Shepherd HQ

Privacy Policy

Last updated: January 2026

Introduction

Shepherd HQ (“we”, “our”, “us”) operates shepherd-hq.org. This policy describes how we collect, use, and protect information from churches and their authorized representatives who use our pastoral care platform. We are committed to safeguarding the trust churches place in us when managing sensitive congregation data. This Privacy Policy applies to all users of our platform, including church administrators, pastoral staff, and any authorized representatives accessing our services.

Information We Collect

We collect information necessary to provide and improve our pastoral care platform. The types of information we collect include:

Church Account Information

When your church registers for Shepherd HQ, we collect organizational details including church name, physical address, denomination or affiliation, church size, and primary contact information. This information is used to set up and manage your church’s account on our platform.

Authorized User Information

For each authorized user added to your church’s account, we collect their name, email address, role within the church (such as senior pastor, associate pastor, care team member, or administrator), and authentication credentials. This information is used to manage access and permissions within your church’s account.

Congregation Member Data

Authorized church staff may enter congregation member information into the platform as part of pastoral care activities. This may include member names, contact details, care needs, visit notes, prayer requests, and other pastoral information. This data is entered and managed solely by your church’s authorized staff.

Usage Data and Analytics

We automatically collect certain technical information when you use our platform, including browser type, device information, IP address, pages visited, features used, and timestamps. This data helps us understand how our platform is used and how we can improve it.

Lead Capture Form Submissions

When you submit information through our website forms, such as requesting a demo, signing up for a pilot program, or contacting our sales team, we collect the information you provide including name, email address, church name, and any additional details you choose to share.

How We Use Information

We use the information we collect for the following purposes:

  • Provide and improve platform services. We use your information to deliver our pastoral care platform, including care routing, congregation insights, team coordination, and all related features. We continually analyze how the platform is used to make improvements and develop new features.
  • Process church licensing and billing. We use church account information to manage your subscription, process payments, issue invoices, and handle any billing-related inquiries.
  • Send product updates and support communications. We may use your contact information to send important platform updates, security notices, feature announcements, and to respond to your support requests.
  • Analyze platform usage to improve features. We use aggregated and anonymized usage data to understand how churches use our platform, identify areas for improvement, and prioritize new feature development.

Data Ownership

Your church owns its data. Congregation member information entered into Shepherd HQ belongs to your church. We are a data processor acting on your church’s behalf.

This means that your church retains full ownership and control over all congregation data entered into the platform. We will not sell, share, or use your congregation data for any purpose other than providing the services your church has subscribed to. Your church may request export of all its data at any time in a standard, portable format.

We process congregation data solely according to your church’s instructions and in compliance with our agreement with your church. We do not access or analyze individual congregation member data for our own purposes.

Data Security

All data is encrypted in transit (TLS 1.3) and at rest. Data is stored on Cloudflare’s global network with enterprise-grade security.

We implement a comprehensive set of technical and organizational security measures to protect your data, including:

  • End-to-end encryption for all data in transit using TLS 1.3, the latest transport layer security protocol.
  • Encryption at rest for all stored data, ensuring your congregation information is protected even in storage.
  • Role-based access controls that ensure only authorized users within your church can access sensitive data.
  • Regular security audits and vulnerability assessments to identify and address potential threats.
  • Hosting on Cloudflare’s globally distributed infrastructure, which provides DDoS protection, Web Application Firewall (WAF), and enterprise-grade physical security.

Data Retention

We retain church account data for the duration of your subscription plus 90 days. You may request complete data deletion at any time.

Upon termination or expiration of your subscription, we will retain your data for a grace period of 90 days to allow your church to export its data or reactivate the account. After this 90-day period, all church and congregation data will be permanently deleted from our systems, including backups, within 30 additional days.

If your church requests immediate data deletion prior to the end of the retention period, we will process the request within 10 business days and provide confirmation once deletion is complete.

Third-Party Services

We use a limited number of trusted third-party services to operate our platform. These services are carefully selected and contractually bound to protect your data:

  • Cloudflare — Provides hosting infrastructure, content delivery, and security services. Cloudflare processes data in accordance with their privacy policy and our data processing agreement.
  • Payment Processor — Handles all billing and payment transactions. We do not store full credit card numbers on our servers. All payment data is processed in compliance with PCI DSS standards.

We do not sell or share your data with advertisers or data brokers. We do not use your congregation data for any marketing purposes.

Children’s Privacy

Shepherd HQ is designed for use by authorized church staff. We do not knowingly collect information from children under 13.

Our platform is intended for use by adults who are authorized representatives of their church. If a church enters information about minor congregation members as part of their pastoral care activities, that data is managed under the church’s authority and responsibility. If we learn that we have directly collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly.

Your Rights

As a church using Shepherd HQ, you have the following rights regarding your data:

  • Right to Access. You may request a complete copy of all data associated with your church’s account at any time. We will provide this data in a standard, machine-readable format within 30 days of your request.
  • Right to Correction. You may update or correct any information in your church’s account at any time through the platform, or by contacting our support team for assistance.
  • Right to Deletion. You may request the complete deletion of your church’s account and all associated data. Upon receiving a verified deletion request, we will permanently remove all data within 10 business days.
  • Right to Data Portability. You may request an export of your church’s data in a structured, commonly used, and machine-readable format at any time. This allows your church to transfer its data to another service provider if desired.

To exercise any of these rights, please contact us at the address provided below. We will respond to all requests within 30 days.

Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@shepherd-hq.org

We aim to respond to all privacy-related inquiries within 5 business days.

Updates to This Policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify all active church account holders via email and post a prominent notice on our platform.

We encourage you to review this policy periodically. Your continued use of Shepherd HQ after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

Last updated: January 2026