AlphaOSAlphaOS
About
Features
PricingDocs
Log inCreate a church
Back to home

Privacy Policy

Updated: 2026-07-14Effective from: 2026-07-14

This Policy explains what personal data AlphaOS (“we”, “the platform”) processes, for what purposes, on what legal bases, and how we protect it. It covers the AlphaOS platform and does not extend to third-party services we may link to.

Who is controller and who is processor

Two roles matter here. For the data a church enters about its people (members, families, finances, etc.), the church is the controller — it decides what to collect and why — and AlphaOS acts as a processor, handling that data only on the church’s instructions and to provide the service. For an account owner’s account data and technical logs, AlphaOS is the controller.

How we collect data

We obtain data in three ways:

  • You give it to us — when you register, set up your church and enter content (people, events, finances, etc.).
  • Collected automatically — the console activity log, request IP address, browser/device type, access time (for security and diagnostics).
  • From third parties — for example, our payment provider confirms your subscription’s payment status.

Categories of data we process

Depending on how a church uses the service, these may include:

  • Account data: email, name, role, a cryptographic hash of the password.
  • Contact data for church people: phone, email, messengers, city/address.
  • Community data: membership and stages, families and relationships, groups, ministries, attendance, prayer requests.
  • Financial data: gifts, campaigns, categories and reports (no full payment-card numbers).
  • Special categories: religious affiliation; at the church’s choice, sensitive notes (e.g. allergies or pastoral notes).
  • Data about minors: within the church’s ministry (children in families, event registrations).
  • Media: photos of people and images you upload or generate.
  • Technical data: activity log, IP addresses, request metadata.

Legal bases for processing

We process data on the basis of:

  • Performance of a contract — to provide and support the service.
  • Legitimate interests — security, preventing abuse, improving the service.
  • Consent — where the law requires it.
  • For special categories (e.g. people’s religious affiliation), the church as controller is responsible for the legal basis and any consent; we process such data only as a processor to provide the service.

How we use data

We use data to:

  • provide, support and improve the service;
  • secure the platform and prevent fraud and abuse;
  • bill and manage subscriptions;
  • communicate with you about the service (important notices, support);
  • comply with legal obligations.
  • We do not sell your data, do not use it for advertising, and do not train any AI models on your church’s content.

AI and automated processing

When you use AI features, the relevant content (e.g. your text or prompt) is sent to AI subprocessors to perform your action, and only to that extent. We do not make automated decisions producing legal or similarly significant effects about people. No models are trained on your church’s content.

Who we disclose data to

We do not sell personal data. We may disclose it only as follows:

  • To subprocessors — vendors that help us provide the service (see below).
  • Publicly — at your direction: if you run a public church site, some data (schedule, ministries, details, events) becomes public — you control this.
  • For legal requests — on a valid request from a court or competent authority under the law.
  • In a business transaction — in a merger or asset transfer, with notice and continued protection.
  • With your consent — in other cases you agree to.

Subprocessors (third parties)

We rely on a small set of trusted providers, sharing only what a given feature needs:

  • Cloudflare — hosting, edge network and database (encrypted at rest).
  • Anthropic (Claude) — AI text generation, only when you use AI features.
  • fal.ai — AI image generation, only on request.
  • bolls.life — Bible texts for the study module.
  • A current list of subprocessors is available on request, and we notify you of material changes.

International data transfers

Some subprocessors (notably AI providers) may process data outside your country, including in the United States. Such transfers happen only to the extent a feature requires and with appropriate safeguards (e.g. Standard Contractual Clauses or an equivalent). If you do not use AI features, no data is sent to AI providers.

Cookies and tracking

We use minimal technologies:

  • Essential cookies only — the login session and your saved interface-language choice.
  • No third-party advertising or analytics trackers.
  • We honor Do Not Track and Global Privacy Control signals where applicable.

Storage and security

We apply technical and organizational measures including:

  • encryption in transit (TLS/HTTPS) and at rest;
  • cryptographic password hashing (PBKDF2);
  • strict data isolation between churches (tenants);
  • role-based access and an activity log;
  • regular backups.
  • No measure guarantees absolute security, so we recommend exporting important data regularly.

Retention

We keep data while your account is active and for as long as needed to provide the service. After a church or specific records are deleted, we delete or anonymize the relevant data within a reasonable period (typically up to 90 days in backups), unless the law requires longer retention.

Children’s data

A church may enter children’s data as part of its ministry. As controller, the church is responsible for obtaining consent from parents or legal guardians as applicable law requires. We process such data only to provide the service and for no other purpose. The platform itself is not intended for independent use by children.

Your rights

Depending on your jurisdiction you have certain rights over your data (see the sections below). For data entered by a church, contact the church as controller first — we will help it fulfil the request as processor. For account-owner data, contact us.

Rights for EEA & UK residents (GDPR)

If GDPR applies to you, you have the right to:

  • access your data and obtain a copy;
  • have inaccurate data corrected;
  • erasure (“the right to be forgotten”), where applicable;
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time;
  • lodge a complaint with a data-protection supervisory authority.

Rights for US & California residents (CCPA/CPRA)

If CCPA/CPRA applies to you, you have the right to:

  • know what personal data we collect and why;
  • request deletion or correction;
  • obtain a portable copy;
  • opt out of “sale” or “sharing” — we do not sell or share data as those laws define it;
  • limit the use of sensitive data;
  • non-discrimination for exercising your rights.

Rights in Ukraine

For data subjects in Ukraine, the Law “On Personal Data Protection” applies: you have the right to be informed about processing, to access your data, to request correction or deletion, and to complain to the Ukrainian Parliament Commissioner for Human Rights.

How to exercise your rights

To exercise your rights or ask a privacy question, email [email protected]. We may ask you to verify your identity before acting, and we respond within the timeframes set by applicable law. If we are required to appoint an EU representative or a data-protection contact, their details are available on request.

Links to third-party sites

The service and church sites may contain links to third-party resources. We do not control their privacy practices — review their policies separately.

Security incidents

In the event of a personal-data breach likely to result in a risk to people’s rights, we will notify the affected churches without undue delay and, where required, the competent supervisory authorities in accordance with the law.

Changes to this Policy

We may update this Policy from time to time. We will announce material changes in the console or by email and update the date above. Continued use of the service means acceptance of the updated Policy.

How to contact us

For privacy questions — [email protected]. We respond to reasonable requests within the timeframes set by applicable law.

AlphaOSAlphaOS

Website, ChMS, AI studio and a QR hub for your church — in one platform.

[email protected]
Product
FeaturesPricingDocs
Company
AboutLog inCreate a church
Legal
PrivacyTerms
© 2026 AlphaOS. The platform for churches.Made with ♥ in Ukraine