Privacy Policy

1. What We Collect

Church & Account Information

When you create an account, we collect information about your church and the administrators who manage it: church name, address, website, and the name and email address of account administrators.

Staff & Team Member Information

When you add ministry leaders or staff members to your account, we collect their names and email addresses (and optionally phone numbers for SMS notifications).

Volunteer & Visitor Information

When your members or visitors fill out intake forms, we collect the information they submit — typically name, email, phone number, and whatever fields your church has configured. This data belongs to your church (see Section 6).

Usage Data

We collect basic usage information — pages visited, actions taken, error logs — to help us improve the product and diagnose issues. This data is not sold or shared with advertisers.

2. Cookies

We use session cookies to keep you logged in while you use Shepherds Inbox. These cookies are strictly necessary for the service to function — they don't track you across other websites and are not used for advertising. We do not use third-party tracking cookies.

3. How We Use Your Data

We use the information we collect to:

• •Operate and improve Shepherds Inbox
• •Send email and SMS notifications you or your church have requested
• •Process payments and manage your subscription
• •Provide customer support
• •Comply with legal obligations

We do not sell your data. We do not use your church's volunteer or visitor information for any purpose other than delivering the service to you.

4. Email Communications

We send transactional emails related to your account — signup confirmations, volunteer and visitor notifications, password resets, and subscription receipts. We may occasionally send product announcements or updates. You can opt out of non-transactional emails at any time via the unsubscribe link included in every email.

5. SMS / Text Messages

Shepherds Inbox can send SMS notifications to church staff and ministry leaders. These messages are strictly operational — new volunteer applications, new visitor submissions, follow-up reminders.

SMS messaging is provided via Twilio. Standard message and data rates from your carrier may apply. We do not send marketing texts.

6. Data Ownership

Your church owns its data. Volunteer records, visitor records, ministry configurations, and communication history belong to you. We are a processor acting on your behalf — not an owner of your congregation's information. You can export or delete your data at any time (see Section 9).

7. Data Storage & Infrastructure

Shepherds Inbox is hosted on the following infrastructure:

• •Application servers: Fly.io (Dallas, TX region). Your data stays within the United States.
• •Database: Supabase (PostgreSQL). Data is encrypted at rest and in transit.
• •CDN / DDoS protection: Cloudflare. Traffic to shepherdsinbox.com routes through Cloudflare's network for performance and security.

8. Third-Party Services

We work with a small number of trusted third-party providers to deliver the service:

We do not share your data with these providers beyond what is required to deliver the service, and we do not permit them to use your data for their own marketing purposes.

9. Your Rights

You have the right to:

• •Access the data we hold about you or your church's account
• •Correct inaccurate information in your account
• •Export your church's data at any time from your account settings
• •Delete your account and all associated data by contacting us at [email protected]
• •Opt out of non-transactional email communications at any time
• •Opt out of SMS by replying STOP to any text or changing your notification preferences

To exercise any of these rights, contact us at [email protected]. We'll respond within 30 days.

10. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, we retain your data for 90 days in case you want to reactivate, then permanently delete it. You can request immediate deletion at any time by contacting support. Anonymized usage statistics may be retained indefinitely.

11. Security

We use industry-standard practices to protect your data: TLS encryption for all data in transit, encryption at rest in our database, access controls limiting who on our team can access production data, and regular security reviews. No system is perfectly secure, but we take these responsibilities seriously.

12. Children's Privacy

Shepherds Inbox is a platform for church administrators, staff, and adult volunteers. We do not knowingly collect personal information from children under the age of 13. If you believe a child under 13 has submitted personal information to us, please contact us at [email protected] and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify account administrators via email at least 14 days before the changes take effect. Continued use of Shepherds Inbox after that date constitutes acceptance of the updated policy. The current version is always available at shepherdsinbox.com/privacy.html.

14. Contact

Questions about this policy? Reach us at: