Privacy Policy

Last updated: March 1, 2026

Introduction

Kinship ("we," "our," or "us") operates the usekinship.com website and the Kinship church management platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We take the privacy of your data seriously — especially given the sensitive nature of church membership information. Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored in hashed form). If you register a church, we also collect the church name, address, and other organizational details you provide.

Member Data

Your church stores member information in the Service, which may include names, email addresses, phone numbers, mailing addresses, family relationships, birthdays, group memberships, attendance records, giving history, and other information you choose to store. This data is owned by your church and processed by us on your behalf.

Usage Data

We automatically collect certain information when you access the Service, including your IP address, browser type, operating system, referring URLs, pages visited, and the dates and times of your visits. We use this information to analyze trends, administer the Service, and improve user experience.

Payment Information

If you subscribe to a paid plan, your payment information (credit card number, billing address) is collected and processed by our third-party payment processor. We do not store full credit card numbers on our servers. We retain transaction records for accounting and support purposes.

Communication Data

When you use our communication features (email, SMS), we store message content, recipient lists, and delivery metrics (open rates, click rates) to provide the Service and generate analytics for your church.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Send you Service-related communications (account verification, billing, security alerts, support)
  • Deliver email and SMS messages on behalf of your church to your members
  • Generate aggregated, anonymized analytics to improve our Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

How We Share Your Information

We do not sell your personal information or your church's member data. We share information only in the following circumstances:

Service Providers

We use third-party service providers to help us operate the Service, including cloud hosting, email delivery, SMS delivery, payment processing, and analytics. These providers have access to your information only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Data Retention

We retain your account information and your church's data for as long as your account is active. If you cancel your subscription, we retain your data for 90 days to allow for reactivation. After 90 days, your data is permanently deleted from our active systems. Backups may retain data for up to an additional 30 days before being purged.

You may request data export at any time through the Service or by contacting support. We will provide your data in a standard, machine-readable format within 30 days of the request.

Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Password hashing using industry-standard algorithms
  • Regular security audits and vulnerability assessments
  • Role-based access controls within the platform
  • Automated backups with encrypted storage

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). These include:

  • Right to access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can request that we correct inaccurate or incomplete data.
  • Right to erasure — You can request that we delete your personal data.
  • Right to restrict processing — You can request that we limit how we use your data.
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to object — You can object to our processing of your personal data.

To exercise any of these rights, please contact us at privacy@usekinship.com. We will respond to your request within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to know — You can request information about the categories and specific pieces of personal information we have collected about you.
  • Right to delete — You can request deletion of your personal information.
  • Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.

We do not sell personal information as defined by the CCPA. To exercise your rights, contact us at privacy@usekinship.com.

Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information directly from children under 16, and children cannot create accounts or interact with the Service directly.

However, churches using the Service may store information about minors — such as names, dates of birth, family relationships, attendance records, and check-in data — as part of their membership and child safety operations. In this context, Kinship acts as a data processor on behalf of the church, which remains the data controller responsible for obtaining appropriate parental consent and complying with applicable child privacy laws, including COPPA. Kinship processes this data solely at the church's direction, does not use it for any independent purpose, and applies the same security safeguards as all other membership data.

Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze usage patterns. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly without cookies.

We use the following types of cookies:

  • Essential cookies — Required for authentication and core functionality.
  • Analytics cookies — Help us understand how visitors use the Service.

We do not use advertising or third-party tracking cookies.

New York Privacy Rights

Kinship is operated from New York State. In accordance with the New York SHIELD Act (Stop Hacks and Improve Electronic Data Security Act), we implement reasonable safeguards to protect the security, confidentiality, and integrity of private information, including:

  • Administrative safeguards — Designated security personnel, risk assessments, and employee training on data handling.
  • Technical safeguards — Assessment and testing of security controls, monitoring for unauthorized access, and encryption of data in transit and at rest.
  • Physical safeguards — Controls to detect, prevent, and respond to intrusions, and protection against unauthorized access to data during disposal.

In the event of a data breach involving private information of New York residents, we will notify affected individuals and the New York Attorney General in accordance with New York General Business Law Section 899-aa, within the most expedient time possible and without unreasonable delay.

Governing Law

This Privacy Policy is governed by the laws of the State of New York, United States.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will send an email notification to the address associated with your account.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@usekinship.com
  • Website: usekinship.com