Effective Date: May 11, 2026Last Updated: May 11, 2026
GospelGramPrivacy Policy
1. IntroductionThis Privacy Policy explains how Theodoxia LLC ("GospelGram," "we," "us," or "our") collects, uses, shares, and protects personal information when you use GospelGram (the "Service").We've tried to write this Policy in plain language. We care about your privacy and want to be transparent about what we do with your data and why.By using the Service, you agree to the practices described in this Policy.2. Information We Collect2.1 Information You Provide DirectlyAccount information: Name, email address, username, password, profile photo, bio, and similar details you enter when creating or updating an account.Verification information (missionaries and organizations only): Affiliation details, organizational documentation, and verification-related information.Payment information: When you donate or receive donations, your payment details (including card information, bank account details, and government identification for recipients) are collected by and stored with Stripe, our payment processor. We do not receive or store full card numbers or bank account numbers ourselves.Content you post: Photos, videos, text posts, updates, comments, and other content you share on the Service.Communications: Messages you send through the Service, support emails, and feedback.Donation information: Recipient, amount, frequency, optional message, and related metadata for donations you make or receive.2.2 Information Collected AutomaticallyDevice and usage data: Device type, operating system, app version, IP address, language, timestamps, and interactions with the Service.Log and diagnostic data: Crash reports, error logs, and performance metrics.Analytics events: In-app actions (e.g., screens viewed, posts created, donations initiated) used to understand how the Service is used.Approximate location: We may infer general location from your IP address. We do not collect precise GPS location without explicit permission.2.3 Information from Third PartiesStripe: Payment status, payout status, KYC verification status for recipients, and transaction metadata.Organizations: If you are verified as a missionary, your verifying organization provides information confirming your affiliation.2.4 Information We Do NOT CollectWe want to be explicit about what we do not collect:We do not collect biometric data.We do not track you across other websites or apps for advertising purposes.We do not share your data with data brokers.We do not sell your personal information.3. How We Use Your InformationWe use your information to:Operate the Service — create and maintain your account, display content, process donations, handle verifications, and enable social features.Process payments — facilitate donations through Stripe and associated recordkeeping.Protect the Service — detect and prevent fraud, abuse, impersonation, and violations of our Terms.Communicate with you — send transactional emails (donation receipts, recurring donation notices, account notifications) and, if you opt in, occasional product updates.Improve the Service — analyze usage patterns, diagnose bugs, and prioritize features.Comply with legal obligations — respond to lawful requests, meet tax and accounting requirements, and satisfy recordkeeping laws.We do not use your data for third-party advertising.4. How We Share Your InformationWe share information only as described below.4.1 With Other UsersYour profile information, posts, and publicly displayed verification status are visible to other Users and (unless your account is non-public) the general public.Your donation amount and identity are visible only to you and the recipient missionary. Donations are not publicly displayed by default.Recipients see: your name (or chosen display name), your profile link, the donation amount, and any message you include.4.2 With Service ProvidersWe share limited data with third-party service providers who help us operate the Service. They are contractually required to protect your information. Key providers:Infrastructure and Authentication:Supabase — database hosting and authentication services (stores your account credentials securely, handles password hashing, manages your session)Cloudflare — hosting, content delivery, and security protectionPayments:Stripe, Inc. — processes all donations and handles Know Your Customer (KYC) verification for recipient missionariesOptional Sign-In (if used):Apple — if you use Sign in with Apple, Apple shares a verified email or a privacy-preserving relay address with usGoogle — if you use Sign in with Google, Google shares your name, email, and profile photo with usAnalytics and Performance:Amplitude, — product usage analyticsSentry — crash reporting and error monitoringCommunications:Email provider Resend- transactional email deliveryData Processing Agreements are in place with all such providers. The list above is updated here when providers change; check this page for the current list.4.3 With Verifying OrganizationsIf you are verified as a missionary, your verifying organization receives information about your account status, fundraising activity summaries, and relevant updates required to maintain verification.4.4 For Legal ReasonsWe may disclose information to:Comply with applicable law, legal process, or lawful government requestEnforce our TermsProtect the rights, property, or safety of GospelGram, our Users, or othersInvestigate suspected fraud, abuse, or security issues4.5 Business TransfersIf GospelGram or Theodoxia LLC is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer that changes how your data is handled.4.6 With Your ConsentFor any purpose not described above, we will share your data only with your explicit consent.5. Your Rights and Choices5.1 Universal RightsRegardless of where you live, you can:Access and edit your profile information from in-app settings.Delete your account through the in-app account deletion flow, which will remove your profile, posts, and associated data (subject to retention obligations in Section 7).Export your data by emailing support@gospelgram.com. We will provide a copy of your personal data in a portable format within 30 days.Stop receiving non-essential emails using the unsubscribe link in the email. Transactional emails (donation receipts, account notifications) cannot be disabled while your account is active.5.2 Rights for EU / UK / EEA Residents (GDPR)If you are in the European Union, United Kingdom, or European Economic Area, you additionally have the right to:Request access to your personal dataRequest correction of inaccurate dataRequest deletion ("right to be forgotten")Object to or restrict certain processingRequest data portabilityWithdraw consent at any time (where processing is based on consent)Lodge a complaint with your national data protection authorityTo exercise these rights, email support@gospelgram.com. We will respond within 30 days.Legal bases for processing: We process your data under the following lawful bases:Contract — to provide the Service you signed up forLegitimate interest — to operate, secure, and improve the ServiceConsent — for optional features (e.g., marketing emails, if you opt in)Legal obligation — to comply with laws such as tax and anti-fraud regulations5.3 Rights for California Residents (CCPA / CPRA)If you are a California resident, you have the right to:Know what personal information we collect, use, and shareDelete your personal information (subject to certain exceptions)Correct inaccurate personal informationLimit use and disclosure of sensitive personal informationOpt out of the "sale" or "sharing" of personal information (we do not sell or share personal information as defined by the CCPA, but you may still submit a request for confirmation)Not be discriminated against for exercising these rightsTo exercise these rights, email support@gospelgram.com. You may designate an authorized agent to act on your behalf.5.4 Other JurisdictionsIf you live in a jurisdiction with additional privacy rights (e.g., Brazil under LGPD, Canada under PIPEDA, Virginia under VCDPA, Colorado under CPA), you may also have rights under those laws. Email support@gospelgram.com with your request and we will comply with applicable law.6. Cookies and Similar TechnologiesWe use cookies and similar technologies on our website to:Keep you signed inRemember your preferencesUnderstand how the Service is usedDetect and prevent fraudSee our Cookie Policy at www.gospelgram.com/cookies for specifics. You can manage cookie preferences through our cookie consent banner and your browser settings.7. Data RetentionWe retain your information for as long as your account is active and as needed to provide the Service. After account deletion:Profile, posts, and user content — deleted within 30 days, except where retention is required by law.Donation and transaction records — retained for up to 7 years for tax, accounting, and legal compliance purposes.Fraud, safety, and abuse records — retained as necessary to protect the Service and its Users.Aggregated or anonymized data — may be retained indefinitely, as it cannot be associated with you.8. International Data TransfersGospelGram operates from the United States. If you use the Service from outside the U.S., your data will be transferred to and processed in the U.S. For transfers from the EU, UK, or Switzerland, we rely on Standard Contractual Clauses or other approved mechanisms to protect your data.9. SecurityWe take reasonable administrative, technical, and physical safeguards to protect your information, including:Encryption of data in transit (TLS)Encryption of data at rest where supported by our providersAccess controls and least-privilege authentication for our teamRoutine security reviews and monitoringNo system is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your password confidential. If you suspect unauthorized access to your account, contact us immediately at support@gospelgram.com.10. Children's PrivacyThe Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will delete it promptly. If you believe a child has provided us with personal information, contact us at support@gospelgram.com.Users between 13 and 18 should have parental or legal guardian consent to use the Service.11. Third-Party Links and ServicesThe Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those parties. Their policies govern their use of your data.12. Changes to This PolicyWe may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice at least 14 days before they take effect. The "Last Updated" date above indicates the most recent revision.13. Contact UsFor privacy questions, data access requests, or to exercise your rights:Email: support@gospelgram.comMail: Theodoxia LLCFor EU/UK representatives, a designated representative will be appointed if required by law. Contact details will be listed here upon appointment.
We write this Policy in a way we hope feels honest and human. If anything is unclear, ask us.1. Introduction and AcceptanceWelcome to GospelGram.
General support: support@gospelgram.comLegal: support@gospelgram.comMail: Theodoxia LLC
By using GospelGram, you acknowledge that you have read, understood, and agree to these Terms of Service.