Mobile App Privacy Policy:

Iglesia El Getsemani Mobile Application

Effective Date: March 12, 2026

1. Introduction

Iglesia Cristiana El Getsemani ("we," "us," "our," or the "Church"), a 501(c)(3) nonprofit religious organization, operates the Iglesia El Getsemani mobile application (the "App"). This Privacy Policy describes what personal information we collect, how we use it, the legal bases for processing, and your rights regarding your data.

This Privacy Policy applies to all users of the App on all platforms (iOS and Android), including those who access the App as guests without creating an account. By downloading, installing, or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the App.

This policy covers data practices for the App only. It does not cover our website, social media pages, or any other services operated by the Church.

2. Information We Collect

a) Account Information

When you create an account, we receive the following information as provided by your authentication provider:

Name (first and last)
Email address (which may be a private relay address if you choose to hide your email through Apple)

The App supports the following authentication methods depending on your platform:

Sign in with Apple (iOS)
Sign in with Google (Android)

In both cases, we receive only the name and email address you authorize during the sign-in flow. We do not receive or store your Apple ID password, Google password, or any other authentication credentials.

Legal basis (GDPR): Performance of a contract (providing you with account-based services you have requested) and legitimate interest (personalizing your experience).

You may use the App as a guest without creating an account on either platform. Guest users can access Bible reading, sermon videos, event listings, service times, and church information without providing any personal data.

b) Donation Information

When you make a donation through the App, we collect and store:

Donation amount and designated fund
Date and time of the transaction
Your email address (linked to your account)

Important: All payment card details, bank account information, and sensitive financial data are collected and processed exclusively by Stripe, our PCI-compliant payment processor. We never see, store, transmit, or have access to your card number, expiration date, CVV, or bank account details.

Legal basis (GDPR): Performance of a contract (processing your requested donation) and legal obligation (tax and accounting recordkeeping requirements for nonprofit organizations).

c) Event RSVPs

When you RSVP to a church event, we store:

Your name
The event you responded to
The date and time of your response

This information is used solely to help event organizers plan accordingly.

Legal basis (GDPR): Legitimate interest (event planning and resource management).

d) Push Notification Token

If you grant permission for push notifications, we store a device token provided by your platform's push notification service — Apple Push Notification service (APNs) on iOS, or Firebase Cloud Messaging (FCM) directly on Android. This token is used exclusively to deliver notifications you have subscribed to.

Legal basis (GDPR): Consent (you actively grant notification permission through your device).

e) Local Preferences

The following preferences are stored locally on your device only using Apple's UserDefaults storage mechanism:

Language selection (English or Spanish)
Notification topic preferences
Bible reader display settings

These preferences are stored locally on your device (using UserDefaults on iOS or SharedPreferences on Android) and are never transmitted to any server.

f) Information We Do Not Collect

We are committed to transparency. The App does not collect:

Analytics or tracking data: We do not use analytics SDKs, behavioral tracking, usage monitoring, or telemetry of any kind.
Advertising identifiers: The App contains no advertisements and does not collect advertising IDs (IDFA).
Location data: We do not access or track your geographic location.
Contacts: We do not access your address book or contacts.
Device identifiers: We do not collect device IDs, hardware identifiers, or fingerprinting data.
Cookies: The App does not use cookies or similar tracking technologies.
Browsing or search history: Bible reading selections, search queries, and sermon viewing are processed locally or read-only and are not logged or tracked.

3. How We Use Your Information

We use the information we collect for the following specific purposes:

Data	Purpose
Name, email	Create and authenticate your account; identify you in church systems
Donation amount, fund, date	Process your donation; provide giving history; generate tax-related records
Email (with donations)	Associate donations with your account; send donation receipts if applicable
Event RSVP data	Track attendance for event planning; display your RSVP status
Push notification token	Deliver notifications about live streams, events, and church announcements
Language preference	Display the App in your preferred language (English or Spanish)

We do not use your data for:

Marketing or promotional purposes unrelated to church activities
Profiling or automated decision-making
Sale to or sharing with third-party advertisers or data brokers
Any purpose not described in this Privacy Policy

4. Third-Party Service Providers

We use a limited number of third-party services to operate the App. Each service only receives the minimum data necessary for its function.

Firebase (Google LLC)

Services used: Authentication, Cloud Firestore (database), Cloud Functions (server-side logic), Cloud Messaging (push notifications)
Data shared: Name, email, notification device token, event RSVPs, donation records
Data location: United States
Privacy policy: https://firebase.google.com/support/privacy
Google privacy policy: https://policies.google.com/privacy

Stripe (Stripe, Inc.)

Services used: Payment processing, Apple Pay (iOS), Google Pay (Android), customer management
Data shared: Email address, donation amount. Stripe directly collects payment card details through its secure SDK — this data is never accessible to us.
PCI compliance: Stripe is a PCI DSS Level 1 certified service provider, the highest level of payment security certification.
Privacy policy: https://stripe.com/privacy

Apple (Apple Inc.) — iOS Only

Services used: Sign in with Apple (authentication), Apple Push Notification service (APNs), Apple Pay (payments)
Data shared: Authentication credentials are handled by Apple's secure authentication flow. We receive your name and email (or private relay email) as you authorize.
Privacy policy: https://www.apple.com/legal/privacy/

Google (Google LLC) — Android Only

Services used: Sign in with Google (authentication), Google Pay (payments), Google Play Services
Data shared: Authentication credentials are handled by Google's secure authentication flow. We receive your name and email as you authorize.
Privacy policy: https://policies.google.com/privacy

YouTube API (Google LLC)

Services used: Server-side retrieval of our church's public sermon videos and live stream status
Data shared: None. The YouTube API is called from our server-side Cloud Functions only. No user data is sent to YouTube, and no YouTube cookies or tracking are loaded on your device.
Privacy policy: https://policies.google.com/privacy

We do not sell, rent, trade, or otherwise share your personal information with any parties beyond those listed above. We may disclose information if required by law, legal process, or government request, or to protect the rights, safety, or property of the Church, our users, or the public.

5. Data Retention

Data Type	Retention Period	What Happens on Deletion
Account data (name, email)	Retained while your account is active	Permanently deleted upon account deletion
Donation records	Retained indefinitely for nonprofit accounting and tax-receipt purposes, as required by IRS regulations for 501(c)(3) organizations	Personal identifiers (name, email) are anonymized at the time of account deletion; transaction records are retained in anonymized form
Event RSVPs	Retained with the associated event	Permanently deleted upon account deletion
Push notification token	Retained while notifications are enabled	Deleted upon account deletion or when you revoke notification permission
Stripe customer record	Retained by Stripe per their retention policy	Deleted from Stripe upon account deletion
Local preferences	Stored on your device until the App is uninstalled	Removed when you uninstall the App

6. Data Security

We take the security of your personal information seriously and implement the following measures:

Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS (Transport Layer Security).
Encryption at rest: Data stored in Google Cloud Firestore is encrypted at rest using Google's default encryption.
Payment security: All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. Payment card data never touches our servers or the App.
Authentication security: Sign in with Apple (iOS) and Sign in with Google (Android) both use industry-standard OAuth 2.0 protocols. We do not store passwords.
Access controls: Access to Firebase and Stripe administrative consoles is restricted to authorized Church personnel.
Minimal data collection: We collect only the data necessary to provide the services described in this policy.

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your Apple ID and device, and for any activity that occurs under your account.

7. Your Rights

Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under applicable data protection law:

Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request correction of inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten"): You may request deletion of your personal data, subject to legal retention requirements.
Right to data portability: You may request your personal data in a structured, commonly used, machine-readable format.
Right to restrict processing: You may request that we limit how we use your data.
Right to object: You may object to our processing of your data based on legitimate interests.
Right to withdraw consent: Where processing is based on consent (e.g., push notifications), you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint: You have the right to file a complaint with your local data protection supervisory authority.

Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights:

Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
Right to delete: You may request deletion of your personal information, subject to certain exceptions (such as legal recordkeeping obligations).
Right to opt-out of sale: We do not sell your personal information. Because we do not sell personal data, there is no need to opt out.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us using the information in Section 14. We will respond to verifiable requests within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before fulfilling your request.

8. Children's Privacy

The App is not directed at children under the age of 13 and is not intended to collect personal information from children under 13. We do not knowingly collect, use, or disclose personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).

Users must be at least 13 years of age to create an account. Users must be at least 18 years of age to make donations through the App.

If you are a parent or guardian and believe that your child under 13 has provided personal information to us, please contact us immediately at contact@iglesiaelgetsemani.org. We will take prompt steps to delete such information from our systems.

9. Push Notifications

The App offers push notifications to keep you informed about:

Live stream announcements
Church event reminders
Service cancellations or schedule changes
General church announcements

How notifications work: When you grant notification permission, your device provides a unique token through Apple Push Notification service (APNs) on iOS or Firebase Cloud Messaging (FCM) on Android. This token is stored in our system and is used solely to deliver notifications to your device.

How to manage notifications:

In the App: Go to More > Notification Settings to enable or disable specific notification categories.
On iOS: Go to Settings > Notifications > Iglesia El Getsemani to disable all notifications or customize alert styles.
On Android: Go to Settings > Apps > Iglesia El Getsemani > Notifications to disable all notifications or manage notification channels.
Revoking permission: Disabling notifications in your device settings will prevent all push notifications. Your notification token will be invalidated by the system.

Enabling push notifications is entirely optional and does not affect your ability to use any other feature of the App.

10. Donations and Payment Processing

All donation processing in the App is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor.

How it works:

When you initiate a donation, the Stripe SDK embedded in the App collects your payment information directly. This data goes straight to Stripe's servers.
Our server-side Cloud Function creates a PaymentIntent with Stripe, specifying the donation amount and your account email.
Stripe processes the payment and confirms the result.
We record the donation amount, fund designation, date, and your email for giving history and church accounting purposes.

What we store: Donation amount, fund, date, and your email address.

What we never store or access: Credit/debit card numbers, expiration dates, CVV codes, bank account numbers, or any other payment card data.

Apple Pay and Google Pay: If you use Apple Pay (iOS) or Google Pay (Android), your actual card number is not shared with either Stripe or us. Both services use device-specific tokens for the transaction, providing an additional layer of security.

Refund policy: Donation refund requests should be directed to the Church at contact@iglesiaelgetsemani.org or (484) 945-2660. Refunds are handled on a case-by-case basis at the Church's discretion.

Donations made through the App are contributions to a 501(c)(3) nonprofit organization and may be tax-deductible to the extent allowed by law. The Church does not provide tax advice; consult a qualified tax professional regarding deductibility.

11. Data Portability

You have the right to request a copy of the personal data we hold about you in a portable format.

How to request your data:

Send an email to contact@iglesiaelgetsemani.org with the subject line "Data Portability Request" and include the email address associated with your account.

We will provide your data in a commonly used, machine-readable format (such as JSON or CSV) within 30 days of receiving your verified request. The data export will include:

Account information (name, email)
Donation history (amounts, dates, fund designations)
Event RSVP records

Local preferences stored on your device are accessible to you directly and are not included in data portability requests.

12. Account Deletion

You may delete your account at any time using either of the following methods:

Option 1: In-App Deletion (Immediate)

Open the App and tap the More tab.
Tap your name/profile at the top of the screen.
Scroll down to Account Management.
Tap Delete My Account.
Confirm the deletion in the dialog.

Your account is deleted immediately upon confirmation.

Option 2: Email or Phone Request

If you are unable to delete your account from within the App, contact us:

Email: contact@iglesiaelgetsemani.org (include the email address associated with your account)
Phone: (484) 945-2660

Manual deletion requests are processed within 30 days.

What Is Deleted

Your user profile (name, email, preferences)
Event RSVPs
Push notification token and subscription preferences
Saved payment methods in Stripe
Your Firebase authentication account

What Is Retained

Donation records are retained in anonymized form for church accounting and tax-receipt purposes, as required by applicable regulations governing 501(c)(3) organizations. At the time of account deletion, all personal identifiers (name and email) in donation records are replaced with anonymized values. The Church retains no way to re-associate anonymized donation records with your identity after deletion.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the App's features, or applicable law.

When we make changes:

The updated policy will be posted on our website at iglesiaelgetsemani.org.
The "Effective Date" at the top of this policy will be revised.
For material changes, we may notify you through a push notification or in-app notice, where practicable.

Your continued use of the App after the revised Privacy Policy becomes effective constitutes your acceptance of the updated terms. If you do not agree with any changes, you should discontinue use of the App and delete your account.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your data rights, or have a complaint about our data practices, please contact us:

Iglesia Cristiana El Getsemani 660 N. Charlotte St. Pottstown, PA 19464

Phone: (484) 945-2660 Email: contact@iglesiaelgetsemani.org Website: iglesiaelgetsemani.org

We aim to respond to all inquiries within 30 days.

15. Disclaimer of Warranties and Limitation of Liability

Disclaimer of Warranties

THE APP AND ALL CONTENT, FEATURES, AND SERVICES PROVIDED THROUGH THE APP ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE CHURCH DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ACCURACY.

The Church does not warrant that:

The App will be available at all times or operate without interruption or error.
The content provided through the App (including Bible text, sermon videos, and event information) will be error-free, complete, or current.
Defects in the App will be corrected in a timely manner.
The App or the servers that make it available are free of viruses or other harmful components.

Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL IGLESIA CRISTIANA EL GETSEMANI, ITS OFFICERS, DIRECTORS, EMPLOYEES, VOLUNTEERS, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF DATA, LOSS OF REVENUE, LOSS OF GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OF OR INABILITY TO USE THE APP, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE), EVEN IF THE CHURCH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE CHURCH'S TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE APP SHALL NOT EXCEED ONE HUNDRED U.S. DOLLARS ($100.00).

User Responsibility

You are responsible for maintaining the confidentiality and security of your Apple ID (iOS) or Google account (Android) and device. You agree that you are solely responsible for all activities that occur under your account, whether or not you have authorized such activities.

Indemnification

You agree to indemnify, defend, and hold harmless Iglesia Cristiana El Getsemani, its officers, directors, employees, volunteers, agents, and affiliates from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or in connection with: (a) your use of the App; (b) your violation of this Privacy Policy; (c) your violation of any applicable law or regulation; or (d) your violation of any rights of a third party.

Governing Law

This Privacy Policy and any disputes arising hereunder shall be governed by and construed in accordance with the laws of the Commonwealth of Pennsylvania, United States of America, without regard to its conflict of law provisions.

Dispute Resolution

In the event of any dispute arising out of or relating to this Privacy Policy, you agree to first attempt to resolve the matter informally by contacting us at contact@iglesiaelgetsemani.org. The parties shall engage in good faith negotiation for a period of thirty (30) days before pursuing any other form of dispute resolution.

This Privacy Policy was last updated on March 22, 2026.