Privacy Policy

1. Scope

This Privacy Policy applies to the Grace Connect mobile app, website, church registration pages, member sign-up pages, support tools, administrative tools, and related services. It covers members, pastors, church administrators, ministry leaders, care-team members, finance users, support users, and visitors who interact with Grace Connect.

2. Data Controller and Contact

For platform-level data handling, Grace Connect is operated by I Create Solutions & Services. Churches may also act as controllers or responsible parties for data they enter, configure, approve, review, export, or manage inside their own church space. Privacy inquiries may be sent to privacy@graceconnect.app. General support may be sent to support@graceconnect.app.

3. 18+ Service

Grace Connect is not intended for children or minors. Users must be 18 years of age or older. We do not knowingly allow persons under 18 to create accounts. If we learn that an under-18 user created an account, we may suspend or delete the account and associated information, subject to legal and safety retention obligations.

4. Information You Provide

Grace Connect may collect information you provide directly, including full name, display name, email address, phone number, password through Supabase authentication, church affiliation, church name, denomination, church address, pastor/admin contact details, profile photo, cover photo, biography, parish/city/address fields, social links, ministry roles, family relationship settings, notes, support messages, uploaded images, uploaded audio, uploaded video, prayer requests, testimonies, comments, events, RSVP responses, attendance records, counseling/care requests, and giving-related references.

5. Account and Authentication Data

Grace Connect uses Supabase for authentication and session management. Authentication data may include your email address, encrypted password credentials handled by Supabase, email verification status, reset-password events, session tokens, metadata, account status, sign-up source, accepted legal version, and account creation time.

6. Church and Membership Data

Grace Connect stores information that connects users to a church space, including church ID, church name, place ID, membership status, roles, permissions, ministry group membership, approval state, and church-specific preferences. Church administrators may view, approve, edit, or remove certain data within their authorized church space.

7. Profile and Community Content

Profile and community data may include your profile photo, name, biography, prayer posts, testimonies, comments, reactions, media, ministry group messages, direct messages, family relationship settings, visibility preferences, and content reports. Some content may be visible to your church community, selected groups, care teams, administrators, or other intended recipients depending on feature settings.

8. Direct Messages and Media

Grace Connect may store direct messages, group messages, message metadata, sender/recipient IDs, delivery and read status, audio messages, media attachments, deletion flags, expiration timestamps, and block/report relationships. Some messages or media may be configured to expire after a period; however, expired or deleted content may remain temporarily in backups, logs, reports, or moderation records where necessary.

9. Prayer, Counseling, and Pastoral-Care Data

Prayer requests, counseling requests, care requests, and pastoral follow-up notes may include sensitive personal, spiritual, emotional, family, health-adjacent, or crisis-related information. You should only submit information you are comfortable sharing with the selected audience. Authorized pastors, care teams, or administrators may access this information to provide follow-up, moderate content, or protect safety.

10. Attendance and Location Data

Grace Connect may collect location data when you use attendance, check-in, or geofencing features. Location data may include device permission status, coordinates, distance from church location, church geofence radius, attendance date, service schedule, check-in status, late status, duplicate check-in prevention data, and related logs. Background location may be used only where automatic attendance is enabled and permission is granted. You can control location permission through your device settings.

11. Device, Diagnostic, and Usage Data

Grace Connect may collect device and diagnostic data such as device model, operating system, app version, build number, notification token, crash data, app section affected by a support ticket, error reports, analytics events, usage patterns, and general performance data. This information helps operate, secure, debug, and improve the app.

12. Notifications

Grace Connect may use Firebase Cloud Messaging and local notification tools to send account notices, announcements, prayer updates, event reminders, direct message alerts, ministry group updates, support notifications, and other service-related messages. You can disable notification permissions through device settings, though some app communication may be affected.

13. Giving and Payment Information

Grace Connect may display giving links configured by churches or authorized finance users. Payments may be processed by external payment providers. Grace Connect is not intended to collect or store full card numbers, bank credentials, or card security codes. We may store limited giving configuration, transaction references, receipt URLs, amount/category information, or church finance records if enabled in the app.

14. How We Use Information

We use information to create and authenticate accounts, verify email addresses, connect members to churches, approve church registrations, manage roles, deliver app features, provide prayer/community/messaging/group/event/attendance/support functions, send notifications, provide support, enforce rules, investigate reports, prevent abuse, secure the platform, comply with law, maintain records, and improve the service.

15. Legal Bases and User Consent

Grace Connect processes data based on user consent, contract necessity, legitimate operational interests, church administration needs, legal obligations, safety obligations, and user-requested feature delivery. Some features, including background location for automatic attendance, require explicit in-app permission and affirmative consent before use.

16. Sharing of Information

We may share information with the church you select or administer, authorized pastors and church administrators, care-team members, role-specific staff, service providers such as Supabase and Firebase, payment/giving providers, email/notification providers, hosting providers, legal advisors, security reviewers, law enforcement or regulators where legally required, and other users where you intentionally post, message, react, or share content.

17. Third-Party Providers

Grace Connect may rely on Supabase for authentication, database storage, edge/backend infrastructure, storage, and access controls; Firebase for notifications, analytics, diagnostics, messaging functions, and cloud services; Google Maps or location APIs for map/geofence-related functionality; Google Sign-In where enabled; app stores for distribution; and external giving/payment providers selected by churches. See the Third-Party Provider List for more details.

18. Data Security

Grace Connect is designed to use secure authentication, HTTPS/TLS transmission, encrypted provider infrastructure, Row Level Security, role-based access controls, restricted admin privileges, church-based data isolation, audit logs, reporting/blocking controls, and provider security tools. No system can be guaranteed perfectly secure. Users and church administrators must also protect passwords, devices, roles, and access.

19. Data Retention

We retain information for as long as needed to provide the service, support church operations, comply with legal obligations, resolve disputes, maintain security, prevent fraud/abuse, preserve audit records, process deletion requests, and support backups. Specific retention periods are listed in the Data Retention Schedule.

20. Account Deletion

Users may request deletion through the app where available or through the Delete My Account page. Account deletion may remove or anonymize profile data, authentication data, and account-linked data, subject to retention needed for legal, safety, audit, donation, attendance, dispute, security, or church administration reasons. Deactivation or signing out is not the same as deletion.

21. Your Rights

Depending on applicable law, you may request access, correction, deletion, restriction, objection, portability, withdrawal of consent, or information about how your data is used. You may also update many profile and privacy settings in the app. Requests may require identity verification before action is taken.

22. International Processing

Supabase, Firebase, Google, hosting providers, app store services, and other service providers may process or store information outside Jamaica depending on their infrastructure and service configuration. By using Grace Connect, you understand that data may be processed in countries with different privacy laws, subject to applicable safeguards and provider terms.

23. Public or Shared Content

Content posted to a church feed, group, testimony, prayer wall, event, or message thread may be seen by the intended audience. Other users may screenshot, copy, quote, or share content outside Grace Connect despite rules against misuse. Do not share information you are not authorized or comfortable sharing.

24. No Sale of Personal Data

Grace Connect does not sell personal and sensitive user data. We do not sell member lists, prayer requests, location data, counseling requests, attendance data, direct messages, or church information to advertisers or data brokers.

25. Privacy Policy in App Stores

This Privacy Policy is intended to support Android and iOS app disclosures. The Google Play Data Safety form and Apple App Privacy details must match the app’s actual behavior, SDKs, permissions, and data flows at the time of submission.

26. Changes to This Privacy Policy

We may update this Privacy Policy as the app changes, laws change, third-party services change, or new features are added. Material changes may be announced through the app, website, email, or sign-in prompt. Continued use after the effective date means the updated Privacy Policy applies.

27. Contact

Grace Connect / I Create Solutions & Services
Owner: Shamar Baker
Address: Bull Bay, St Andrew, Jamaica
Privacy Contact: privacy@graceconnect.app
Support: support@graceconnect.app