Codenc.io

Privacy Policy

Effective date: 2026-04-30 · Last updated: 2026-04-30 · Operator: CodeMushroom LLC, Pennsylvania, USA
Material changes to this policy are announced 30 days in advance via email. Prior versions are preserved.

1. The plain version

We collect what we need to run Codencio for your church and nothing else. We don't sell your data. We don't share it with advertisers. We don't use it to train AI. Anonymous prayer submissions stay anonymous to the public — only your pastoral team sees the names.

You can export everything you have at any time. You can delete your account and have your data permanently removed. Reach us via the contact form (or privacy@codenc.io) if anything is unclear.

2. What data we collect

2.1 Data you give us

CategoryWhat's in it
AccountName, email, password (hashed), display name, optional phone
Church profileChurch name, address, contact info, brand colors / logo
PeopleNames + emails of volunteers and members the church admin invites
Service contentService plans, slide decks, sheet music PDFs, sermon notes, lyrics, scripture references
CommunicationsChat messages, prayer requests, connection cards, push-notification subscriptions
Two-factorTOTP secret + recovery code hashes (we never see your code in plaintext after enrollment)

2.2 Data we collect automatically

CategoryWhat's in it
Usage logsPage views, button clicks, error events, session length
TechnicalIP address, browser type, OS version, screen size, language
Connection cards (public)IP + user-agent for abuse forensics; auto-deleted after 30 days
AnalyticsAggregate Google Analytics on the marketing site only (codenc.io). The app at app.codenc.io has minimal analytics for product improvement.

2.3 What we do NOT collect

  • Donor financial data — until online giving ships, we have no way to.
  • Background-check results — we don't run them; we'll integrate with a provider in the future.
  • Behavioral / cross-site advertising profiles — we don't use ad networks.
  • Microphone, camera, or location data unless YOU explicitly opt-in to a feature that uses them (live captions are the only one today, and the audio is processed entirely on your device — nothing transmitted to us).

3. How we use data

  • Provide the service: showing you your services, sending push notifications you've subscribed to, syncing slides across your devices.
  • Communicate: account verification emails, password resets, lockout notifications, billing receipts, critical service announcements.
  • Improve the product: aggregate usage patterns, error reports, performance metrics. Never tied to identifiable individuals in our analytics.
  • Security: rate limiting, fraud detection, lockout after failed login attempts, CAPTCHA on public submission flows.
  • Legal compliance: responding to lawful requests, complying with our DMCA process.

4. Who we share data with

We share data only in these specific ways:

  • Within your church: per the role permissions you set. A church admin can see all data for their church; a volunteer sees only what they're assigned.
  • Service providers (sub-processors):
    • AWS — hosting (us-east-2 primary, us-west-2 backup replication)
    • Stripe — subscription billing + online giving (church donations)
    • SMTP provider — transactional email (Codencio default; or your church's own SMTP if configured per-church)
    • Let's Encrypt (ISRG) — TLS certificate issuance for custom domains, when a church chooses to serve their site at www.theirchurch.org
    • WorshipTeam.com — optional song-library passthrough, only when the church admin opts in
    • Google reCAPTCHA — abuse protection on public forms (planned)
    • Cloudflare — DDoS protection (planned)
    Each is bound by data processing agreements equivalent to this policy.
  • Site-contact relay: when a website visitor sends a message via the "Contact Name" button on a church staff card, the visitor's name + email + message are stored in the staff member's in-app inbox AND forwarded to their email address. The visitor sees a thank-you confirmation; the visitor's email is in the message body, the staff email is never exposed publicly.
  • Custom domains: if a church serves their site at their own domain (e.g. www.yourchurch.org), visitor traffic to that domain is served from Codencio infrastructure under the same protections as the codenc.io subdomain. We do not log or analyze custom-domain traffic differently.
  • Legal: when compelled by lawful subpoena, warrant, or court order. We aim to notify you unless legally prohibited.
  • Business transfer: in a merger, acquisition, or asset sale, your data may transfer to the successor under the same protections.

We do NOT share your data with advertisers, data brokers, AI training vendors, or any party for marketing purposes.

5. Data retention

  • Active account: retained for as long as you keep the account active.
  • Canceled account: 30-day soft-archive (reactivate without loss), then permanent deletion.
  • Backups: rolling 30-day window. Canceled-account data ages out within ~60 days total.
  • Connection cards (public): IP/user-agent forensic data auto-deleted after 30 days even on active accounts.
  • Audit logs: retained 90 days.
  • Email logs: 30 days.

6. Your rights

Regardless of where you live, you have the right to:

  • Access: see what we have about you. Request export anytime.
  • Correct: fix anything inaccurate.
  • Delete: have your account and all associated data permanently removed.
  • Export: get a CSV + JSON dump of everything you've put in.
  • Object / restrict: tell us to stop processing your data for any reason.
  • Portability: take your data to another tool. Export covers most cases.

Email privacy@codenc.io to exercise any of these. We respond within 30 days.

6.1 GDPR (EU residents) and UK GDPR

We process EU/UK personal data on the lawful bases of (a) contract performance — providing the service you signed up for — and (b) legitimate interest — security, abuse prevention. You may lodge a complaint with your supervisory authority if you have unresolved concerns.

6.2 California (CCPA / CPRA)

California residents have the right to know what personal information we collect and to opt out of "sale" or "sharing" of that information. We do not sell or share your personal information for cross-context behavioral advertising or any commercial purpose. Email privacy@codenc.io for access / deletion requests.

7. Cookies and similar technologies

We use cookies for:

  • Essential: login session, CSRF protection, theme preference. These cannot be disabled without breaking the service.
  • Analytics (marketing site only): aggregate Google Analytics on codenc.io. The app at app.codenc.io currently sends minimal pageview events.

We do NOT use third-party advertising cookies.

8. Children's privacy

Codencio is not directed at children under 13. The kids check-in feature (when shipped) will be operated by your church and the data is collected from parents/guardians on behalf of the church. We do not knowingly collect personal information from children under 13 directly.

9. International transfers

Codencio's primary infrastructure is hosted in AWS us-east-2 (Ohio, USA). If you're in the EU/UK, your data is transferred to the United States under the Standard Contractual Clauses included in our DPA with AWS.

10. Security

  • TLS in transit (TLS 1.2+).
  • Encryption at rest on AWS-managed volumes.
  • Per-tenant data isolation enforced at every database query.
  • Optional 2FA / TOTP for all user accounts.
  • Account lockout after 5 failed login attempts in 15 minutes.
  • Nightly database backups with weekly automated restore drills.
  • Live status at codenc.io/status.

11. Changes

Material changes to this policy will be announced via email to church admins at least 30 days before taking effect.

12. Contact

Privacy questions: privacy@codenc.io
Security disclosures: security@codenc.io
General: the contact form

See also: Terms of Service · DMCA · Status