Privacy Policy

This privacy policy explains what information Kingdom collects, how we use it, and what choices you have. We try to be specific — vague privacy policies are how companies hide bad practices, and we don't want to hide anything.

If you have questions about this policy, email rickhopkins@melodic.dev.

The short version

• We collect the information you give us and the minimum we need to run the service
• We use it to provide Kingdom to you and your church — not to advertise to you or anyone else
• We share data only with service providers who help us run Kingdom (Stripe for payments, Resend for email, Railway for hosting)
• We never sell your data, and we don't use it to train AI models outside features you opt into
• You can export or delete your data at any time

Who this applies to

This policy covers:

• Account holders — the people who sign up for and administer a Kingdom church (pastors, staff, admins)
• Church members — people whose information is recorded in a church's Kingdom workspace (members, visitors, donors)
• Website visitors — people who browse thekingdomnow.com without signing up

Note: if you're a church member and your church uses Kingdom, the church controls your data in Kingdom. We're the processor; they're the controller. Direct data requests to your church admin first. If they can't help, we can.

Information we collect

From account holders (admins, pastors, staff)

• Name, email address, password (hashed — we never see your plaintext password)
• Your church's name, address, and contact info
• Role and permission settings you configure
• Session / login timestamps for security

From church members and donors (entered by the church)

• Contact info: name, email, phone, address, birthday, anniversary
• Household and family relationships
• Group memberships, event attendance, volunteer history
• Donation records: amount, date, fund, payment method, anonymous-gift flag
• Notes the church's staff records (visit notes, follow-up notes, pastoral care notes)

Automatically

• IP address and basic request metadata for security and rate limiting
• Browser type, device type, and operating system to support the product
• Aggregate usage analytics (which features are used, which pages are viewed) — used to improve the product, not to identify individuals

From Stripe (when a church subscribes or processes donations)

• Subscription status, plan, and billing history
• Last four digits of payment card and brand (for display only)
• Donation payment status (succeeded, pending, failed, refunded)

Stripe handles raw card numbers and bank account details. Kingdom never sees or stores them.

How we use information

We use collected information to:

• Provide Kingdom to your church (show you your data, save changes, send email, process donations)
• Authenticate logins and protect accounts from abuse
• Support you when you email us — so we can see what you're seeing
• Send transactional emails: welcome, password reset, invoice receipts, service announcements
• Improve the product — we review aggregated usage patterns to decide what to build next
• Prevent fraud and abuse
• Comply with legal obligations when required

We don't use your data to:

• Advertise to you or anyone else
• Sell it to third parties — ever
• Train AI models (except features you explicitly opt into, like AI-assisted writing, where the scope is clear before you use it)

Who we share information with

We only share data with service providers that help us operate Kingdom:

• Stripe — processes payments and subscriptions. See Stripe's privacy policy.
• Resend — sends transactional email on our behalf. See Resend's privacy policy.
• Railway — hosts the application and database. See Railway's privacy policy.

We may share data if legally required (subpoena, court order, law enforcement with proper authority), or to protect Kingdom and its users from fraud or imminent harm. We'll push back on overbroad requests.

If Kingdom is ever acquired or merged, your data may transfer to the successor entity under these same privacy commitments. You'll be notified if that happens.

How long we keep it

• Active accounts — we keep your data as long as your account is active
• Cancelled accounts — data stays available for 30 days for export, then is permanently deleted
• Transactional logs — kept up to 90 days for security and debugging, then purged
• Financial records — kept 7 years per IRS requirements (donation records, invoices)

Your rights and choices

You can:

• Access your data — it's all visible in the Kingdom app
• Export your data — CSV exports are available for people, donations, and other major tables
• Correct your data — edit it directly in the app
• Delete your data — cancel your account, or email us to delete specific records sooner
• Opt out of non-transactional emails via the unsubscribe link in every email

If you're in a jurisdiction with specific rights (GDPR, CCPA, etc.), those rights apply. Email us and we'll help.

Cookies and tracking

We use the minimum cookies needed to run the service: a session cookie to keep you logged in and a refresh-token cookie to keep you logged in across visits. We don't use third-party advertising or cross-site tracking cookies.

We use privacy-friendly analytics to understand product usage in aggregate — no personal profiles, no fingerprinting, no data sent to advertisers.

Children's privacy

Kingdom is built for adult church administrators, but church data often includes children (members recorded by their parents, kids on attendance rosters, etc.). That data is controlled by the church, not by Kingdom directly. If you're a parent concerned about your child's data in a specific church's Kingdom workspace, contact the church admin first; if they don't respond, contact us.

We don't knowingly collect data directly from children under 13.

Security

We take security seriously. Passwords are hashed with strong algorithms. Data is encrypted in transit (HTTPS) and at rest. We regularly patch dependencies and review our code for vulnerabilities. No system is perfectly secure, but we do the work.

If you discover a security issue, please email rickhopkins@melodic.dev. We'll respond promptly.

International users

Kingdom is operated from the United States and our servers are in the U.S. If you're using Kingdom from outside the U.S., your data is transferred to and processed in the U.S. By using Kingdom, you consent to that transfer.

Changes to this policy

We may update this policy. When we do, we'll update the effective date at the top and — if changes are material — notify you by email and in the app at least 30 days before they take effect.

Contact

Questions? Email rickhopkins@melodic.dev.