SmallGroupsHQ

1. Introduction

SmallGroupsHQ ("we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SmallGroupsHQ platform, including the web application at smallgroupshq.com and the SmallGroups mobile application (collectively, the "Service").

By using the Service, you consent to the practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, phone number, and profile details you provide when creating an account.
Organization Information: Church or organization name, branding assets, and configuration settings provided by administrators.
Payment Information: Billing details and payment method information processed through our third-party payment processor (Stripe). We do not store full credit card numbers on our servers.
Content: Messages, group information, attendance records, and other content you create or share through the Service.

2.2 Information Collected Automatically

Usage Data: Pages viewed, features used, actions taken, timestamps, and session duration.
Device Information: Device type, operating system, browser type, and screen resolution.
Log Data: IP addresses, access times, and referring URLs.

3. How We Use Your Information

We use collected information to:

Provide, maintain, and improve the Service
Process subscriptions and payments
Send transactional communications (account verification, notifications, updates)
Provide customer support
Analyze usage patterns to improve features and user experience
Detect, prevent, and address security issues or abuse
Comply with legal obligations

4. Multi-Tenant Data Isolation

SmallGroupsHQ operates as a multi-tenant platform. Each church or organization's data is logically separated and isolated from other organizations. Members of one organization cannot access data belonging to another organization unless they are explicitly granted membership in both.

User profiles are global — a user with accounts at multiple churches shares a single identity but has separate memberships, roles, and privacy settings per organization.

5. Privacy Controls for Members

SmallGroupsHQ provides granular privacy controls for individual members:

Contact Sharing: Members can choose who can see their contact information (everyone, leaders only, or no one).
Direct Messages: Members can control who can send them direct messages.
Roster Visibility: Members can choose whether to appear in group rosters visible to other members.
Per-Group Settings: Privacy preferences can be customized on a per-group basis.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Within Your Organization: Your information may be visible to administrators and leaders within your organization, subject to your privacy settings and their roles.
Service Providers: We share data with third-party vendors who help us operate the Service (e.g., Stripe for payments, cloud hosting providers). These vendors are bound by confidentiality agreements.
Legal Requirements: We may disclose information if required by law, regulation, or legal process.
Safety: We may disclose information when we believe it is necessary to protect the safety of our users or the public.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Organization data is retained for the duration of the organization's subscription plus 90 days. After account or organization deletion, data is permanently removed within 90 days, except where retention is required by law.

Messages and content that have been deleted by users may persist in backups for up to 30 days before being permanently removed.

8. Data Security

We implement industry-standard security measures to protect your data, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Row-level security (RLS) policies enforcing multi-tenant data isolation at the database level
Regular security audits and vulnerability assessments
Access controls limiting employee access to production data on a need-to-know basis

9. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

For minors between 13 and 18, parental or guardian consent should be obtained by the organization before adding them to the platform.

10. Your Rights

Depending on your location, you may have the right to:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate information.
Deletion: Request deletion of your account and associated data.
Portability: Request an export of your data in a machine-readable format.
Opt-Out: Opt out of non-essential communications.

11. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We may use analytics tools to understand how the Service is used. You can manage cookie preferences through your browser settings.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: privacy@smallgroupshq.com
Mail: SmallGroupsHQ, Austin, TX