Privacy Policy

1. Introduction

Welcome to Live The Rhythm ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application, website, and related services (collectively, the "Service").

Entity Information: Live The Rhythm is operated by St. Luke's United Methodist Church ("St. Luke's UMC"), with development and technical services provided by Harris D'Ambrosi as an independent developer. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We collect information about you in various ways when you use our Service. The information we collect includes:

2.1 Personal Information

• Account Information: Name, email address, phone number, and profile information you provide when creating an account
• Authentication Data: Credentials and authentication tokens managed through our authentication provider (Clerk)
• User Content: Prayer requests, comments, responses, profile photos, and other content you post or upload to the Service
• Communication Preferences: Your preferences for notifications, SMS messages, and other communications

2.2 Automatically Collected Information

• Device Information: IP address, browser type, operating system, device identifiers, and mobile network information
• Usage Data: Pages visited, features used, time spent on pages, click patterns, and interaction data
• Location Data: General location information derived from IP address (not precise GPS location unless explicitly provided)
• Log Data: Access times, error logs, and system performance data

2.3 Third-Party Information

• Information from social media providers if you choose to sign in using social authentication
• Information from analytics and tracking services (see Section 4 for details)

3. How We Use Your Information

We use the information we collect to:

• Create, maintain, and manage your account
• Provide, operate, and maintain the Service
• Process and deliver prayer requests, comments, and other user-generated content
• Send you push notifications, SMS messages, and email communications (with your consent)
• Enable user-to-user communications and community features
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues, security threats, and fraudulent activity
• Comply with legal obligations and enforce our Terms of Service
• Provide customer support and respond to your inquiries
• Send you administrative information, updates, and service-related communications

4. Third-Party Service Providers and Data Sharing

We use third-party service providers to help us operate the Service and process your information. We share information with these providers only as necessary to provide the Service. These third-party services include:

4.1 Authentication Services

• Clerk: We use Clerk for user authentication and account management. Clerk processes your authentication credentials, email address, and profile information. View Clerk's Privacy Policy

4.2 Data Storage and Infrastructure

• Firebase (Google): We use Firebase Firestore for database storage and Firebase Storage for file storage. Google processes your user data, content, and files stored in our database. View Google's Privacy Policy
• Neon Database: We use Neon (PostgreSQL) for additional data storage. Neon processes database queries and stored data. View Neon's Privacy Policy
• Vercel: We use Vercel for hosting and infrastructure services. Vercel processes server logs and deployment data. View Vercel's Privacy Policy

4.3 Analytics and Tracking

• PostHog: We use PostHog for product analytics, user behavior tracking, and session recording. PostHog processes usage data, events, and user interactions. View PostHog's Privacy Policy
• Google Analytics: We use Google Analytics to analyze website traffic and user behavior. Google processes anonymized usage data and cookies. View Google's Privacy Policy

4.4 Communication Services

• Firebase Cloud Messaging: We use Google Firebase Cloud Messaging (FCM) for push notifications on mobile and web. Google processes device tokens as described in Google's Firebase Privacy and Security information.
• GoHighLevel/FloStack: We use GoHighLevel (FloStack) for SMS messaging and email marketing. GoHighLevel processes phone numbers, email addresses, and message content. View GoHighLevel's Privacy Policy

4.5 AI and Machine Learning Services

• OpenAI/Google Genkit: We use AI services through Google Genkit for certain features. These services may process user content to provide AI-powered functionality. View OpenAI's Privacy Policy

4.6 Other Disclosures

We may also disclose your information:

• Legal Requirements: When required by law, court order, or government regulation, or to respond to legal process
• Protection of Rights: To protect our rights, property, or safety, or that of our users or others
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
• With Your Consent: When you explicitly authorize us to share your information

5. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

5.1 Access and Portability

You have the right to access the personal information we hold about you and to receive a copy of your data in a portable format.

5.2 Correction and Deletion

You may update your account information at any time through your account settings. You may also request deletion of your account and associated data, subject to our data retention policies and legal obligations.

5.3 Opt-Out Rights

• Marketing Communications: You can opt out of marketing emails and SMS messages by replying "STOP" to SMS messages or using unsubscribe links in emails
• Push Notifications: You can disable push notifications through your device settings
• Analytics: Some analytics services may provide opt-out mechanisms; check their respective privacy policies

5.4 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information (we do not sell personal information).

5.5 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, object to processing, and data portability.

To exercise any of these rights, please contact us using the information provided in Section 11.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

Some information may remain in backup systems or logs for a limited period after account deletion. Public content (such as prayer requests or comments) may remain visible to other users even after account deletion, unless specifically removed.

7. Security of Your Information

We implement administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and monitoring
• Employee training on data protection
• Compliance with industry security standards

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

If you are between the ages of 13 and 18, you must have your parent's or guardian's permission to use the Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to these countries.

We ensure that appropriate safeguards are in place for international data transfers, including reliance on adequacy decisions, standard contractual clauses, or other legal mechanisms as required by applicable law.

10. Open Source Software and Third-Party Libraries

The Service uses various open source software libraries and frameworks, including but not limited to:

• React and Next.js: Web application framework (MIT License)
• Radix UI: UI component library (MIT License)
• Framer Motion: Animation library (MIT License)
• Various npm packages: The Service includes numerous open source packages licensed under MIT, Apache 2.0, ISC, and other permissive licenses

A complete list of dependencies and their licenses can be found in our package.json file. These open source components are used in accordance with their respective licenses and do not affect your privacy rights as described in this Privacy Policy.

We acknowledge and are grateful to the open source community for these valuable contributions.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• St. Luke's United Methodist Church
• Website: https://st.lukes.org
• For Privacy Inquiries:
• Email: Please use the contact form on our website or contact the church office
• Technical/Developer Contact:
• Harris D'Ambrosi (Independent Developer)

For requests related to your privacy rights (access, deletion, etc.), please include sufficient information to verify your identity and specify the nature of your request.