FlockConnect
Try free

FlockConnect Privacy Policy

Effective date: June 4, 2026 · Last updated: June 4, 2026

This Privacy Policy is the operative privacy policy for the FlockConnect service, adopted by FlockConnect LLC. It takes effect on the date above and applies when the service (including the public website) is made available.

In plain language (a non-binding summary — the full Policy below controls):

  • Your members' data is yours. You (the church) control it; FlockConnect only processes it to run the service and never sells it or uses it for advertising.
  • Only our separate public marketing website uses ad/analytics cookies — and that site is not live yet.
  • We apply strong privacy rights to all users; where you live may give you more (Sections 14–21).
  • Questions or requests: support@flockconnect.com.

1. Who operates FlockConnect

FlockConnect is a software product operated by FlockConnect LLC ("FlockConnect," "we," "us," or "our"). FlockConnect provides pastoral-care and member-connection software to churches.

  • Legal entity: FlockConnect LLC (the product is offered under the name "FlockConnect").
  • Mailing address: 4030 Wake Forest Road, STE 349, Raleigh, NC 27609, USA.
  • Privacy, support, and security contact: support@flockconnect.com.

This Privacy Policy explains how we handle information across the FlockConnect service and our public website. Because FlockConnect involves two very different data relationships, please read Sections 2 and 3 carefully — they determine which parts of this Policy apply to you.

This Policy applies to the authenticated FlockConnect application, our public marketing and blog website, and our support and demo channels. Order of precedence: if there is a conflict, a signed customer agreement or data processing addendum (DPA) between FlockConnect LLC and a church customer controls for that customer; then the FlockConnect Terms of Service; then this Privacy Policy — except that this Privacy Policy controls on data-handling specifics where it and the Terms of Service address the same topic.

2. Roles and responsibilities (who controls what)

FlockConnect provides software to churches. The handling of personal information differs depending on whose data it is.

2.1 The church is responsible for its member and pastoral data

The church (our customer) controls, and is responsible for, the member, pastoral, and ministry data it puts into FlockConnect. The church is responsible for having the authority and the appropriate permission or consent to upload, sync, message, and provide care to its people using FlockConnect. The church decides who to invite, who to contact, what records to keep, and how its ministry uses the software.

For this church-controlled member and pastoral data, FlockConnect acts as a service provider / processor: we process that data on the church's behalf and under the church's instructions, to provide the service. We do not own that data, and we do not use it for our own independent purposes beyond operating, securing, supporting, and improving the service as permitted by our agreement with the church and by this Policy.

We do not assume the church's responsibility for obtaining its members' consent. The church, as the controller of its member and pastoral data, is solely responsible for having the authority, consents, permissions, and legal bases required to use FlockConnect with its people; FlockConnect, as processor, does not obtain or assume those consents on the church's behalf. This allocation is set out in the Terms of Service (Section 4).

2.2 FlockConnect is the controller of account, billing, website, marketing, and support data

For information about account holders, billing, our public website, our marketing, and our support interactions, FlockConnect acts as the business / controller: we determine why and how that information is handled. Sections 3.2, 9, and the regulatory sections below describe this in detail.

2.3 Church members do not have accounts

Only account users — an account owner, an admin, or a care partner — hold FlockConnect accounts, and all account users must be 18 or older.

Church members do not receive accounts. When a member needs to interact with FlockConnect (for example, to complete a form), the church sends a token-scoped secure link. These links are scoped to a specific purpose and the church controls who receives forms and messages. A member using a secure link is not creating an account and is not an account user.

3. The two data worlds

FlockConnect handles two distinct categories of information that are kept conceptually and operationally separate.

3.1 Data World A — the application (church and member data)

This is the data inside the authenticated FlockConnect application: church workspace data, people/member records, pastoral and care data, form/assessment responses, communications, calendar writes, and related information. For most of this data the church is the controller and FlockConnect is the processor (Section 2.1). This data is never sold and is never used for advertising (Section 11).

3.2 Data World B — the public marketing and blog website (visitor data)

This is data about visitors to our public marketing and blog website — not the authenticated app, and not church or member data. Our public marketing and blog website uses (or, where it is not yet live, will use upon launch) Google Analytics and Google AdSense, which involve cookies, advertising identifiers, and ad personalization. For website-visitor data, FlockConnect is the controller, and — under California law — the use of advertising and analytics cookies may be treated as a "sale" or "share" of website-visitor personal information. Section 9 governs this data world in full; the analytics/advertising activities it describes apply once the public website is live.

These two worlds are handled separately. Church, member, and pastoral data from the application (World A) is never used for the advertising/analytics activities described for the website (World B), is never used for advertising, and is never sold.

4. Categories of data we handle, including sensitive data

4.1 Data categories

Depending on how FlockConnect is used, we may handle the following categories of information:

  • Account data — information about account owners, admins, and care partners (e.g., name, email, login/authentication data).
  • Church workspace data — settings, roles, structure, and configuration of a church's workspace.
  • People / member records — records the church maintains about its people.
  • Contact information — names, email addresses, phone numbers, and similar contact details.
  • Relationship / care data — pastoral relationships, care assignments, and related ministry context.
  • Assessment / form responses — responses members or others submit through FlockConnect forms and assessments.
  • Import / sync data — data brought in via Planning Center, CSV/manual import, or secure links.
  • Communications metadata — metadata about messages and notifications (e.g., delivery status), as well as message content the church directs FlockConnect to send.
  • Calendar write data — events FlockConnect writes to connected calendars at the church's direction.
  • Location / proximity data — addresses and derived proximity information used for geographic features.
  • Billing data — Stripe customer/subscription identifiers and status only. FlockConnect does not store payment card numbers; Stripe handles and retains payment records under its own policies.
  • Product telemetry — usage and performance signals about how the service is used.
  • Support / feedback — information you provide when you contact support or share feedback.
  • Public website / demo / marketing data — information from website visits, demo bookings, embeds, and marketing interactions (see Sections 3.2 and 9).

4.2 Sensitive data

FlockConnect is used for pastoral care and therefore may handle sensitive information, including:

  • pastoral notes and care reports;
  • assessment responses;
  • prayer and care details;
  • records about children/minors (provided by the church — see Section 19);
  • location/proximity data;
  • giving-pattern signals — FlockConnect uses signals derived from giving patterns but does not store raw giving amounts; and
  • secure-token metadata.

We apply the protections described in this Policy to this information and limit access to it within the service. Sensitive information from the application is never used for advertising and is never sold.

Sensitive data is processed only with the required consent. Several U.S. state privacy laws (the "Virginia-model" laws) treat information such as religious beliefs or affiliation and health-related data as sensitive, requiring opt-in consent before processing (in contrast to California's opt-out approach). Because FlockConnect is used by churches and its core data is faith-related, the church (as controller) is responsible for obtaining and maintaining its members' consent to process such sensitive data, and for honoring withdrawals of consent; FlockConnect processes it only on the church's instructions and for the purposes in this Policy.

Health-adjacent data and "consumer health data" laws. FlockConnect is not a healthcare provider, health plan, or healthcare clearinghouse, and does not operate as a HIPAA covered entity or business associate; pastoral-care content (such as prayer requests and care notes) is handled as part of a church's religious and ministry activity, not as regulated healthcare. Some state laws (for example, Washington's My Health My Data Act) define "consumer health data" broadly; where such a law applies to a church's use, the church (as controller) is responsible for any required consent or authorization, and FlockConnect supports the church in honoring it.

Social Security numbers. FlockConnect does not request or require Social Security numbers. We do not publicly display SSNs or transmit them unencrypted; if a church chooses to store SSN-class data in a free-text field, it does so under its own responsibility, and such data is protected by encryption in transit and access controls (consistent with N.C.G.S. §75-62).

5. Where the data comes from (sources)

We obtain information from:

  • direct input by account users;
  • Planning Center via OAuth sync and import (and reviewed writeback);
  • CSV / manual import performed by the church;
  • member secure links (token-scoped links the church sends to members);
  • admin and care-partner entries within the application;
  • provider webhooks (e.g., delivery and billing status from service providers);
  • product telemetry generated through use of the service;
  • support requests you submit to us; and
  • public website forms and embeds on our marketing and blog site.

6. How and why we use information

We use information for the following purposes, depending on the data world and the role described above:

  • Provide the service — operate the application, maintain church workspaces, store and display records, send communications the church directs, write to connected calendars, run imports and Planning Center sync, and deliver geographic features. (Basis examples: performance of our agreement with the church; the church's instructions as processor.)
  • Authenticate and secure accounts — log in account users, enforce roles and multi-factor authentication, and protect against unauthorized access. (Basis: contract; legitimate interests / legal obligation in securing data.)
  • Billing and subscription management — manage subscriptions and billing status through Stripe. (Basis: contract; legal obligation.)
  • Support and feedback — respond to requests and improve the service. (Basis: legitimate interests; contract.)
  • Service security, reliability, and improvement — error monitoring, product analytics, and reliability work, using privacy-protective configurations described in Section 20. (Basis: legitimate interests.)
  • AI-assisted features ("Collie") — provide assistive drafting and review features as described in Section 7. (Basis: contract; the church's instructions.)
  • Public website, marketing, and demos — operate our marketing and blog website, offer demo bookings, and (for website visitors only) run analytics and advertising as described in Section 9 and the cookie/consent disclosures in Section 9.3. (Basis: consent for advertising/analytics cookies where required; legitimate interests; performance of a requested service such as a demo booking.)
  • Legal, safety, and compliance — comply with law, enforce our terms, respond to lawful requests, and establish, exercise, or defend legal claims. (Basis: legal obligation; legitimate interests.)

For individuals in the EEA/UK, the GDPR/UK-GDPR lawful bases are: consent for advertising/analytics cookies on the public website (and where otherwise required); legitimate interests for securing, supporting, and improving the service; performance of a contract for providing the service, billing, and demos; and compliance with a legal obligation. Where we rely on legitimate interests, we have balanced those interests against individuals' rights.

We do not sell members' or churches' personal information, and we do not use pastoral or member data for third-party advertising (Section 11). The separate advertising activity for website visitors is described in Section 9.

7. AI features ("Collie")

FlockConnect includes AI-assisted features branded as "Collie." The following describes how Collie works:

  • Provider-abstracted. Collie runs through an abstraction layer over one or more AI providers (see Section 8), which may change over time.
  • Privacy-aware context and zero data retention. Collie is designed to operate on privacy-aware, redacted context where possible, rather than exposing more data than a feature needs — applying name-pseudonymization and context-minimization where possible. Collie's AI processing runs through providers under zero-data-retention terms, meaning those providers do not retain the prompts/outputs or use them to train their models. We do not represent that no sensitive data is ever processed by AI features; we represent that we apply redaction, minimization, and zero-data-retention provider routing where possible.
  • Provenance records. FlockConnect keeps provenance records associated with AI-generated content.
  • Human approval required. A human must approve before Collie makes any meaningful external write or sends any member-facing message. Collie does not autonomously message members or push external changes without that approval.
  • Assistive only and may be inaccurate. Collie is assistive only and may produce inaccurate output. It is not a substitute for pastoral, medical, mental-health, legal, or financial judgment, and it is not for emergency response or mandated reporting. Churches and account users remain responsible for reviewing Collie's output before relying on or acting on it.

8. Service providers and sub-processors

FlockConnect uses third-party service providers to operate the service. Where these providers handle church-controlled data, they act as our sub-processors and are bound to handle the data consistent with our obligations to the church. The categories of providers are:

  • Supabase — database, authentication, and storage.
  • Vercel — application hosting (and, when enabled, Vercel Analytics for aggregate performance/usage metrics).
  • Stripe — billing and payments (Stripe retains payment records under its own policies).
  • Planning Center — OAuth-based sync/import and reviewed writeback.
  • Resend — transactional email delivery.
  • Twilio — SMS delivery.
  • Google Calendar / Microsoft Calendar — calendar writeback.
  • Google Maps / Mapbox — geocoding and proximity.
  • Vertex / Gemini and Vercel AI Gateway — AI processing for Collie, under zero-data-retention terms (Section 7). (OpenRouter is configured as a disabled fallback and is not enabled for launch.)
  • Sentry — error monitoring; configured to remove personal information before it is sent to Sentry, with personal-data collection turned off by default.
  • PostHog — product analytics (privacy-locked; session replay is not enabled by default; data is masked).
  • Cloudflare Turnstile — bot defense.
  • Cal.com — demo booking.
  • YouTube — embedded video on our website.
  • IndexNow / Bing — search-engine indexing for our website.

Each provider processes data under its own terms and privacy practices for the functions it performs. We maintain a current list of sub-processors (this Section, or a sub-processor page we link to), and we provide notice of new sub-processors through the change-notification process described in Section 23 so that customers may review them. Some providers above support our public marketing/blog website or other features that are not yet live (for example, website analytics and advertising, demo booking, embedded video, and search-engine indexing); those providers begin processing data only when the corresponding feature launches.

Internal-tools boundary. We use GitHub (source control and continuous integration) and Linear (internal issue and support tracking) for our own internal operations only. Neither is used to receive production customer, member, pastoral, or secret data, and such data must not be placed in them.

9. Cookies, analytics, and advertising (public website visitors)

This Section applies to Data World B — visitors to our public marketing and blog website. It does not apply to the authenticated application or to church/member data. The analytics and advertising activities described here (and the associated cookie-consent, opt-out, and GPC mechanisms) apply to our public marketing and blog website; where that website is not yet live, these activities take effect when it launches.

9.1 Google Analytics and Google AdSense

When our public marketing and blog website is live, it will use Google Analytics and Google AdSense. These services set cookies and use advertising and analytics identifiers, and they support ad personalization. Google may use the data collected through these services in accordance with Google's own policies. For more information, see Google's page "How Google uses information from sites that use its services" (https://policies.google.com/technologies/partner-sites).

Visitors can opt out of personalized advertising through Google's Ads Settings (https://adssettings.google.com) and through industry opt-out tools such as the Digital Advertising Alliance (https://optout.aboutads.info) and the Network Advertising Initiative (https://optout.networkadvertising.org).

9.2 "Sale" / "Share" treatment under California law

Under the California Privacy Rights Act (CPRA), using advertising and analytics cookies for cross-context behavioral advertising may be treated as a "sale" or "share" of the personal information of website visitors. Accordingly:

  • We will provide a "Do Not Sell or Share My Personal Information" link on the public website, and will honor the Global Privacy Control (GPC) browser signal as a valid opt-out of the sale/share of website-visitor information.
  • The website-visitor analytics and advertising identifiers used by Google Analytics and AdSense are not "sensitive personal information" under the CPRA, and we do not use website-visitor data to infer sensitive characteristics for advertising. Accordingly, the "Limit the Use of My Sensitive Personal Information" right is not triggered by this website activity, and we do not represent that we offer that mechanism for it.

Once the public website is live, it will use a cookie-consent banner to manage advertising and analytics cookies:

  • For visitors in the EEA and UK, advertising and analytics cookies are opt-in (we seek consent before setting non-essential cookies), consistent with GDPR/UK GDPR.
  • For visitors in California (and consistent with CalOPPA disclosure expectations), we offer an opt-out mechanism.
  • We will use a Google-certified consent management platform (Google's "Privacy & messaging" CMP) together with Google Consent Mode v2 to apply these choices to Google Analytics and Google AdSense. Regional gating: advertising and analytics cookies are opt-in for visitors in the EEA/UK and opt-out for visitors in California and the rest of the United States.

9.4 "Do Not Track" signals

Because there is no common industry standard for "Do Not Track" (DNT) signals, the public website will not respond to DNT browser signals; it will, however, honor the Global Privacy Control (GPC) signal as a valid opt-out of the sale/share of website-visitor personal information, as required by California law.

9.5 No personalized advertising to children

We do not run personalized advertising on any child-directed content. We do not offer child-directed content (see Section 19). We do not knowingly sell or share the personal information of website visitors we know to be under 16; our marketing and blog website is not directed to children.

10. How we share information

We share information only as described in this Policy:

  • With service providers / sub-processors (Section 8), to perform functions on our behalf.
  • At the church's direction — for church-controlled data, with the recipients the church chooses (for example, the members a church sends forms or messages to, or calendars the church connects).
  • For website analytics and advertising — with Google, for website-visitor data only, as described in Section 9.
  • For legal, safety, and compliance reasons — to comply with law, respond to lawful requests, enforce our terms, and establish, exercise, or defend legal claims.
  • In a business transfer — in connection with a merger, acquisition, financing, reorganization, change of control, or sale of all or substantially all of our assets or equity, personal information may be transferred to the successor or acquirer as a business asset. We will provide notice (for example, on our website or by email to account owners) of any change of control that materially affects how we handle personal information, and the successor will be bound by this Policy with respect to information transferred until it provides notice of any changes as described in Section 23.

11. Our posture: no sale and no advertising use of member data

For the application's church and member data (Data World A):

  • We do not sell members' or churches' personal information.
  • We do not use pastoral or member data for third-party advertising.

This posture is distinct from the website-visitor advertising activity in Section 9, which involves a separate set of data (Data World B) and which California law may treat as a "sale" or "share" of website-visitor personal information. Church, member, and pastoral data is never used for advertising and is never sold.

12. Retention

We retain information for as long as needed for the purposes described in this Policy, and then delete or de-identify it, subject to the caveats in Section 13. General retention practices by category:

  • Account and church workspace data — retained while the account is active.
  • Trial, grace, and restricted states — retained according to the applicable trial/grace/restricted retention rules for that state of the account.
  • Cancellation window — after cancellation, there is a 90-day reversible export/deletion window during which the church can export or restore before staged deletion proceeds.
  • Raw import CSVs — raw CSV import files are deleted 30 days after the import is approved or rejected. Records that were approved during import remain in the workspace; the deletion applies to the raw CSV source file.
  • Billing data — Stripe identifiers/status retained while needed for billing; Stripe retains payment records under its own policies.
  • Audit and security logs — retained for up to 24 months, and longer where required by a legal hold, an ongoing security investigation, or for legal-defense purposes.
  • Provider retention — each service provider (Section 8) retains data under its own policies.
  • Legal-hold exceptions — we may retain information longer where required by law, by a legal hold, or to resolve a billing dispute (Section 13).

13. Your rights: access, export, deletion, and correction

13.1 What you can request

Depending on your role and applicable law, you may be able to access, export, correct, or delete personal information. How a request is handled depends on whose data it is:

  • Account owners (self-serve export). An account owner can run a self-serve full export of the workspace. The export is a privacy-filtered ZIP delivered through short-lived (15-minute) signed download links, and it excludes credentials and secrets.
  • Support-assisted requests. For requests that cannot be completed self-serve, contact support@flockconnect.com and we will assist consistent with our role and applicable law.
  • Member (token-link user) requests routed through the church. Because church members do not have accounts and their data is controlled by the church, member requests to access, correct, or delete their information are generally routed through the church, which controls that data. We will support the church in responding. If a member contacts us directly, we will direct the request to the relevant church and/or assist as a processor.

13.2 Deletion: important caveats

When data is deleted, the following caveats apply. Deletion through FlockConnect is not immediate, not necessarily permanent across all systems, and not provider-wide:

  • Deletion proceeds in stages, including the 90-day reversible window after cancellation (Section 12).
  • Service providers (for example, Stripe and others in Section 8) retain records under their own policies, so deletion in FlockConnect does not by itself remove data those providers retain.
  • A legal hold or billing dispute can pause deletion until it is resolved.
  • Backups, logs, and audit records may persist for a period after deletion of the primary records.

We do not represent that data is permanently or instantly erased everywhere on cancellation. Any deletion-certification commitment to a church customer is addressed, if at all, in a signed data processing addendum (DPA), not in this Policy.

Secure disposal. When we delete personal information that we control at the end of its retention, we use measures designed to render it unreadable or unrecoverable (secure deletion or de-identification), consistent with N.C.G.S. §75-64. As described above, third-party providers retain and dispose of data under their own policies and retention schedules.

13.3 Verification and timing

We take steps to verify the identity and authority of the person making a request before acting. For account owners, we verify through the authenticated account; for others, we verify by reasonably matching the details in the request to information we already hold (we do not collect additional sensitive information solely to verify a request). We respond within the timeframes required by applicable law — generally 45 days under the CCPA and comparable U.S. state laws (extendable by an additional 45 days where reasonably necessary, with notice), and one month under the GDPR/UK-GDPR (extendable by two further months for complex or numerous requests, with notice).

14. California privacy rights (CCPA / CPRA)

This Section applies to California residents.

14.1 Notice at collection

We collect the categories of personal information described in Section 4, from the sources described in Section 5, for the purposes described in Section 6. We retain personal information for the periods described in Section 12 (by category).

14.2 Categories collected, disclosed, "sold," or "shared"

  • Categories collected: identifiers and contact information; account/authentication data; commercial/billing information (Stripe identifiers/status); internet/network activity (telemetry, website analytics); geolocation (location/proximity); and, in the application, sensitive information (Section 4.2).
  • Categories disclosed for a business purpose: the above categories may be disclosed to the service providers in Section 8 to operate the service.
  • Categories "sold" or "shared": we have not sold or shared personal information in the preceding 12 months. Once our public marketing and blog website with advertising/analytics is live, the only category that will be treated as "sold"/"shared" is website-visitor internet/network activity and advertising identifiers, disclosed to Google for cross-context behavioral advertising (Section 9). We do not sell or share application, church, member, or pastoral data, and we do not sell or share sensitive personal information.
  • Sensitive personal information: we do not use or disclose sensitive personal information for purposes that would trigger the right to limit its use; see Sections 4.2 and 9.2.

14.3 Your California rights

Subject to the law and to verification, you have the right to: know/access the personal information we collect and how we use it; delete personal information; correct inaccurate personal information; opt out of the sale or sharing of personal information; limit the use of sensitive personal information; and not be discriminated against for exercising your rights.

14.4 How to exercise California rights

  • "Do Not Sell or Share My Personal Information" — available on our website (Section 9.2).
  • "Limit the Use of My Sensitive Personal Information" — this right is not triggered by our website activity, and we do not offer a separate mechanism for it (see Section 9.2).
  • Know / access, delete, correct — contact support@flockconnect.com or use the self-serve export (Section 13.1).
  • Authorized agents. You may use an authorized agent to submit a request on your behalf. We require written authorization signed by you, and we may require you to verify your own identity directly with us and to confirm that you authorized the agent to act for you.

We honor recognized opt-out preference signals (such as Global Privacy Control) as required by law (Section 9.4).

15. GDPR / UK GDPR rights (EEA and UK)

This Section applies to individuals in the European Economic Area and the United Kingdom.

15.1 Controller and processor roles

For website-visitor, account, billing, marketing, and support data, FlockConnect is the controller (Section 2.2). For church-controlled application data, FlockConnect is a processor acting on the church's instructions; the church is the controller (Section 2.1).

15.2 Lawful bases

We rely on: consent (for advertising/analytics cookies and where otherwise required); legitimate interests (e.g., securing, supporting, and improving the service); performance of a contract (providing the service, billing, demos); and compliance with a legal obligation. (See the basis mapping in Section 6.)

15.3 Your rights

Subject to the law, you have the right to: access; rectification; erasure; restriction of processing; data portability; object to processing (including processing based on legitimate interests, and direct-marketing processing); withdraw consent at any time (without affecting prior lawful processing); not be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects; and lodge a complaint with a supervisory authority. FlockConnect does not make decisions about you based solely on automated processing — Collie's AI features are assistive and require human review before any meaningful action (Section 7). To exercise these rights, contact support@flockconnect.com. For application data the church controls, we may route your request to the relevant church.

15.4 International transfers

Information may be processed in the United States and other countries where we and our service providers operate. Where required, we rely on appropriate transfer mechanisms — the European Commission's Standard Contractual Clauses (SCCs) for EEA transfers and the UK International Data Transfer Addendum / IDTA for UK transfers. FlockConnect does not currently target the EEA or UK market or monitor individuals there, and has not appointed an Article 27 (EU) or section 27 (UK Data Protection Act 2018) representative; if our processing changes such that one is required, we will appoint and name a representative here. UK users may lodge a complaint with the Information Commissioner's Office (ICO); for UK transfers we rely on the UK IDTA and may rely on the UK Extension to the EU–U.S. Data Privacy Framework where available.

16. CalOPPA (California Online Privacy Protection Act)

  • This Privacy Policy is (or, once our public website is live, will be) conspicuously posted on our website.
  • The categories of personally identifiable information we collect are described in Section 4, and the third parties with whom information may be shared are described in Sections 8–10.
  • Changes to this Policy are handled as described in Section 23, including how we post updates and the effective date.
  • Our response to "Do Not Track" signals is described in Section 9.4.

17. Other U.S. state privacy rights

If you are a resident of a U.S. state with a comprehensive consumer-privacy law — for example, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, and Rhode Island (and other states as such laws take effect) — you may have rights similar to those described above, such as the rights to access, correct, delete, obtain a copy of, and opt out of targeted advertising, the sale of personal data, and certain profiling. In these states, sensitive data (which can include religious or health-related information) is generally processed only with opt-in consent, which the church (as controller) is responsible for obtaining (see Section 4.2). Some states (for example, Maryland) impose stricter data-minimization and sensitive-data limits, which we honor where they apply.

To exercise any such right, contact support@flockconnect.com, and we will respond consistent with the law that applies to you. If we deny your request and the applicable state law provides a right to appeal, you may appeal by contacting support@flockconnect.com; we will respond to the appeal within the period the law allows (generally up to 60 days) with a written explanation, and if we deny the appeal you may contact your state Attorney General.

18. North Carolina and governing law

This Privacy Policy and any dispute relating to it are governed by the laws of the State of North Carolina, USA, and the exclusive venue for disputes is the state and federal courts located in North Carolina. Disputes are resolved by litigation in those courts (not arbitration), subject to the class/representative-action waiver set out in the Terms of Service (Section 1.6). The limitation of liability applicable to such disputes is set out in the Terms of Service (Section 17).

North Carolina does not have a comprehensive consumer-privacy statute. In the event of a security breach affecting personal information, we will provide notification without unreasonable delay, consistent with applicable law, including the North Carolina Identity Theft Protection Act (N.C.G.S. §75-60 et seq.) and any other applicable state breach-notification laws. Where FlockConnect acts as a processor for a church's data, we will notify the affected church without undue delay after confirming a breach so the church can meet its own notification obligations as the controller.

19. Children and minors

FlockConnect takes a conservative approach to minors:

  • Account users must be 18 or older. We do not knowingly create accounts for anyone under 18.
  • We do not offer child-directed services or content.
  • Records about children or minors may exist only as church-provided data — that is, information a church chooses to maintain about its people. FlockConnect handles such data as a processor on the church's behalf, and the church is responsible for the authority and permissions needed to provide it.
  • We do not run personalized advertising directed to children (Section 9.5).
  • We do not knowingly collect personal information directly from children under 13. Any data about minors exists only as church-provided data that the church controls and is responsible for, and FlockConnect processes it on the church's behalf.
  • Consistent with the federal Children's Online Privacy Protection Act (COPPA), including its 2026 amendments: any minor data is not retained indefinitely; the church is responsible for obtaining any required verifiable parental consent (including any separate consent needed to share a child's data with a third party); and FlockConnect supports parental review and deletion requests routed through the church.
  • For clarity, a transfer of data to a successor or acquirer as part of a business transfer (Section 10) is not the kind of third-party sharing that requires separate parental consent, except where non-waivable law requires otherwise.

20. Security

We take security seriously and apply a layered approach, including:

  • authentication with role-based access controls and multi-factor authentication for sensitive roles;
  • access scoping so that data is segregated by church workspace, with token-scoped secure links for members rather than member accounts;
  • privacy-protective configuration of analytics tooling (PostHog privacy-locked, masked, with session replay not enabled by default);
  • privacy-protective configuration of error monitoring (Sentry is configured to remove personal information before it is sent, with personal-data collection off by default);
  • exclusion of credentials and secrets from data exports;
  • short-lived (15-minute) signed links for exports and downloads;
  • a boundary that keeps production customer, member, pastoral, and secret data out of source-control/CI (GitHub);
  • audit and security logging retained for security and legal-defense purposes.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. We do not claim any specific security certification or compliance status.

21. International users and other regions

FlockConnect is operated from the United States, and information is processed in the United States and in other countries where our service providers operate (Section 15.4). This Privacy Policy is provided in English only, and the English version governs.

Global baseline. We apply the privacy commitments in this Policy as our baseline for all users, and we honor the core rights of access, correction, and deletion regardless of where you live. The regional notes below add jurisdiction-specific detail; where your local law gives you greater or additional rights, those rights apply.

Canada (PIPEDA) and Quebec (Law 25). For Canadian users, our Privacy Officer is accountable for our handling of personal information and can be reached at support@flockconnect.com (attn: Privacy Officer). Your personal information is processed in the United States and may be accessible to U.S. authorities under U.S. law. You may request access to and correction of your personal information. For Quebec residents, we honor the additional rights under Law 25, including transparency about any automated decision-making.

Brazil (LGPD). If Brazil's LGPD applies to you, the rights in this Policy (access, correction, deletion, portability, information about sharing, and withdrawal of consent) apply, our legal bases are described in Section 6, and the ANPD is the supervisory authority. FlockConnect does not currently target the Brazilian market; if it does, we will designate and publish an encarregado (data-protection officer) contact.

Australia (Privacy Act / APPs). If the Australian Privacy Principles apply to you, you may access and correct your personal information and complain to the Office of the Australian Information Commissioner (OAIC). Your personal information may be disclosed to overseas recipients (including in the United States and any other country where our sub-processors operate).

Switzerland (revised FADP). For Swiss users, we treat personal data to GDPR-level standards; the Federal Data Protection and Information Commissioner (FDPIC) is the supervisory authority, and we may rely on the Swiss–U.S. Data Privacy Framework for transfers. We have not appointed a Swiss representative unless and until our Swiss processing reaches a level that requires one.

Individuals in any region not specifically named may exercise the rights in this Policy by contacting support@flockconnect.com, and we will respond consistent with the law that applies to you.

22. Contact us

For privacy questions, requests, or security matters, contact:

FlockConnect LLC 4030 Wake Forest Road, STE 349 Raleigh, NC 27609, USA support@flockconnect.com

support@flockconnect.com is our privacy contact, and our Privacy Officer (accountable for personal-information handling, including for purposes of Quebec's Law 25) can be reached at the same address (attn: Privacy Officer). We have not appointed a GDPR Data Protection Officer or an EEA/UK representative, because our processing does not currently meet the thresholds that require one (we act primarily as a processor; the churches are the controllers of member data). We will appoint and name one here if our processing changes to require it.

23. Effective date, updates, and how we notify you of changes

  • Effective date: June 4, 2026.
  • Last updated: June 4, 2026.
  • How we notify you of changes: We may update this Privacy Policy from time to time. When we make changes, we will revise the "Last updated" date and post the updated Policy conspicuously on our website. For material changes, we will provide additional notice — by in-application notice and email to account owners — at least 14 days before the change takes effect, where practicable. Your continued use of FlockConnect after an update takes effect constitutes acceptance of the updated Policy to the extent permitted by law. Where a change to dispute resolution or the limitation of liability requires affirmative acceptance under applicable law, we will seek it.

Adopted by FlockConnect LLC, effective June 4, 2026.