Privacy Policy

ChurchWiseAI LTD (“we,” “our,” or “ChurchWiseAI”) is a company incorporated in Ontario, Canada. We build AI-powered tools for churches and ministries, including:

• ChurchWiseAI Voice Agent — an AI phone assistant for churches
• ChurchWiseAI Chatbot — an AI care agent embedded on church websites
• SermonWise AI (sermonwise.ai) — AI sermon outline generation
• PewSearch (pewsearch.com) — a church directory serving the United States and Canada
• IllustrateTheWord (illustratetheword.com) — sermon illustration library for pastors

This Privacy Policy applies to all of these services and any related websites, applications, and communications. As a Canadian company, we are governed primarily by the Personal Information Protection and Electronic Documents Act (PIPEDA). We also comply with applicable US state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Canada's Anti-Spam Legislation (CASL), and the US Children's Online Privacy Protection Act (COPPA).

Our designated Privacy Officer is responsible for our compliance with this policy and can be reached at privacy@churchwiseai.com.

We collect only the information necessary to provide our services. Under PIPEDA, we are required to identify the purposes for collection before or at the time we collect personal information. Below is a complete inventory of the categories of information we collect.

2.1 Account Information

• Name, email address, phone number, and church affiliation provided during registration or onboarding.
• Church profile information: church name, denomination, address, website, service times, and staff names/titles.
• Team member roles and permissions within the ChurchWiseAI admin dashboard.

2.2 Voice Call Data

• Call recordings (when enabled by the church administrator).
• Call transcripts generated by speech-to-text processing.
• AI-generated call summaries, including detected prayer requests, visitor contacts, and callback requests.
• Caller phone number, call duration, and call metadata.

2.3 Chat Data

• Conversation logs between website visitors and the AI chatbot.
• Contact information voluntarily shared by visitors during chat (name, email, phone).
• AI-generated conversation summaries and detected care needs.

2.5 Church Knowledge Base Content

• FAQs, documents, and information uploaded by church administrators to train their AI agents.
• Custom persona settings, theological lens selections, and response tone preferences.

2.6 Sermon Generation Data

• Sermon prompts, topics, scripture references, and theological preferences submitted through SermonWise AI.
• Generated sermon outlines, small group guides, and derivative content.

2.7 Church Directory Data

• Public church listing information on PewSearch: church name, address, phone number, denomination, service times, and website.
• Premium Page content uploaded by churches that have claimed their listing.

2.8 Payment Data

• Payment processing is handled entirely by Stripe. We never store, see, or have access to full credit card numbers.
• We retain billing contact information (name, email, billing address) and transaction records (amount, date, plan) for accounting and tax compliance.

2.9 Usage Data

• Feature usage metrics, page views, and service performance data.
• Device and browser information: browser type, operating system, screen resolution, and IP address.

2.10 Cookies

We use only essential cookies required for the operation of our services (authentication tokens, CSRF protection). We do not use advertising, tracking, or analytics cookies. See Section 13 for full details.

Under PIPEDA, we must identify the purpose for collecting personal information before or at the time of collection. We use your information for the following specific purposes:

3.1 Providing Our Services

• Operating and delivering AI voice agent, chatbot, sermon generation, directory, and illustration services.
• Processing voice calls, generating transcripts, and creating AI summaries.
• Responding to visitor questions using your church's knowledge base and configured theological lens.
• Capturing and routing prayer requests, visitor contacts, and callback requests to the appropriate church staff.

3.2 Improving AI Quality and Accuracy

• Analyzing conversation patterns (in aggregate, not individually) to improve AI response quality.
• Refining our theological lens system to better serve diverse Christian traditions.
• We do NOT use your church's data to train third-party AI models. See Section 6.

3.3 Transactional Communications

• Sending welcome emails, magic-link authentication emails, and password resets.
• Delivering notification emails when the AI detects prayer requests, visitor contacts, or care needs.
• Sending billing confirmations, subscription updates, and service alerts.

3.4 Processing Payments

• Processing subscription payments, upgrades, and cancellations through Stripe.
• Maintaining billing records as required by Canadian and US tax law.

3.5 Safety and Abuse Prevention

• Detecting threats of violence, self-harm, or abuse through our moderation system.
• Enforcing rate limits and blocking abusive users to protect churches and their congregations.
• Providing crisis referral resources (988 Suicide & Crisis Lifeline, Crisis Text Line) when the AI detects potential crisis language.

3.6 Anonymized Analytics

• Generating aggregate usage statistics (e.g., average conversations per church per month) that cannot identify any individual church or person.
• Using anonymized metrics to improve our products and report on overall platform health.

Under PIPEDA, consent is the cornerstone of privacy protection. We use two forms of consent depending on the sensitivity of the information:

4.1 Express Consent (Sensitive Data)

We obtain your explicit, informed consent before collecting or using:

• Religious beliefs and theological preferences expressed during conversations with our AI agents.
• Prayer requests and pastoral care content, including disclosures about health, grief, relationships, and other personal matters.
• Voice call recordings, for which consent is obtained via an automated disclosure at the beginning of each call.
• Health-related information incidentally shared during conversations (e.g., prayer requests mentioning medical conditions).

4.2 Implied Consent (Operational Data)

We rely on implied consent for non-sensitive information that is reasonably necessary to provide the service you have requested:

• Account information provided during registration.
• Usage data and technical logs generated through normal use of our services.
• Essential cookies required for authentication and security.

4.3 Withdrawing Consent

You may withdraw your consent at any time by contacting us at privacy@churchwiseai.com. We will explain the consequences of withdrawing consent (for example, certain features may no longer be available). Withdrawal of consent does not affect the lawfulness of processing performed before the withdrawal.

We do not sell, rent, or trade your personal information. Ever. For the purposes of the CCPA/CPRA, we confirm that we do not “sell” or “share” personal information as those terms are defined under California law.

We share data only with the following trusted service providers (“sub-processors”) who are contractually obligated to protect your data and use it solely to provide their services to us:

If we add a new sub-processor that will handle personal information, we will update this policy and notify active customers at least 30 days before the new processor begins handling data.

5.1 Legal Disclosures

We may disclose personal information if required by law, including in response to court orders, subpoenas, or lawful government requests. We may also disclose information to protect the safety of our users or the public, or to enforce our Terms of Service.

5.2 Business Transfers

If ChurchWiseAI is acquired, merged, or sells substantially all of its assets, your personal information may be transferred to the successor entity. We will notify you by email and by a prominent notice on our website at least 30 days before such a transfer, and your information will remain subject to this Privacy Policy until a new policy is accepted.

Because our core services are powered by artificial intelligence, we want to be especially transparent about how your data interacts with AI systems.

6.1 What Data Goes to AI Providers

• Chat conversations: The visitor's messages and the AI's prior responses are sent to OpenAI for response generation. Your church's system prompt (persona, tone, theological lens) and relevant knowledge base excerpts are included for context.
• Voice conversations: The caller's transcribed speech is sent to Anthropic for response generation, along with your church's system prompt and relevant knowledge base excerpts.
• Sermon generation: Your sermon prompts, selected scripture, theological lens, and any source material you provide are sent to the AI provider for content generation.
• We minimize the personal information sent to AI providers. When possible, we send conversation content without caller names or phone numbers.

6.2 AI Provider Data Retention

• OpenAI: Retains API data for up to 30 days for abuse monitoring, then deletes it. API data is not used to train OpenAI models.
• Anthropic: Retains API data for up to 30 days for safety monitoring, then deletes it. API data is not used to train Anthropic models.
• Both providers operate under Data Processing Agreements (DPAs) that contractually prohibit using our data for model training.

Voice call recording is a feature that church administrators can enable or disable at any time. When enabled, the following practices apply:

• Disclosure: Every call begins with an automated message informing the caller that the call may be recorded for quality and pastoral care purposes. This disclosure satisfies the consent requirements of all US states, including two-party consent states (California, Florida, Illinois, Pennsylvania, Washington, Connecticut, Delaware, Maryland, Massachusetts, Montana, New Hampshire, and Nevada).
• Consent mechanism: By continuing the call after the disclosure, the caller consents to recording. Callers who do not wish to be recorded may hang up and contact the church through alternative means (email, web chat, or visiting in person).
• Retention: Call recordings are retained for 90 days, then automatically and permanently deleted. Call transcripts and AI summaries are retained for 1 year.
• Access: Church administrators and office administrators can access recordings for their own church only. No other roles can access call recordings.
• Caller access: Any caller may request access to their own recording by contacting us at privacy@churchwiseai.com with identifying details (approximate date, time, and phone number used).
• Deletion requests: Callers may request deletion of their recording at any time. We will fulfill deletion requests within 5 business days.

Under PIPEDA, personal information must be retained only as long as necessary to fulfill the purposes for which it was collected. The following table sets out our retention schedule:

After the retention period, data is permanently deleted or anonymized so that it can no longer identify any individual. Deletion is irreversible. If you cancel your subscription, your data is preserved in a read-only state for 90 days to allow reactivation, after which it is permanently deleted and a confirmation email is sent.

We implement industry-standard security measures to protect your information:

• Encryption in transit: All data is transmitted over TLS 1.2 or higher (HTTPS). WebSocket connections for the voice agent use WSS (WebSocket Secure). HTTP requests are automatically redirected to HTTPS.
• Encryption at rest: All stored data is encrypted using AES-256 encryption via our database provider (Supabase on AWS infrastructure).
• SOC 2-compliant providers: Our primary infrastructure providers (Supabase, Stripe, Vercel, OpenAI, Anthropic, Twilio) maintain SOC 2 Type II certifications.
• Role-based access controls (RBAC): Church data is protected by a 7-role permission system. Sensitive pastoral data is restricted to authorized pastoral roles. Financial data is restricted to admin and treasurer roles. Access is enforced at the API level, not just in the user interface.
• Audit logging: All data access is logged with timestamps, user identifiers, and actions performed. Moderation events are permanently logged.
• No local storage of church data: Church data is not stored on ChurchWiseAI employee devices or local machines.
• Regular security reviews: We conduct periodic security assessments and vulnerability reviews.

While we implement robust security measures, no system is 100% secure. We commit to notifying you promptly of any data breach that may affect your personal information (see Section 16).

Under PIPEDA, the CCPA/CPRA, and other applicable privacy laws, you have the following rights regarding your personal information:

• Right to Access — You may request a copy of all personal information we hold about you or your church. We will respond within 30 days of your request (as required by PIPEDA) and provide the information in a commonly used electronic format.
• Right to Correction — You may request correction of any inaccurate or incomplete personal information. You can update most information directly through your admin dashboard.
• Right to Deletion — You may request that we delete your account and all associated personal information. We will comply within 30 days, except where we have a legal obligation to retain certain records (e.g., billing records for tax compliance).
• Right to Data Portability — You may request an export of your data in a standard machine-readable format (CSV or JSON). This includes conversations, prayer requests, visitor contacts, knowledge base content, and sermon content.
• Right to Withdraw Consent — You may withdraw your consent for any data processing at any time. Some features may become unavailable if consent is withdrawn.
• Right to Know (CCPA) — California residents may request that we disclose what categories of personal information we have collected, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Opt-Out of Sale (CCPA) — We do not sell personal information. However, for CCPA compliance, we affirm your right to opt out of any future sale, should our practices ever change.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, a different quality of service, or any penalty for making a privacy request.

How to Exercise Your Rights

To exercise any of these rights, contact our Privacy Officer at:

• Email: privacy@churchwiseai.com
• Mail: ChurchWiseAI LTD, 125 Concession Street, Ingersoll, ON, Canada N5C 1G2

We may verify your identity before processing your request. For church-level requests, we will confirm that the request comes from an authorized administrator.

Right to Complain

If you believe we have not handled your personal information properly, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC):

Our services are designed for church leaders, ministry staff, adult volunteers, and adult congregation members. Our services are not intended for use by children under the age of 13.

• We do not knowingly collect personal information directly from children under 13 without verified parental consent.
• If a child under 13 interacts with a church's voice agent or chatbot, the church is responsible for ensuring appropriate parental consent and COPPA compliance for their congregation.
• Voice recordings of children (including voiceprints, which are covered under COPPA) are subject to the same protections and should not be collected without parental awareness.
• If we discover that we have inadvertently collected personal information from a child under 13 without proper consent, we will delete it promptly.

If you are a parent or guardian and believe your child has provided personal information through one of our services, please contact us at privacy@churchwiseai.com and we will delete it immediately.

ChurchWiseAI is incorporated in Ontario, Canada, and serves churches in both Canada and the United States. Your data may be processed and stored in both countries.

• Primary database: Hosted in the United States (Supabase on AWS).
• AI processing: Performed in the United States (OpenAI, Anthropic).
• Voice infrastructure: Twilio and Cartesia operate primarily from the United States.
• Web hosting: Vercel operates a global CDN with edge functions in multiple regions.

We ensure adequate data protection for all cross-border transfers through:

• Data Processing Agreements (DPAs) with all sub-processors.
• Contractual obligations requiring equivalent data protection standards.
• Technical safeguards including encryption at rest and in transit.

By using our services, you consent to the transfer and processing of your data in the United States and Canada. You may request more information about specific safeguards by contacting our Privacy Officer.

We use a minimal number of cookies, limited to what is strictly necessary for our services to function:

• Authentication cookies: Session tokens required for secure access to admin dashboards and user accounts. These are HTTP-only, secure, same-site cookies that cannot be read by third-party scripts.
• CSRF protection cookies: Tokens used to prevent cross-site request forgery attacks.
• Consent preference: A localStorage entry that records whether you have accepted the cookie notice. This is not a tracking mechanism.

We do not use advertising cookies, social media tracking pixels, or third-party analytics cookies. We do not participate in any advertising networks or retargeting programs.

As a Canadian company, we comply with Canada's Anti-Spam Legislation (CASL) for all email communications.

14.1 Transactional Emails (No Consent Required)

The following emails are sent as part of providing our services and do not require opt-in consent under CASL. They will always identify ChurchWiseAI as the sender and include contact information:

• Account verification and magic-link authentication emails
• Payment confirmations and billing receipts
• Service notifications (prayer request alerts, visitor contact alerts, threat alerts)
• Subscription status changes and renewal reminders
• Security alerts and password reset emails
• Privacy policy or terms of service updates

14.2 Marketing Emails (Express Consent Required)

Marketing and promotional emails (newsletters, product announcements, feature highlights) are sent only with your express opt-in consent. We log the date, time, source, and manner of your consent as required by CASL.

• You can unsubscribe from marketing emails at any time using the unsubscribe link in any email.
• We process unsubscribe requests within 10 business days (CASL requirement).
• Unsubscribing from marketing emails does not affect transactional emails.

Our platform uses AI-powered moderation to detect abuse patterns including spam, harassment, threats of violence, self-harm language, and misuse of the chatbot or voice agent. If abuse is detected, access may be automatically restricted through a graduated escalation system (warning, cooldown, temporary block, permanent block).

If you believe your access has been restricted in error, you may appeal by contacting support@churchwiseai.com. All appeals are reviewed by a human within 48 hours. We do not use automated decision-making for any other purpose (such as pricing, eligibility, or content filtering).

Under PIPEDA, we are required to notify affected individuals and the Office of the Privacy Commissioner of Canada (OPC) of any breach of security safeguards involving personal information that creates a “real risk of significant harm.”

• Notification to individuals: We will notify affected individuals as soon as feasible after confirming a qualifying breach. Notification will include a description of what happened, what data was affected, what we have done in response, and recommended steps for the affected individual.
• Notification to the OPC: We will report qualifying breaches to the OPC as required by PIPEDA.
• Notification to churches: For breaches involving church data, the church administrator will hear from us directly (personal communication from ChurchWiseAI leadership, not a generic email).
• Breach record: We maintain a log of all breaches (including those that do not meet the notification threshold) for a minimum of 24 months, as required by PIPEDA.
• Our commitment: We will over-notify rather than under-notify. If there is any doubt about whether a church's data was affected, we will notify them. Affected parties will always hear from us before hearing from anyone else.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features.

• We will provide at least 30 days' notice before any material change takes effect.
• Notice will be provided by email to the address on file and by a prominent notice on our website.
• The “Last Updated” date at the top of this policy indicates when it was most recently revised.
• Your continued use of our services after the effective date of a revised policy constitutes acceptance. For material changes affecting your rights, we may require explicit acknowledgment before you can continue using our services.