AntiochCFM
AntiochCFM Back

Privacy Policy

Last updated: May 16, 2026

Antioch Church Financial Management, LLC ("AntiochCFM," "we," "us," or "our") is committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you use the AntiochCFM platform and related services (the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password, church name, and role when you create an account.
  • Church Member Data: Names, contact information, addresses, membership status, join dates, and notes that you enter for your church members.
  • Financial Data: Donation records, expense records, budget entries, fund categories, payment methods, and amounts you input into the Service.
  • Payment Information: When you subscribe to a paid plan or configure online giving, payment details are collected and processed by Stripe, Inc. ("Stripe"), our third-party payment processor. We do not store your full credit card numbers on our servers.
  • Communications: Information you provide when you contact us, submit an idea, or use the contact form.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps, clicks, and session duration.
  • Device Information: Browser type, operating system, device type, IP address, and screen resolution.
  • Cookies and Analytics: We use Google Analytics (Measurement ID: G-Y48C7YMBZY) to understand how users interact with the Service. Google Analytics collects anonymized usage data. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

1.3 Information from Third Parties

  • Google Sign-In: If you sign in using Google SSO, we receive your name, email address, and profile picture from Google. We do not access your Google contacts, calendar, or other Google services.
  • Stripe: We receive transaction confirmations, subscription status updates, and payment failure notifications from Stripe via webhooks.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process transactions and manage your subscription
  • Send transactional emails (welcome messages, payment confirmations, trial reminders)
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to improve features and user experience
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell, rent, or trade your personal information or your church member data to any third party.

3. How We Share Your Information

We share personal information only in the following circumstances:

  • Service Providers: We use third-party service providers to operate the Service, including:
    • Stripe — Payment processing and subscription management
    • Google Analytics — Anonymous usage analytics
    • Cloud hosting providers — Data storage and application hosting
    These providers are contractually obligated to protect your data and use it only as directed by us.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or government request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • With Your Consent: We may share information with your explicit consent for purposes you authorize.

4. Data Security

We implement industry-standard security measures to protect your information, including:

  • SSL/TLS encryption for all data in transit
  • Encrypted database storage
  • Role-based access controls
  • Regular security monitoring and updates
  • Secure authentication with hashed passwords (bcrypt)
  • Multi-tenant data isolation — each church's data is logically separated and inaccessible to other organizations

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Active Accounts: We retain your data for as long as your account is active and as needed to provide the Service.
  • Canceled Accounts: After account cancellation, we retain your data for 30 days to allow for reactivation or data export requests. After 30 days, your data is permanently deleted.
  • Legal Obligations: We may retain certain records longer if required by law (e.g., financial transaction records for tax or audit purposes).

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data, subject to legal retention requirements.
  • Data Portability: Request your data in a structured, commonly used format.
  • Opt-Out: Opt out of non-essential communications at any time via the unsubscribe link in our emails.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information — we do not sell personal information
  • The right to non-discrimination for exercising your privacy rights

8. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will promptly delete that information.

Church administrators who input data about minors (e.g., in membership records) are responsible for obtaining appropriate parental or guardian consent and for the lawful handling of that data.

9. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics Cookies: Google Analytics cookies to understand usage patterns. You can opt out using the Google Analytics opt-out tool.

We do not use advertising or targeting cookies.

10. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: