  • Data portability (export your data)

To exercise any of these rights, email us at privacy@congreflow.com. For Facebook users, you may also submit a data deletion request here.

8. Security

We use industry-standard security practices including TLS encryption in transit, encrypted storage, row-level security policies on our database, and access controls. No method of transmission over the internet is 100% secure; we strive to protect your data but cannot guarantee absolute security.

9. Children's Privacy

CongreFlow is intended for use by church administrators and staff (18+). We do not knowingly collect personal data from children under 13. Member records for minors entered by church staff are subject to the church organization's own data policies.

10. Changes to This Policy

We may update this policy from time to time. We will notify account holders of material changes by email or via an in-app notice. Continued use after notification constitutes acceptance.

11. Contact

Questions about this policy? Contact us at privacy@congreflow.com.

Terms of ServiceData DeletionSign In