Privacy Policy
Who we are
ShireOS is a church management platform built and operated by Crenel Systems. Questions about this policy or your data: matt@crenelsystems.com.
What we collect
- Account information — name, email, and role, for the people who sign in.
- Church records — the information a church enters or syncs into its own workspace: people and households, attendance, giving history, volunteer service, groups, documents, and notes. These records belong to the church, which controls them.
- Giving and payments — processed by Stripe. We receive transaction records (amount, fund, date); we never see or store full card or bank numbers.
- Technical data — logs, device and usage information needed to run and secure the service.
How we use it
- To operate the platform for your church — nothing more exotic than that.
- We never sell personal data. Not to advertisers, not to data brokers, not to anyone.
- We never use your church's data to train AI models — ours or anyone else's. AI features read your church's data only to serve your church (drafting, ranking, answering questions), inside your church's own workspace.
- Every church's data is isolated from every other church's. Sensitive records (for example, pastoral-care and discipline notes) are restricted to the roles the church designates, are excluded from AI features entirely, and access to them is logged.
When data is shared
- Service providers that host and run the platform under contract: Supabase (database), Railway (application hosting), Stripe (payments), Resend (email). They process data only to provide their service to us.
- Church-directed sharing — some features let a church deliberately share specific data with another church or a partner (for example, federation calendar sharing, or a business owner listing on a partner network). These always require explicit action and, where an individual's information leaves the platform, that individual's consent.
- Legal requirements — if the law compels disclosure, we limit it to what is required and tell the affected church unless legally barred.
Children
Records about children in a congregation (for example, kids-ministry check-ins) are entered and controlled by the church as ministry records, are invisible to non-certified app users, and are excluded from AI features. We do not knowingly collect information directly from children.
Security
Data is encrypted in transit; access is enforced with row-level security scoped to each church; privileged and sensitive-record access is audited. No system is perfectly secure, and we will notify affected churches promptly of any breach that affects their data.
Your rights
Members should direct requests about their records to their church, which controls them. You may also contact us directly to access, correct, or delete personal data we hold about you, and we will respond within 30 days.
Changes
We will post updates to this page and note the effective date above. Material changes will be announced to churches directly.