Privacy Policy

Last updated: March 31, 2026

This Privacy Policy describes how StoneLink LLC ("StoneLink," "we," "us," or "our") collects, uses, stores, and protects information in connection with ChurchFlo, our AI-powered ministry content platform available at church-flo.com (the "Service").

By using the Service, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

We collect the following categories of information:

1.1 Information You Provide Directly

  • Account Information: Name, email address, and password when you register.
  • Organization Information: Church or ministry name and other details you choose to provide.
  • Sermon Content: Text, audio files, transcriptions, and other content you upload or input to the Service.
  • Generated Content: Ministry resources generated on your behalf and stored within your account.
  • Billing Information: Payment method details submitted through Stripe for subscription management. We do not store full card numbers on our servers.
  • Communications: Messages or inquiries you send to our support team.

1.2 Information Collected Automatically

  • Log Data: IP address, browser type and version, operating system, pages visited, time and date of visits, and other diagnostic data.
  • Usage Data: How you interact with the Service, including features used, content types generated, and session duration.
  • Cookies and Similar Technologies: We use session cookies necessary for authentication and secure operation of the Service. We do not currently use advertising or tracking cookies.

1.3 Information from Third Parties

We may receive limited information from payment processors (e.g., transaction status from Stripe) and email delivery services (e.g., delivery confirmation from SendGrid).

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To process your sermon content and generate the ministry resources you request.
  • Account Management: To create and manage your account, authenticate your identity, and maintain your preferences.
  • Billing: To process payments, manage subscriptions, send invoices, and handle billing inquiries.
  • Customer Support: To respond to your questions, troubleshoot issues, and provide technical assistance.
  • Service Improvement: To monitor usage patterns, identify bugs, and improve the performance and features of the Service.
  • Communications: To send transactional emails such as account confirmations, password resets, billing notifications, and service updates. We do not send unsolicited marketing emails.
  • Legal Compliance: To comply with applicable laws, regulations, and legal obligations.
  • Security: To detect, prevent, and respond to fraud, abuse, or unauthorized access to the Service.

3. Your Sermon Content and AI Processing

We understand that your sermon content is sensitive and central to your ministry. We treat it with care and are transparent about how it is processed:

  • Your sermon content is transmitted to OpenAI solely to generate the ministry resources you request. OpenAI processes this content under their API terms, which prohibit OpenAI from using API-submitted content to train their models.
  • We do not use your sermon content to train, fine-tune, or improve any AI model, including models operated by StoneLink or any third party.
  • We do not share, sell, or disclose your sermon content to any third party except as required to provide the Service (e.g., sending content to OpenAI for processing) or as required by law.
  • We do not claim any ownership rights over your sermon content or Generated Content.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service, subject to appropriate confidentiality obligations:

  • OpenAI — AI content generation (processes sermon content via API)
  • Amazon Web Services (AWS) — Cloud hosting, infrastructure, and storage
  • Stripe — Payment processing and subscription billing
  • SendGrid — Transactional email delivery

4.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of StoneLink, our users, or the public.

4.3 Business Transfers

If StoneLink is involved in a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will provide notice before your personal information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information in other ways if you specifically consent to it.

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit via TLS/HTTPS (enforced by SSL certificates);
  • Encrypted storage for sensitive data at rest;
  • Access controls limiting who can access production systems;
  • Secure third-party payment processing via Stripe (PCI-DSS compliant).

No method of electronic transmission or storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

6. Data Retention

We retain your personal information and account data for as long as your account is active or as necessary to provide the Service to you. Specifically:

  • Account data is retained for the life of your account and for a reasonable period following account closure for backup and legal compliance purposes.
  • Sermon content and Generated Content are retained within your account until you delete them or close your account.
  • Billing records may be retained for up to 7 years as required for tax and accounting compliance.
  • Log and usage data is typically retained for 90 days.

You may request deletion of your data at any time by contacting us (see Section 10). Following a deletion request, we will remove your data within 30 days, subject to legal retention obligations.

7. Cookies

ChurchFlo uses cookies and similar technologies to operate the Service. We currently use:

  • Session Cookies: Required to keep you logged in and to maintain the security of your session. These are deleted when you close your browser.
  • CSRF Tokens: Required for security to prevent cross-site request forgery attacks.

We do not use advertising, marketing, or cross-site tracking cookies. You may configure your browser to refuse cookies, but doing so may prevent you from using certain features of the Service.

8. Children's Privacy

The Service is intended for use by adults (18 years or older) and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected such information, please contact us at feedback@church-flo.com.

9. International Users

ChurchFlo is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to the transfer of your information to the United States and the processing of your information in the United States in accordance with this Privacy Policy.

10. Your Rights and Choices

You have the following rights with respect to your personal information:

  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may update or correct inaccurate information directly in your account settings or by contacting us.
  • Deletion: You may request that we delete your personal information and account. We will honor deletion requests subject to legal retention obligations.
  • Data Portability: You may request an export of your account data and Generated Content in a machine-readable format.
  • Restriction: You may request that we restrict the processing of your personal information in certain circumstances.
  • Opt-Out of Non-Transactional Communications: You may opt out of promotional or marketing communications (if any) by following the unsubscribe instructions in those messages or contacting us directly.

To exercise any of these rights, please contact us at feedback@church-flo.com. We will respond to all valid requests within 30 days. We may need to verify your identity before processing certain requests.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and notify you via email or a prominent notice within the Service prior to the change becoming effective.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

StoneLink LLC

Operating ChurchFlo

Email: feedback@church-flo.com

Website: church-flo.com

We take privacy inquiries seriously and will respond within a reasonable timeframe.