Privacy Policy

Our Commitment

Ekkora is built to serve churches and their members — including elderly and vulnerable populations. We take privacy seriously and are committed to being transparent about what data we collect, why we collect it, and how it is used. We collect the minimum data necessary to operate the Service.

1. Information We Collect

From Church Administrators:

• Name and email address (for account creation and login)
• Church name, logo, brand colors, and configuration settings
• URLs, phone numbers, and email addresses entered for tile configuration
• Login activity timestamps

From Church Members (End Users):

• We do not require church members to create accounts or provide personal information
• We collect anonymous, aggregated page view counts (not per-user — just daily totals) for the church analytics dashboard
• We do not collect names, email addresses, or any personally identifying information from members who view church pages

From Contact Form Submissions:

• Name, email, church name, and message content submitted through the landing page contact form
• This information is used solely to respond to your inquiry

Automatically Collected:

• Standard server logs (IP address, browser type, referring URL) for security and error monitoring
• These logs are retained for 30 days and are not used for advertising or tracking

2. Prayer Requests and Care Requests

When a church member submits a prayer request or care request through a church's Ekkora page, the message is transmitted via email directly to the church's configured email address. Ekkora does not retain the content of these submissions beyond what is necessary for transmission. Prayer request content is not stored in our database.

The recipient of prayer requests is the church, not Ekkora. The church's handling of that information is governed by its own pastoral care policies.

3. How We Use Information

We use the information we collect to:

• Operate and maintain the Service
• Authenticate admin users and protect account security
• Provide church administrators with aggregated usage statistics
• Respond to support requests and contact form submissions
• Send administrative notices related to the Service (billing, policy updates)
• Diagnose and fix technical issues

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in this policy.

4. Data Sharing

We may share information with:

• Hosting providers (DigitalOcean) — for infrastructure operation. DigitalOcean's servers are located in the United States.
• Email delivery — standard email transmission for prayer/care request forwarding and admin notifications
• Legal authorities — if required by law, court order, or to protect the safety of users

We have no advertising partners, analytics third parties, or data brokers.

5. Cookies and Tracking

The Ekkora admin portal uses a session cookie to maintain your login state. This is a strictly necessary functional cookie and does not track you across websites.

The public church member pages do not set cookies or use tracking scripts. No third-party analytics tools (Google Analytics, Facebook Pixel, etc.) are used on member-facing pages.

6. Data Retention

• Church account and configuration data: retained while account is active + 90 days after termination
• Admin user records: retained while account is active + 90 days after termination
• Page view statistics: aggregated counts retained indefinitely (no individual user data)
• Server logs: 30 days
• Contact form submissions: retained in email only (not in our database)

7. Security

We implement appropriate technical safeguards including:

• HTTPS encryption for all traffic (TLS)
• Bcrypt password hashing for admin accounts
• CSRF token protection on all forms
• Parameterized database queries (no SQL injection risk)
• Input sanitization and output escaping throughout
• Session management with configurable timeout

No system is perfectly secure. In the event of a data breach affecting your church's information, we will notify you by email within 72 hours of becoming aware of the breach.

8. Children's Privacy

The Service is intended for use by churches and their adult members. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us at hello@ekkora.com and we will delete it.

9. Your Rights

As a church administrator, you have the right to:

• Access the information stored in your account at any time via the admin portal
• Update or correct your account information via the settings page
• Request deletion of your account by emailing hello@ekkora.com
• Export your church configuration data upon request

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered church administrators via email. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact Us

Questions, concerns, or requests regarding this Privacy Policy should be directed to: hello@ekkora.com