Back home

Privacy Policy

Last updated: April 17, 2026

GraceSquad (“we,” “us”) is a volunteer-coordination and church-management platform. This policy explains what we collect, why, and what you can do about it. Plain English — no dark patterns, no selling data.

What we collect

  • Account information you give us when you sign up or contact us: name, email, phone, organisation name. We use this to reply to you and to operate the service.
  • Volunteer and member records that your organisation stores inside GraceSquad (rosters, schedules, skills, availability, giving history, etc.). Your organisation is the data controller for these records; we are the data processor acting on their behalf.
  • Usage logs: HTTP access logs, error logs, and application traces. Retained for up to 30 days for debugging and abuse detection. No third-party analytics cookies.

What we do not do

  • We do not sell, rent, or share your personal data with third parties for marketing.
  • We do not load tracking scripts from ad networks or social platforms.
  • We do not track you across other websites.

Processors we rely on

To operate the service we share specific data with a small set of infrastructure vendors, under contracts that restrict them to processing on our behalf:

  • Clerk — user authentication and session management.
  • Stripe — payment processing for online giving and subscription billing.
  • Mailgun — transactional email delivery.
  • Twilio — SMS shift reminders (optional per organisation).
  • Cloudflare R2 — file storage (profile photos, forms, documents).
  • Amazon Lightsail — application hosting.

Contact-form submissions

When you fill out the contact form on this site, we receive your name, email, and message so we can reply. We do not add you to a marketing list. If you ask us to forget your message we will delete it within 14 days.

Your rights

You can ask us to access, correct, or delete your personal data at any time by emailing hello@mg.gracesquad.org. If your organisation is the controller of the records (volunteer rosters, giving history, etc.), direct the request to them first; we will assist.

Children

GraceSquad is not intended for direct use by children under 13. Organisations using the child check-in module are responsible for obtaining parental consent before recording information about minors.

Cookies

We set a minimal set of strictly-necessary cookies for session management (Clerk auth token, CSRF token). We do not set advertising or analytics cookies. No cookie banner is needed under ePrivacy for strictly-necessary cookies.

Changes

If we materially change this policy we’ll notify the primary contact on each account by email at least 30 days before the change takes effect.

Contact

Questions, concerns, or rights requests: hello@mg.gracesquad.org.

© 2026 GraceSquad · Privacy · Terms · Contact