ServisPulse
Terms of ServiceGet started
Privacy

Privacy Policy

We take your privacy seriously. This policy explains exactly what data we collect, why we collect it, how we protect it, and the rights you have over it.

Effective: April 8, 2025We do not sell your dataView Terms of Service →

ServisPulse (“we,” “our,” or “us”) is committed to protecting the privacy of church administrators, stewards, and all individuals whose data is processed through our platform. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the rights you have over it.

1. Who This Policy Applies To

This policy applies to the following categories of individuals:

  • Church administrators — individuals who create and manage a ServisPulse account on behalf of a church or ministry organization and are responsible for entering steward data.
  • Stewards — individuals whose attendance records and profile data are managed within the platform by a church administrator.
  • Visitors — individuals who visit our website, marketing pages, or branded check-in pages without a registered account.

Where ServisPulse processes personal data on behalf of a church, ServisPulse acts as a data processor and the church is the data controller. The church is responsible for its own legal basis for processing steward data. ServisPulse processes that data only in accordance with the church administrator's instructions and this policy.

2. Information We Collect

Information You Provide Directly

  • Account registration: First name, last name, church name, email address, and password at sign-up.
  • Profile information: Phone number (optional), and other details entered during onboarding or account settings.
  • Church details: Church name, URL slug, address, city, state, country, church size, primary service day, watchword, logo, branding colors, and website URL entered during onboarding.
  • Steward data: Steward names, email addresses, phone numbers, photos, department and branch assignments, steward ID numbers, and attendance records — entered by authorized church administrators.
  • Communications: Any messages you send us via email or support channels, including their content and metadata.

Information Collected Automatically

  • Usage data: Pages visited, features used, actions taken within the platform (e.g., check-ins recorded, reports viewed), timestamps, and session duration.
  • Device and browser information: IP address, browser type and version, operating system, and device identifiers, collected to ensure security and improve compatibility.
  • Session storage: Temporary browser session data used during onboarding workflows (e.g., carrying your church name from the sign-up form to the setup step). This is cleared when you close your browser tab.

Information from Third Parties

We do not purchase personal data from third-party data brokers. Our infrastructure providers (Convex, Resend, ImageKit) may process certain data as part of delivering the Service — see Section 6 for full details.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and operating the Service: Managing accounts, processing check-ins, generating attendance reports, delivering role-based dashboards, and operating all core platform features.
  • Identity verification: Sending a 6-digit one-time code to your email address at sign-up to confirm ownership before granting account access.
  • Essential communications: Account verification emails, password reset links, attendance alerts, and important service notifications. We do not send promotional or marketing emails without your explicit consent.
  • Security and fraud prevention: Monitoring for unauthorized access attempts, suspicious activity, and abuse to protect your account and data.
  • Service improvement: Aggregate, anonymized usage data helps us understand how the platform is used and where we can improve the user experience.
  • Legal compliance: Retaining or processing data as required by applicable laws, regulations, or lawful government requests.

We do not sell your personal data. We do not use your data or steward data for advertising, profiling, or any commercial purpose beyond delivering the Service to you.

4. Steward Data — Special Responsibilities

Steward personal data — including names, contact information, photos, and attendance records — is entered by church administrators and is owned by and under the control of the church organization. As a church administrator, you are responsible for:

  • Having a lawful basis for collecting and storing steward data (e.g., informed consent or legitimate organizational interest)
  • Informing stewards that their attendance data is being tracked and how it will be used and retained
  • Responding to steward requests to access, correct, export, or delete their personal data
  • Ensuring steward records are accurate, up to date, and limited to what is necessary
  • Obtaining parental consent where steward data includes minors

ServisPulse will never use steward data for any purpose other than delivering the Service to the church that controls it. All steward data is deleted within 90 days of account closure.

Where applicable law requires a legal basis for processing personal data, we rely on the following:

  • Contract performance: Processing necessary to provide the Service you have contracted with us for — including account management, check-in processing, and attendance reporting.
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security — where these interests are balanced against and do not override your fundamental rights.
  • Legal obligation: Processing required to comply with applicable laws or respond to lawful government requests.
  • Consent: For any optional processing where consent is the appropriate legal basis. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

6. How We Share Your Information

We do not sell or rent your personal data to any third party. We share data only with the following categories of recipients, and strictly to the extent necessary to deliver the Service:

  • Convex — our backend database and cloud infrastructure provider. All application data (accounts, churches, steward profiles, attendance records) is stored in Convex. Data is encrypted at rest and in transit.
  • Resend — our transactional email delivery provider. Email addresses and names are shared with Resend solely to deliver emails triggered by your account activity (verification codes, password resets, notifications). Resend is prohibited from using this data for any other purpose.
  • ImageKit — our image storage, optimization, and delivery provider. Church logos, background images, and steward photos are stored and served via ImageKit.
  • Law enforcement and legal process: We may disclose data if required to do so by law, valid legal process, or lawful governmental authority. Where legally permitted, we will notify you before complying with such a request.
  • Business transfers: In the event of a merger, acquisition, or sale of substantially all of ServisPulse's assets, your data may be transferred as part of that transaction. We will provide at least 30 days' notice before your data becomes subject to a different privacy policy.

All third-party providers are bound by data processing agreements and are contractually prohibited from using your data for their own commercial purposes.

7. Data Retention

We retain your data for as long as your account remains active. Specifically:

  • Active accounts: All data is retained for the duration of the account lifecycle.
  • Closed accounts: All associated data — including church records, steward profiles, and attendance history — is permanently deleted within 90 days of account closure, except where retention is required by law.
  • Email delivery logs: Transactional email metadata is retained by Resend for up to 30 days for delivery verification purposes.
  • Encrypted backups: Data may persist in encrypted infrastructure backups for up to 30 additional days following deletion, after which it is purged from all backup stores.

You may request early deletion of your data by contacting support@servispulse.app. We will process deletion requests within 30 days.

8. Data Security

We implement industry-standard technical and organizational security measures to protect your data against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of all data in transit using TLS/HTTPS
  • Encryption of data at rest via our infrastructure providers
  • Email-based OTP verification to confirm account ownership at sign-up
  • Secure password hashing — we never store passwords in plain text
  • Role-based access controls ensuring only authorized administrators can access church and steward data
  • Session-based authentication with secure token management

No method of electronic transmission or storage is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. If you suspect your account has been compromised, contact us immediately at support@servispulse.app.

9. Cookies and Tracking Technologies

ServisPulse uses minimal browser storage mechanisms strictly necessary to operate the Service:

  • Authentication session tokens: Essential for maintaining your signed-in session. These are cleared when you sign out or after a defined session expiry period.
  • Session storage: Used temporarily during specific onboarding workflows to carry data between steps (e.g., your church name from sign-up to the setup screen). This data is automatically cleared when you close the browser tab and is never transmitted to external parties.

We do not use advertising cookies, cross-site tracking pixels, behavioral profiling tools, or third-party analytics services that track users across websites. We do not participate in advertising networks of any kind.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. We honor all applicable rights regardless of where they are enshrined in law:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request deletion of your personal data (“right to be forgotten”).
  • Portability: Request a structured, machine-readable export of your data.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdrawal of consent: Where processing is based on your consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at privacy@servispulse.app. We will respond within 30 days. For steward data held by a church, requests should be directed to the church administrator who manages your profile — ServisPulse will support churches in responding to such requests upon request.

11. Children's Privacy

The ServisPulse platform itself is not directed to children under the age of 16. We do not knowingly collect personal data directly from individuals under 16. If you are a parent or guardian and believe your child has provided us with personal data without appropriate consent, please contact us at privacy@servispulse.app and we will take prompt steps to delete that information.

Where church administrators create steward profiles for youth ministry members or other minors, the church organization — as data controller — is solely responsible for obtaining any required parental consent in accordance with applicable law before entering such data into the Service.

12. International Data Transfers

ServisPulse serves churches globally, and your data may be stored and processed in servers located in countries other than your own. Our infrastructure providers (Convex, Resend, ImageKit) may process and store data across multiple regions. Where data is transferred internationally, we rely on appropriate legal mechanisms such as standard contractual clauses or equivalent safeguards to ensure your data receives an adequate level of protection regardless of where it is processed.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and notify you by email at least 14 days before the changes take effect. For non-material corrections or clarifications, updated policies will be published immediately. Your continued use of the Service after any changes take effect constitutes your acceptance of the revised policy. If you do not agree with any changes, please discontinue your use of the Service and contact us to close your account.

14. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us. We take all privacy enquiries seriously and aim to respond within 5 business days:

You also have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction if you believe your rights have been violated and your concern has not been adequately addressed by us.

© 2026 ServisPulse. All rights reserved.

Terms of ServiceBack to home