Privacy Policy

Confide is owned and operated by Kingdom Digital Media, LLC, a Florida-based limited liability company ("Company," "we," "us," or "our"). We are committed to protecting your privacy and the privacy of your church members. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our church management software platform. This Privacy Policy applies to all visitors, users, and others who access or use Confide and tells you about your privacy rights and how the law protects you. We use your personal data to provide and improve our service. By using Confide, you agree to the collection and use of information in accordance with this Privacy Policy.

We understand the sensitive nature of church data and are committed to maintaining the highest standards of data protection and privacy.

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• "Account" means a unique account created for you to access our Service or parts of our Service.
• "Company" (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Kingdom Digital Media, LLC, located in Florida, United States.
• "Country" refers to the United States.
• "Cookies" are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.
• "Device" means any device that can access the Service such as a computer, a cell phone or a digital tablet.
• "Personal Data" is any information that relates to an identified or identifiable individual.
• "Service" refers to Confide, our church management platform.
• "Service Provider" means any natural or legal person who processes the data on behalf of the Company.
• "Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
• "Website" refers to Confide, accessible from https://confidecloud.com
• "You" means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Address, State, Province, ZIP/Postal code, City
• Church information and role
• Usage Data

Church Member Data

As a church management platform, we process member information that you choose to store in our system, including but not limited to:

• Communication preferences and contact information
• Personal information such as names, date of birth, gender, addresses, marital status, and other demographic information
• Attendance or giving records
• Ministry involvement
• Volunteer and service records
• Prayer requests and pastoral care notes

Usage Data

As you interact with our Service, certain information is automatically generated and collected to help us understand how the platform is being used and to improve your experience. This technical and behavioral data encompasses various aspects of your digital interaction with our systems.

The scope of automatically collected information varies depending on how you access our Service, whether through desktop browsers or mobile applications, and includes both technical identifiers and usage patterns that help us maintain and enhance our platform's functionality.

This comprehensive data collection enables us to better understand user behavior and platform performance through various metrics and insights, including:

• Content viewing patterns and media engagement history
• Feature utilization and interaction methodologies
• Behavioral analytics and engagement measurement data
• User preference indicators and usage optimization patterns
• Session characteristics and platform access frequency
• Navigation pathways and user journey analytics

We use Cookies and similar tracking technologies to track the activity on our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some parts of our Service.

Types of Cookies We Use

• Necessary / Essential Cookies: These Cookies are essential to provide you with services available through the Website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts.
• Functionality Cookies: These Cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language preference.
• Analytics Cookies: These Cookies are used to track information about traffic to the Website and how users use the Website to help us improve our Service.

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.
• To manage your Account: to manage your registration as a user of the Service. The Personal Data you provide can give you access to different functionalities of the Service that are available to you as a registered user.
• For the performance of a contract: the development, compliance and undertaking of the purchase contract for the services you have purchased or of any other contract with us through the Service.
• To contact you: To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
• To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
• To manage your requests: To attend and manage your requests to us.
• For business transfers: We may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our Service users is among the assets transferred.
• For other purposes: We may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We do not and will never sell, trade, or otherwise transfer your personal information to third parties except as described in this policy. We may share your personal information in the following situations:

• With Service Providers: We may share some of your personal information with Service Providers to monitor and analyze the use of our Service, or for payment processing - to contact you about the payment.
• For business transfers: We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
• With Affiliates: We may share some of your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any other subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
• With business partners: We may share your information with our business partners to offer you certain products, services or promotions.
• Legal and Government Requests: We may disclose your personal information if required by law or in response to valid legal requests from government organizations, law enforcement agencies, or other official authorities. This includes compliance with warrants, court orders, subpoenas, or other lawful government requests for information.
• With your consent: We may disclose your personal information for any other purpose with your consent.

Government Requests and Legal Compliance

As a SaaS provider, we may be legally compelled to disclose customer data to government agencies under certain circumstances. We are committed to protecting your privacy while complying with applicable laws and regulations.

Our Approach to Government Requests

• Case-by-Case Review: We review all government requests for customer data individually to ensure they are lawful and valid
• Challenge Invalid Requests: We reserve the right to challenge requests that we believe are unlawful, overly broad, or invalid
• Minimum Necessary Disclosure: When legally required to disclose information, we limit disclosure to the minimum necessary to comply with the request
• Customer Notification: Where legally permissible, we will attempt to notify affected customers of government requests for their data

Legal Framework

Our disclosure obligations may arise under various legal frameworks, including but not limited to the CLOUD Act, which allows U.S. law enforcement to compel service providers to disclose data regardless of where it is stored. We also recognize principles of international comity and may resist disclosure if it conflicts with the laws of other jurisdictions.

Emergency Situations

In cases of imminent danger or serious threat to public safety, we may disclose information to government agencies without prior legal process to prevent harm, consistent with applicable emergency disclosure provisions.

For church member data stored in our Service, we typically act as a data processor while your church organization acts as the data controller. This means your church determines the purposes and means of processing personal data, while we process the data on your behalf according to your instructions.

Data Processing Agreement (DPA): We provide a comprehensive Data Processing Agreement that outlines our respective responsibilities for handling personal data. This DPA is available upon request and covers data security measures, sub-processor arrangements, and data subject rights procedures.

Religious Data Processing: We understand that churches may process sensitive personal data. Sensitive personal data may include religious beliefs, prayer requests, counseling notes, or other information subject to special protections under data protection laws. Under GDPR Article 9(2)(d), processing of such data is permitted when carried out by religious organizations in the course of their legitimate activities. Churches are responsible for ensuring they have appropriate legal bases for processing sensitive data and obtaining explicit consent where necessary.

Important Notice

Failure to comply with applicable data protection laws, including but not limited to obtaining proper consent for sensitive data processing or violating data subject rights, may result in suspension or termination of your Service access. Churches must ensure compliance with all applicable privacy laws in their jurisdiction.

The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

Retention Timeframes

• Account Data: Retained for the duration of your active subscription plus 30 days after account closure
• Church Member Data: Retained according to your church's data retention policies and instructions as data controller
• Financial Records: Retained for 7 years to comply with accounting and tax obligations
• Usage Data: Generally retained for 2 years for analytics and service improvement purposes
• Support Communications: Retained for 3 years to maintain service quality and resolve disputes
• Legal Hold Data: Retained as required by law or pending legal proceedings

Upon account deletion, we will delete your data within the specified timeframes unless we are legally obligated to retain certain information for longer periods.

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. This means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For international transfers, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for transfers to countries without adequacy decisions
• Adequacy Decisions: We rely on European Commission adequacy decisions where available
• Additional Safeguards: We implement technical and organizational measures to ensure data protection equivalent to EU standards

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Similar rights may apply to residents of other U.S. states with comprehensive privacy laws.

Your California Privacy Rights

• Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You can opt out of the sale or sharing of your personal information (Note: We do not sell personal information)
• Right to Correct: You can request correction of inaccurate personal information
• Right to Limit Use: You can limit the use and disclosure of sensitive personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

How to Exercise Your Rights

To exercise these rights, contact us at hello@confidecloud.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law (typically 45 days, with possible 45-day extension).

Do Not Sell or Share My Personal Information

We do not sell or share personal information as defined by the CCPA. If our practices change, we will update this policy and provide appropriate opt-out mechanisms.

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

The security of your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection
• Incident response and breach notification procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities in accordance with applicable law. For GDPR-covered incidents, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and affected individuals without undue delay when the breach is likely to result in high risk.

For U.S. state law requirements, we will provide notification in accordance with applicable state breach notification laws. We will also notify churches (as data controllers) of any breaches affecting their member data so they can fulfill their own notification obligations.

The Service Providers we use may have access to your Personal Data. These third-party vendors collect, store, use, process and transfer information about your activity on our Service in accordance with their Privacy Policies.

Analytics

We may use third-party Service providers to monitor and analyze the use of our Service to improve user experience and platform functionality.

Our Service is designed for use by churches and religious organizations. While our Terms of Service allow access for users 13 and older, we are committed to protecting children's privacy in accordance with the Children's Online Privacy Protection Act (COPPA).

Children Under 13

We do not knowingly collect personally identifiable information from children under 13 years of age. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us immediately at hello@confidecloud.com.

If we become aware that we have collected Personal Data from a child under 13 without verification of parental consent, we take immediate steps to remove that information from our servers.

Parental Rights

Parents and guardians have the right to review, delete, and refuse further collection of their child's personal information. If we need to rely on consent as a legal basis for processing information and your jurisdiction requires parental consent, we will obtain such consent before collecting and using that information.

To protect your privacy and security, we have established verification procedures for data subject requests (access, deletion, correction, etc.).

Verification Process

• Identity Verification: We will verify your identity using information we have on file, such as email address and account details
• Additional Documentation: For sensitive requests, we may require additional verification such as government-issued ID
• Authorized Agents: If you use an authorized agent, we will verify both your identity and the agent's authority to act on your behalf
• Response Timeframe: We will acknowledge your request within 10 business days and provide a substantive response within 45 days (with possible 45-day extension)

Request Methods

You can submit data subject requests by emailing us at hello@confidecloud.com with "Privacy Request" in the subject line. Please include your full name, email address associated with your account, and a detailed description of your request.

Our Service may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). We are committed to complying with GDPR requirements and respecting your privacy rights.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary for the performance of our contract with you
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Service
• Legal Compliance: Processing necessary to comply with legal obligations
• Consent: Where you have given explicit consent for specific processing activities

Your GDPR Rights

Under GDPR, you have the following rights:

• Right of Access: You can request copies of your personal data
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data under certain circumstances
• Right to Restrict Processing: You can request limitation of processing under certain circumstances
• Right to Data Portability: You can request transfer of your data to another service provider
• Right to Object: You can object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent

Exercising Your Rights

To exercise any of these rights, please contact us at hello@confidecloud.com. We will respond to your request within one month. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at hello@confidecloud.com.

In addition to GDPR rights (if applicable), you have the right to:

• Access and update your personal information through your account settings
• Request deletion of your data
• Opt out of certain communications
• Request a copy of your data
• Restrict or object to certain processing activities
• Data portability - receive your data in a structured, commonly used format

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, you can contact us by sending us an email at hello@confidecloud.com

We are committed to resolving any privacy concerns you may have and will respond to your inquiries promptly.