Zion - Church Management Platform

1. Introduction

Zion App ("we," "our," or "us") is committed to protecting your privacy and the privacy of children. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our church management platform, in compliance with the Children's Online Privacy Protection Act (COPPA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

Important: Data Responsibility

Your Church is the Data Controller and is responsible for the personal data collected through our platform. Zion App is the Data Processor and processes data only on behalf of your church. For questions about how your data is used, please contact your church administrator first. See our Data Processing Agreement for more details.

2. Information We Collect

2.1 Personal Information (Adults)

We collect the following categories of personal information from adult users:

Identifiers: Name, email address, phone number
Account Information: Credentials, role, church affiliation
Guardian Information: Relationship to children, pickup authorization, guardian codes
Profile Information: Ministry assignments, volunteer status

2.2 Children's Information (Under 13)

For Kids Ministry services, with verifiable parental consent, we collect only the minimum information necessary:

Child's first and last name
Date of birth (used solely for age group assignment)
Allergies, medical conditions, and special needs (for child safety only)
Guardian contact information and relationship
Check-in/check-out records and room assignments
Incident reports (if any occur during care)

Data Minimization

We do NOT collect from children: photographs, social media accounts, geolocation data, persistent identifiers for tracking purposes, or any information not directly necessary for safe care during Kids Ministry services. We do not condition participation on providing unnecessary information.

2.3 Public Event Registration

When you register for a church event through a public registration link (without creating an account), we collect:

Required: Full name, email address
Optional: Phone number, notes/special requests

How This Data Is Used

Your information is used solely to process your event registration, send confirmation emails, and enable check-in at the event. Your data is stored securely and is only accessible to the church hosting the event. We do not use this information for marketing purposes or share it with third parties.

Retention: Public registration data is retained for 1 year after the event date, after which it is automatically deleted. You can request immediate deletion by contacting the church or emailing privacy@zionapp.org.

2.4 Automatically Collected Information

IP address (used for security, rate limiting, and audit logging)
Device information and browser type
Usage patterns and access timestamps
Session cookies (functional only, no tracking)

3. How We Use Your Information

3.1 Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

Contract Performance: To provide the church management services you have subscribed to
Consent: For SMS notifications, optional features, and children's data processing
Legitimate Interest: For security monitoring, fraud prevention, and service improvement
Legal Obligation: To comply with applicable laws and respond to lawful requests

3.2 Purposes of Processing

Provide and maintain church management services
Process Kids Ministry check-ins and check-outs safely
Send notifications about children (check-in confirmations, incidents)
Ensure the safety and security of children in care
Communicate important updates and service announcements
Maintain audit logs for compliance and security
Respond to data subject requests and support inquiries

4. Artificial Intelligence & LLM Policy

No Child Data Sent to AI Services

We guarantee that no children's personally identifiable information (PII) is ever transmitted to artificial intelligence services, large language models (LLMs), or machine learning systems. This applies to all current and future integrations.

Zion App does not currently use AI or machine learning to process any personal data. If we introduce AI-powered features in the future, we will:

Never send children's PII to AI/LLM services under any circumstances
Implement technical guardrails to prevent accidental transmission of child data to AI services
Update this Privacy Policy and notify all users before introducing any AI features
Obtain explicit consent before processing any personal data with AI systems

5. SMS Communications

If you opt in to receive SMS notifications, we will send text messages for:

Check-in confirmations with security codes
Check-out confirmations
Incident reports and alerts
Important ministry updates

Your Rights: You can opt out of SMS messages at any time by replying STOP to any message or updating your preferences in the Guardian Portal. Message and data rates may apply. We do not share your phone number with third parties for marketing purposes.

6. Children's Privacy (COPPA Compliance)

Special Protection for Children's Data

We take the protection of children's information extremely seriously. All children's data is subject to enhanced security measures, strict access controls, field-level encryption for sensitive medical data, and comprehensive audit logging.

6.1 Verifiable Parental Consent

We require verifiable parental consent before collecting any information from or about children under 13. Your church, as the Data Controller, is responsible for obtaining consent through one of the following methods:

In-person signed consent form at the church
Electronic consent through the platform (with identity verification)
Written consent provided to church administration

All consent records are tracked and auditable through our consent management system.

6.2 Parental Rights Under COPPA

As a parent or legal guardian, you have the right to:

Review: Request to see all personal information collected about your child
Correct: Request corrections to inaccurate information about your child
Delete: Request deletion of your child's personal information
Refuse: Refuse to allow further collection of your child's information
Withdraw Consent: Withdraw your consent at any time, at which point we will stop collecting your child's data and delete existing data upon request

To exercise these rights, you can submit a data request online, contact your church administrator, or email privacy@zionapp.org.

6.3 Church Responsibility for COPPA

Your church, as the Data Controller, is primarily responsible for:

Obtaining verifiable parental consent before registering children
Providing parents with clear notice about what information is collected
Maintaining records of parental consent
Responding to parental requests to review, modify, or delete their child's data
Training staff on proper handling of children's information
Limiting access to children's data to authorized personnel only

6.4 Retention of Children's Data

Children's data is retained only as long as necessary:

Active child profiles: retained while the child is actively enrolled
Check-in records: retained for 2 years for safety and compliance
Incident reports involving children: retained for 7 years
Inactive children (no check-in for 12+ months): guardian notified with option to re-activate or delete
Inactive children (no check-in for 24+ months): auto-archived with PII anonymized

7. Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

Right of Access (Art. 15): Request a copy of all personal data we hold about you
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
Right to Restriction (Art. 18): Request limitation on processing of your data
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON or CSV)
Right to Object (Art. 21): Object to processing of your data based on legitimate interest
Right to Withdraw Consent (Art. 7): Withdraw previously given consent at any time
Right Not to Be Subject to Automated Decisions (Art. 22): We do not make automated decisions that produce legal effects

International Data Transfers

Zion App is based in the United States. If you are accessing our services from the EEA or UK, your data will be transferred to and processed in the United States. We rely on standard contractual clauses (SCCs) as the legal mechanism for such transfers, as detailed in our Data Processing Agreement.

Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@zionapp.org.

8. Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

8.1 Right to Know

You have the right to know what personal information we collect, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.

8.2 Categories of Personal Information Collected

Category	Examples	Purpose
Identifiers	Name, email, phone	Account management, notifications
Internet Activity	IP address, browser type, usage data	Security, audit logging
Protected Classifications	Age (date of birth for children)	Age group assignment for Kids Ministry
Medical Information	Allergies, medical notes, special needs	Child safety during care

8.3 Right to Delete

You can request deletion of your personal information, subject to certain legal exceptions (e.g., retaining data necessary for legal compliance or completing a transaction).

8.4 Right to Opt-Out of Sale

We Do Not Sell Your Personal Information

Zion App does not sell, rent, or trade personal information to third parties for monetary or other valuable consideration. We do not share personal information for cross-context behavioral advertising.

8.5 Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. You will receive equal service and pricing regardless of whether you exercise your privacy rights.

9. Information Sharing

We do not sell your personal information. We may share information with:

Your Church: Church administrators have access to member and children data within their organization only (strict multi-tenant isolation)
Service Providers: Third-party services that help us operate (see Section 12)
Legal Requirements: When required by law, court order, or to protect rights and safety

We never share data across church tenants. Each church's data is completely isolated.

10. Data Security

We implement appropriate technical and organizational security measures:

Encryption of data in transit (TLS) and at rest
Field-level encryption for sensitive medical data (allergies, medical notes)
Secure password hashing (bcrypt)
Multi-tenant data isolation with database-level row security
Account lockout after failed login attempts
Rate limiting on authentication endpoints
Guardian code and security code verification for child pickup
Role-based access controls
Comprehensive audit logging of all data access and mutations
Regular dependency security audits

11. Audit Logging

For compliance and security purposes, we maintain comprehensive audit logs that record:

All create, update, and delete operations on personal data
Login and authentication events
Data access and export events
IP addresses and timestamps for each action

Sensitive fields (passwords, security codes, tokens) are redacted in audit logs. Audit logs are retained for 2 years (7 years for security-related events). These logs are used exclusively for security monitoring, compliance verification, and investigating unauthorized access.

12. Third-Party Services

We use the following third-party services to provide our platform:

Provider	Purpose	Data Shared	Location
DigitalOcean	Cloud hosting & database	All platform data (encrypted)	United States
Twilio	SMS notifications	Phone numbers, message content	United States
Resend	Email notifications	Email addresses, message content	United States

All sub-processors are bound by data processing agreements. We will notify you of any changes to sub-processors with at least 30 days notice.

13. Data Retention

We retain data for the minimum period necessary for each purpose:

Data Type	Retention Period
Check-in/check-out records	2 years
Incident reports	7 years
Guardian/child profiles	While active + 1 year after last activity
Account data	Until account deletion requested
Event registrations (public/guest)	1 year after event date
Audit logs (general)	2 years
Audit logs (security events)	7 years
Consent records	7 years after consent or revocation
Backups	30 days after data deletion

14. Cookies

We use only essential cookies necessary for the functioning of the platform:

Session cookies: To keep you signed in
Security cookies: CSRF protection and session management

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

15. How to Exercise Your Rights

You can exercise any of your privacy rights by:

Submitting a data request online
Contacting your church administrator
Emailing privacy@zionapp.org

We will respond to verifiable requests within 30 days (or 45 days for complex requests, with notification of the extension). We may need to verify your identity before processing your request.

16. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will notify church administrators via email at least 30 days before the changes take effect. We will also update the "Last updated" date at the top of this page.

17. Contact Us

If you have questions about this Privacy Policy or our data practices:

Zion App Privacy
General: support@zionapp.org
Privacy: privacy@zionapp.org
DPO (GDPR): dpo@zionapp.org