Privacy Policy

Last Updated: March 28, 2026

1. Introduction

Acts2Track ("we," "our," or "us") is committed to protecting the privacy of churches and their members who use our care ministry management software. This Privacy Policy explains how we collect, use, store, and protect your information.

We understand that churches entrust us with sensitive information about their care recipients—widows, homebound members, and those receiving benevolence assistance. We take this responsibility seriously and have designed our practices to protect this data.

Our commitment: Your church owns your data. We will never sell your information to third parties. We only use your data to provide and improve our service.

2. Information We Collect

Church Information

When your church signs up, we collect:

  • Church name and address
  • Primary contact information
  • Billing information (processed securely by Stripe)
  • Ministry type preferences and settings

User Account Information

For each user (staff and volunteers), we collect:

  • Name and email address
  • Role within the ministry (Pastor, Leader, Servant)
  • Team assignments
  • Notification preferences

Care Recipient Information

For individuals your church serves, you may enter:

  • Names and contact information
  • Home addresses
  • Photos (optional)
  • Important dates (birthdays, anniversaries of loss)
  • Ministry type (widow care, homebound, benevolence)
  • Care notes and visit history

Visit and Activity Data

When your team logs visits and activities, we store:

  • Visit dates and types
  • Visit notes and observations
  • Escalation flags and pastoral attention requests

Financial Records

For benevolence tracking, you may record:

  • Assistance amounts and purposes
  • Approval information
  • Category classifications

AI Briefing Data

When you use our AI-powered Pre-Visit Briefings feature, we send contextual information about the care recipient to our AI provider (Anthropic Claude) to generate personalized briefings. This includes:

  • Recipient name and ministry type
  • Recent visit history and notes
  • Upcoming important dates

AI-generated briefings are cached temporarily to improve performance. See our Third-Party Services section for more details about Anthropic's data handling.

Usage Analytics

We collect anonymized analytics data about how you use our website and application, including page views and feature usage. This data is aggregated and cannot identify individual users.

3. How We Use Your Information

We use your information solely to:

  • Provide the Service: Enable visit tracking, team coordination, and care ministry management
  • Generate AI Briefings: Create personalized pre-visit briefings to help your team prepare
  • Send Notifications: Deliver email reminders, weekly digests, and important alerts
  • Process Payments: Handle subscription billing through Stripe
  • Improve the Service: Analyze usage patterns to make Acts2Track better
  • Provide Support: Help troubleshoot issues and answer questions

We will NEVER:

  • Sell your data to third parties
  • Use your data for advertising
  • Share identifiable information without your consent

4. Third-Party Services

We use trusted third-party services to operate Acts2Track. Each has been selected for their strong privacy and security practices:

Service Purpose Data Shared
Vercel Hosting & edge functions Application requests, IP addresses
Supabase Database & authentication All application data (encrypted)
Resend Transactional email Email addresses, notification content
Anthropic (Claude API) AI briefing generation Recipient context for briefings
Stripe Payment processing Billing email, payment method
Google Analytics Website analytics Anonymized page views, usage patterns

About AI Briefings (Anthropic Claude)

Our AI briefings are powered by Anthropic's Claude API. When generating a briefing:

  • We send only the context needed to create a helpful briefing
  • Anthropic does not use this data to train their models (per their API terms)
  • Data is transmitted securely and not stored by Anthropic after processing
  • You can disable AI briefings in your church settings at any time

5. Data Security

We implement comprehensive security measures to protect your data:

Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
  • At Rest: Database data is encrypted at rest using AES-256 encryption (via Supabase)

Access Controls

  • Multi-Tenant Isolation: Each church's data is completely separated from other churches
  • Role-Based Access: Users only see data appropriate to their role (Pastor, Leader, Servant)
  • Secure Authentication: Password hashing, session management, and optional two-factor authentication

Monitoring

  • Audit Logging: We maintain logs of significant actions for security review
  • Error Monitoring: We use Sentry to detect and fix issues quickly

6. Data Retention

Active Accounts

While your subscription is active, we retain all your data to provide the service. You can delete individual records (recipients, visits, etc.) at any time through the application.

After Cancellation

  • Your data is retained for 30 days after subscription cancellation
  • During this period, you can export your data or reactivate your subscription
  • After 30 days, all church data is permanently deleted from our systems

Data Export

You can export your data at any time in standard formats (CSV, JSON) through your account settings. We recommend exporting your data before canceling your subscription.

7. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of all data we hold about your church
  • Correction: Update or correct any inaccurate information
  • Deletion: Request deletion of your account and all associated data
  • Export: Download your data in standard formats at any time
  • Restrict Processing: Request that we limit how we use your data

To exercise any of these rights, contact us at support@acts2track.com. We will respond to your request within 30 days.

8. Children's Privacy

Acts2Track is designed for church administrators and care ministry volunteers—not for use by children. We do not knowingly collect personal information from children under 13 years of age.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at support@acts2track.com, and we will delete that information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes:

  • We will update the "Last Updated" date at the top of this page
  • For material changes, we will notify you by email at least 30 days before they take effect
  • Continued use of Acts2Track after changes take effect constitutes acceptance of the updated policy

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: support@acts2track.com