SundaySyncSundaySync← Back to home
Legal & Policies

Privacy Policy

We collect what we need to make SundaySync work for your team — and nothing more. Here's exactly what that means.

Last updated: January 1, 2026
On this page

Plain-English overview

SundaySync is a tool you use to run church services and coordinate volunteers. To do that, we store the things you give us — names, schedules, conversations, files — and use them only for what they were intended for. We do not sell your personal information. Ever.

If you ever want to leave SundaySync, you can delete your account from Settings → Danger Zone.

What we collect

Account information

  • Your name and email address.
  • A securely-hashed version of your password (we never store the raw password).
  • The name and basic details of your church or workspace.
  • Your role and ministry within that workspace.

Scheduling & ministry data

  • Events, services, setlists, songs, call times, recurring schedules.
  • Volunteer availability, block-out dates, preferences, and frequency limits.
  • Assignment history and acceptance/decline responses.

Communication & files

  • Messages you send in chat, polls, announcements, and direct messages.
  • Files, images, lyrics, and attachments you upload.
  • Reactions, mentions, and pinned items.

Notifications

  • Browser/web-push subscriptions (if you enable them).
  • Your notification preferences per channel and per category.

Operational & security data

  • Login timestamps, IP addresses, and basic device/browser info for security and abuse-prevention.
  • Anonymized usage analytics that help us understand which features are useful.
  • Records of your acceptance of these Terms and Privacy Policy (timestamp + version).

How we use it

  • To deliver the SundaySync service — show your schedule, route messages, send the right notifications.
  • To send transactional emails (signup verification, password resets, call-time reminders, billing receipts).
  • To keep your workspace secure (detect unusual sign-ins, rate-limit abuse).
  • To improve the platform — aggregated, non-identifying metrics inform our roadmap.
  • To respond when you contact support.

We do not use your data to train third-party AI models, and we do not sell, rent, or monetize personal information.

Sharing & integrations

SundaySync uses a small number of trusted providers to operate the platform. Each one only sees what they need to do their job:

  • Stripe — handles all payments. Card details go directly to Stripe and never touch SundaySync servers.
  • Resend — sends our transactional emails (verification, password reset, call-time reminders, billing).
  • Web Push (browser providers) — deliver push notifications to your device. We send only an encrypted payload — the browser provider does not see the message contents.
  • Deezer — powers song search and 30-second previews. We send your search queries to Deezer; we do not share who you are.
  • Spotify — planned future integration. The same principle will apply.
  • Cloud infrastructure — we use industry-standard hosting, databases, and object storage to run SundaySync. Your data is encrypted in transit, and access is logged.

We do not share your data with advertisers. We may share aggregated, de-identified data publicly to talk about how churches use SundaySync.

If we’re ever legally compelled to share data (e.g. a valid court order), we’ll do our best to limit what’s shared and to notify you when permitted.

Cookies & local storage

We use cookies and browser local storage to:

  • Keep you signed in (a secure, HTTP-only session cookie).
  • Remember small preferences (e.g. ambient background, last viewed event).
  • Power features like ambient music and the in-app tutorial system.

SundaySync does not run third-party advertising trackers. We do not place cookies for ad-targeting purposes.

Push notifications

Push notifications are opt-in. SundaySync never prompts you for notification permission automatically — you have to tap Enable in Settings → Phone Notifications. You can turn them off at any time from the same place, from your browser settings, or from your phone’s notification settings.

When push is enabled, your browser gives SundaySync an opaque endpoint token. We use this only to send the notifications you’ve subscribed to.

Data retention

We keep your data as long as you have an active account, and for a short additional period afterward so that backups can age out and we can comply with legal/tax obligations (typically up to 30 days for normal data, longer for billing records).

Some workspace history (e.g. who was scheduled on a service four years ago) may remain in your church’s workspace even if individual user accounts are deleted, because that history belongs to the church, not the individual.

Your rights & controls

  • Access — You can see most of your data directly inside SundaySync. Email us if you’d like an export.
  • Correction — Update your name, email, and preferences from Settings.
  • Deletion — Permanently delete your account from Settings → Danger Zone (see Delete Account).
  • Notifications — Manage in Settings → Phone Notifications and per-category toggles.
  • Object / restrict — If you’re in a region with stronger privacy rights (e.g. EEA/UK), you can ask us to limit or stop certain processing by emailing [email protected].

Security

We take security seriously. Highlights:

  • All traffic is encrypted in transit (HTTPS).
  • Passwords are hashed with industry-standard algorithms — we cannot see them.
  • Sessions use secure, HTTP-only cookies.
  • We rate-limit and lock out repeated failed logins.
  • Workspace data is isolated — no church can see another church’s information.
  • Admin actions are audit-logged.

No system is perfect. If you believe you’ve found a security issue, please email [email protected] with details — we’ll respond quickly.

Children’s privacy

SundaySync is intended for users 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child has shared personal data with us, please contact [email protected] and we’ll delete it.

If your church uses SundaySync to manage check-ins or records that include minors, you’re responsible for collecting any consents required by local law.

Changes to this policy

If we make meaningful changes to this Privacy Policy, we’ll update the date at the top, post the revised version here, and where appropriate notify you in-app or by email.

Contact us

Questions about your data or this policy? Email [email protected].