Privacy Policy

How we collect, use, and protect your data.

Last updated: April 25, 2026

ShommyX Technologies Inc. ("ShommyX," "we," "us," or "our") operates the ShommyX Church platform, including the website at shommyxchurch.com and the ShommyX Church mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

When you create an account, join a church, or use our features, you may provide:

  • Account information: name, email address, password
  • Profile information: phone number, birth month and day, marital status, address, profile photo
  • Church membership data: church affiliation, department memberships, assigned roles and titles
  • Communication content: messages sent through chat, announcements, documents, sermon notes, and prayer requests
  • Event participation: RSVP responses, check-in records, attendance data
  • Media uploads: photos uploaded to galleries or chat
  • Children's information: names, ages, and guardian details for kids check-in services (provided by parents or guardians)
  • Dating profile: if you opt in to Believers Dating, preferences and profile information you choose to share
  • Payment information: processed securely through Stripe or Paystack — we do not store your credit card numbers

1.2 Information Collected Automatically

When you use the Service, we may automatically collect:

  • Device information: device type, operating system, browser type, and unique device identifiers
  • Usage data: pages visited, features used, timestamps, and interaction patterns
  • Push notification tokens: device tokens used to deliver push notifications (Firebase Cloud Messaging)
  • Log data: IP address, request URLs, response times, and error logs for service reliability

1.3 Information from Third Parties

Church administrators may add your information to the platform when registering you as a member. We may also receive information from payment processors (Stripe, Paystack) regarding transaction status.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: manage your account, church memberships, event participation, and communications
  • Facilitate communication: deliver announcements, chat messages, documents, and notifications within your church community
  • Enable church operations: support attendance tracking, member directories, department management, and reporting
  • Send notifications: deliver push notifications, email alerts, and in-app notifications about church activities
  • Process payments: manage subscriptions and billing for church plans
  • Improve the Service: analyze usage patterns, fix bugs, and develop new features
  • Ensure security: detect and prevent fraud, abuse, and unauthorized access
  • Provide customer support: respond to your inquiries and resolve issues

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following lawful bases:

  • Performance of a contract: to provide and operate the Service you requested
  • Consent: where you have explicitly provided consent (e.g., optional features such as dating)
  • Legitimate interests: to improve the Service, ensure security, prevent fraud, and maintain system integrity
  • Legal obligations: where processing is required to comply with applicable laws

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Within your church: Your profile information, department memberships, and attendance records are visible to church administrators and, where applicable, other church members according to your church's privacy settings
  • Believers Dating: If you opt in, your dating profile is visible only to other eligible, verified church members within the dating feature
  • Service providers (sub-processors): We use the following third-party services to operate the platform. Each is bound by industry-standard data processing terms and processes your data only on our instructions:
    • Fly.io (United States) — application hosting for the API and web servers
    • Neon (United States) — managed Postgres database hosting
    • Cloudflare R2 (global edge, primarily United States) — object storage for uploaded files, photos, and documents
    • Cloudflare (global edge) — CDN, DNS, and edge security
    • Upstash (United States) — managed Redis for caching and real-time messaging
    • Resend (United States) — transactional email delivery
    • Firebase Cloud Messaging by Google (United States) — push notification delivery to your device
    • Stripe (United States and globally) — subscription billing and donation processing
    • Paystack (Nigeria) — donation processing for churches in Nigeria, Ghana, Kenya, and South Africa
    • Sentry (United States) — application error monitoring and reliability tracking
    • GitHub Actions (United States) — automated daily database backups stored in our R2 bucket

    We do not authorize these sub-processors to use your data for their own purposes (such as advertising, profiling, or training models). When we add or replace a sub-processor, we will update this list.

  • Legal requirements: We may disclose your information if required by law, court order, or governmental regulation
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity

4. Data Storage and Security

  • Hosting: Application servers run on Fly.io and the database runs on Neon Postgres, both in United States data centers. Uploaded files are stored in Cloudflare R2.
  • Encryption: All data is transmitted over HTTPS/TLS. Database connections use TLS. Passwords are protected using industry-leading one-way encryption.
  • Access control: Role-based permissions ensure only authorized users can access sensitive data
  • Multi-tenant isolation: Each church's data is logically isolated — one church cannot access another church's data
  • Backups: Daily automated logical backups of the database are written to encrypted Cloudflare R2 storage. We test restores at least monthly.
  • Security headers: We implement HSTS, CSP, X-Frame-Options, and other security headers to protect against common web vulnerabilities

While we implement commercially reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention

  • Account data: Retained for as long as your account is active. You may request deletion at any time.
  • Church membership data: Retained while you are a member of the church. Church administrators may remove your membership.
  • Communication content: Chat messages, documents, and notes are retained until deleted by the user or church administrator.
  • Attendance records: Retained according to your church's configured retention policy.
  • Share links: Automatically deleted 7 days after expiry.
  • Audit logs: Retained for up to 365 days for security and compliance purposes.

6. Your Rights and Choices

You have the right to:

  • Access your data: View your profile and personal information through your account settings
  • Update your data: Edit your profile, preferences, and notification settings at any time
  • Delete your data: Delete your account directly from your account settings, or contact [email protected]
  • Export your data: Download a structured copy of your personal data (including profile, messages, activity, and related records) in a commonly used format (such as JSON) from your account settings at any time
  • Opt out of notifications: Disable specific notification types (announcements, programs, gallery, new members) in your notification preferences
  • Opt out of dating: The Believers Dating feature is opt-in only — you are not enrolled unless you actively create a dating profile
  • Withdraw consent: You may stop using the Service at any time

7. Data Controller and Data Processor

Each church that uses ShommyX Church is the Data Controller — meaning the church determines how and why member data is processed within their church context. ShommyX Technologies Inc. acts as a Data Processor on behalf of churches, processing member data solely to provide the Service.

Church administrators are responsible for how they use member data within their church. ShommyX provides the tools; the church determines the policies for its congregation.

8. Platform Administration and Support Access

Authorized ShommyX personnel may access customer data strictly for the following purposes:

  • Technical support and troubleshooting
  • Bug investigation and resolution
  • Security monitoring and incident response
  • System maintenance and performance optimization

All such access is:

  • Restricted to authorized personnel only
  • Logged and auditable
  • Limited to the minimum data necessary for the specific task

Personnel are prohibited from accessing customer data for personal, unauthorized, or unrelated purposes. Where appropriate, access may occur in response to a support request initiated by a church or user. ShommyX implements internal controls and monitoring to prevent misuse of administrative access.

9. Church Administrator Visibility

Church administrators may view and manage the following data for members of their church:

  • Member profiles (name, contact information, role, departments, status)
  • Attendance and check-in records
  • Kids check-in records (for child safety purposes)
  • Financial records (offerings and tithes recorded during programs)
  • Certain communications (church-wide announcements, department announcements)

Private communications between members (direct messages, dating conversations) are not accessible to church administrators unless required for moderation of reported content.

Church administrators are responsible for managing access to member data within their organization and for complying with applicable privacy laws.

10. Prayer Requests

Prayer requests submitted through the platform may contain sensitive personal information. Prayer requests may be visible to church administrators and authorized church leaders. Anonymous prayer requests hide your identity from other members but may still be accessible to church administrators for moderation purposes.

11. Believers Dating Feature

The Believers Dating feature is entirely opt-in. If you choose to create a dating profile, you may provide:

  • Relationship preferences, faith background, and lifestyle information
  • Profile photos (which may be analyzed for quality assurance purposes)
  • Location information (city, state/province, country)
  • Occupation, education level, and ethnicity

Your dating profile is only visible to other eligible, verified members within the dating feature. Dating conversations are private between matched members. You may deactivate or delete your dating profile at any time.

12. Messaging and Communication Content

Messages sent through department chat, direct messaging, and dating conversations are stored to provide the Service. Message content may include personal, pastoral, or counseling information. ShommyX does not read or monitor private messages except when:

  • Required for technical support (with your knowledge)
  • Investigating a reported safety concern or terms violation
  • Required by law enforcement with valid legal process

13. IP Address Logging

We log IP addresses for security and fraud prevention purposes. IP address logs are retained for up to 365 days and are used solely for detecting unauthorized access, preventing brute-force attacks, and investigating security incidents.

14. Emergency Contact and Third-Party Information

When you provide emergency contact information or guardian details for children's check-in, you confirm that you have the permission of the individuals whose information you are providing. This third-party information is used solely for safety and emergency purposes.

15. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent. The kids check-in feature is designed for use by parents, guardians, and authorized church staff — not by children directly.

If you believe a child under 13 has provided us with personal information without parental consent, please contact us at [email protected] and we will promptly delete the information.

The kids check-in feature may collect limited health-related information (such as allergies) provided by parents or guardians. This information is stored solely for the child's safety during church events and is accessible only to authorized church staff.

16. Push Notifications

If you use our mobile application, we may send push notifications to your device about church announcements, events, messages, and other updates. You can disable push notifications at any time through your device settings or within the app.

We use Firebase Cloud Messaging (FCM) by Google to deliver push notifications. Your device token is stored securely and used solely for notification delivery. Invalid tokens are automatically removed.

17. Cookies and Local Storage

We use the following technologies:

  • HTTP-only cookies: Used for secure authentication (access tokens and refresh tokens). These cannot be accessed by JavaScript and are essential for the Service to function.
  • Local storage: Used to store user preferences such as theme settings (light/dark mode). No personal data is stored in local storage.

We do not use third-party tracking cookies or advertising cookies.

18. International Data Transfers

ShommyX Technologies Inc. is incorporated in Canada (Alberta), and our application servers and primary database run in the United States via the sub-processors named in section 3. If you access the Service from outside Canada or the United States — including from Nigeria, Ghana, Kenya, South Africa, the United Kingdom, or any other country — your personal information will be transferred to and processed in those jurisdictions.

For users in Canada, this transfer is disclosed under PIPEDA Principle 4.1.3. For users in Nigeria, this transfer is made under Section 41 of the Nigeria Data Protection Act on the basis of your explicit consent at signup. For users in the European Economic Area, transfers are made under appropriate safeguards including standard contractual clauses where applicable.

Donations from churches in Nigeria, Ghana, Kenya, and South Africa are processed by Paystack within Nigeria. Other payments are processed by Stripe; the country of processing depends on your card-issuing country and Stripe's acquirer routing.

By using the Service, you consent to these international transfers as necessary to provide the Service.

19. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

21. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

22. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at [email protected].

23. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and to object to processing. To exercise your rights, contact us at [email protected].

24. Sensitive Information

Certain features of the Service may involve the collection of sensitive personal information, including but not limited to:

  • Prayer requests or pastoral care information
  • Children's information (such as names, ages, or allergies)
  • Dating profile information (such as relationship preferences, faith background, or personal attributes)

This information is provided voluntarily by users or authorized church administrators. By submitting such information, you acknowledge that:

  • You have chosen to provide this information for use within your church community
  • The information may be visible to authorized church leaders or administrators as described in this Privacy Policy
  • ShommyX processes this data solely to provide the Service and does not use it for advertising or profiling

We encourage users to exercise discretion when sharing sensitive personal information.

© 2026 ShommyX Technologies Inc. All rights reserved.