1310 Connect Privacy Policy

1. Introduction

National Road Church of Christ ("we," "us," or "our") operates the 1310 Connect mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the App.

By using the App, you agree to the collection and use of information in accordance with this policy. The App is a private, invite-only platform exclusively for members and attendees of National Road Church of Christ.

2. Information We Collect

Information You Provide

• Account Information: Name, email address, and password when you register using an invitation code. If you sign in with Apple or Google, we receive your name and email from those providers.
• Profile Information: Display name, phone number, and profile photo.
• Household Information: Home address, household phone number, household email, household members, household photo, and children's names that you choose to share in the church directory.
• Communications: Messages you send through group chats, direct messages, prayer requests, and feed posts.
• Event Activity: RSVP responses (including family count), volunteer task signups, and service opportunity participation.
• Bible Reading: Your Bible reading progress and plan activity.
• Notification Preferences: Your choices for push notifications, email, SMS, and urgent call alerts.

Information Collected Automatically

• Device Information: Device type and Expo push notification tokens used solely for delivering push notifications to your device.
• Login Activity: Timestamps of your login sessions to support account security features such as inactive account detection and failed login attempt tracking.

Information We Do Not Collect

• We do not collect location data, browsing history, advertising identifiers, or any data for advertising or marketing purposes.
• We do not use analytics tracking services, cookies, or third-party ad networks.

3. How We Use Your Information

We use your information exclusively for the following church community purposes:

• Provide and maintain the App's features, including messaging, events, the member directory, Bible reading plans, and prayer requests.
• Send you push notifications about church activities, announcements, new messages, event reminders, and prayer requests.
• Deliver SMS text messages for church announcements, reminders, and urgent communications (only if you have opted in via your profile settings).
• Deliver automated voice calls for urgent, time-sensitive church communications (only if you have opted in to urgent call alerts).
• Send email broadcasts about church announcements and updates (only if you have opted in to email notifications).
• Manage your membership and household information within the congregation directory.
• Moderate content to maintain a respectful, safe, and Christ-centered community environment.
• Secure your account through password hashing, login attempt monitoring, and account lockout protection.

We will never use your information for advertising, marketing to third parties, data brokering, or any purpose unrelated to the church community.

4. Data Security

We take the security of your personal information seriously and implement multiple layers of protection:

Encryption

• Encryption at Rest: Sensitive personal data including phone numbers, home addresses, and household contact information are encrypted using AES-256-GCM encryption before being stored in our database. This is a military-grade encryption standard.
• Password Security: All passwords are hashed using bcrypt with salting before storage. We never store plaintext passwords. Passwords must meet strength requirements including minimum length, uppercase, lowercase, numbers, and special characters.
• Secure Connections: All data transmitted between your device and our servers travels over HTTPS/TLS encrypted connections.

Access Protection

• Account Lockout: After 3 consecutive failed login attempts, accounts are temporarily locked for 15 minutes to prevent unauthorized access attempts.
• Session Management: Login sessions expire after 30 days, requiring re-authentication.
• Password Reset: Password reset codes are time-limited (15 minutes) and rate-limited to prevent abuse.
• Inactive Account Monitoring: Accounts inactive for 180+ days are flagged for review by administrators.
• Invitation Expiry: Registration invitation codes automatically expire after 14 days.

Content Moderation

• Local Processing: All content moderation (word filtering for group messages, direct messages, and prayer requests) is performed entirely on our own server. No message content is sent to any third-party service for moderation or analysis.
• Admin Controls: Church administrators can hide inappropriate content and review flagged items, keeping the community safe without exposing content externally.

5. SMS and Voice Communications

If you enable SMS notifications in your profile settings, you may receive text messages about church announcements, reminders, prayer requests, and urgent communications. If you enable urgent call alerts, you may also receive automated voice calls for time-sensitive matters.

Message and data rates may apply. Message frequency varies based on church activities (typically 1-5 messages per week).

You can opt out at any time by replying STOP to any text message, or by disabling SMS notifications in the App's profile settings. For help, reply HELP to any message.

SMS and voice calls are delivered through Twilio, a trusted third-party communications provider. Only your phone number and the message content are shared with Twilio for delivery purposes. Email broadcasts are delivered through SendGrid. Only your email address and the message content are shared for delivery.

For more details about our SMS program, visit our SMS Opt-In Information page.

6. Information Sharing and Visibility

We do not sell, rent, or trade your personal information to any third parties for any purpose. Your information may be visible or shared in the following limited circumstances:

• Member Directory: Your name, profile photo, and household information (if provided) are visible to other authenticated church members through the App's directory. Your phone number and email address are only visible to church administrators.
• Group and Direct Messages: Messages you send are visible to other members of the group or conversation. Prayer requests marked "Leaders Only" are visible only to designated church leaders.
• Service Providers: We use the following trusted third-party services solely for delivering notifications:
  • Expo Push Notification service (push notifications to your device)
  • Twilio (SMS text messages and voice calls)
  • SendGrid (email broadcasts)
  These providers receive only the minimum information necessary to deliver messages (e.g., your phone number for SMS, your email for email) and are bound by their own privacy policies.
• Church Leadership: Administrators and group leaders may access information necessary to manage church activities, groups, events, and communications.
• Legal Requirements: We may disclose your information if required by law, subpoena, or court order, or to protect the safety of our members.

7. File and Image Storage

Profile photos, household photos, and any images shared within the App are stored directly in our database rather than on third-party cloud storage services. This means your images remain within our controlled infrastructure and are not distributed to external file hosting services.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the App's services. Specifically:

• Account and profile information is retained while your account is active.
• Messages and communications are retained as part of the ongoing conversation history for the community.
• Login sessions expire and are removed after 30 days of inactivity.
• Password reset codes are automatically deleted after use or expiration (15 minutes).
• If you request account deletion, we will remove your personal data within a reasonable timeframe, except where retention is required by law or necessary for the safety of the community.

9. Your Rights

You have the right to:

• Access and update your personal information at any time through the App's profile and household settings.
• Change your password at any time through the App's profile settings.
• Control your notification preferences (push, email, SMS, and urgent call alerts) through your profile settings.
• Opt out of SMS notifications by replying STOP to any message or disabling in the App.
• Request a copy of the personal data we hold about you by contacting a church administrator.
• Request deletion of your account by contacting a church administrator.
• Contact us with questions or concerns about your data at any time.

10. Children's Privacy

The App is intended for use by adult church members (18 years of age or older). We do not knowingly collect personal information from children under 18. Minor children may be listed in the household directory by their parent or legal guardian for family identification purposes, but they do not have individual accounts and cannot log in to or interact with the App.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Changes will be posted on this page with an updated effective date. We will make reasonable efforts to notify members of significant changes through the App. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise any of your rights described above, please contact us:

• Email: nationalroadcoc@gmail.com
• Phone: 304-242-2321
• Address: National Road Church of Christ, 1310 National Road, Wheeling, WV 26003