Privacy Policy

This Privacy Policy is effective as of the date last updated — see the Last Updated date at the top of this page.

Last Updated: [Date — insert before launch]

This Privacy Policy applies to the Communities OS platform operated by Communities OS, accessible at communitiesos.app.

Introduction

Communities OS ("we," "us," or "our") operates the communitiesos.app platform and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service — including when you visit our website, create an account, access the demo community, or use the Communities OS platform as an organization administrator or community member.

We are committed to protecting the privacy of the churches, nonprofits, professional associations, alumni organizations, ministries, foundations, volunteer organizations, and mission-driven businesses that use Communities OS — as well as the individual members of those communities. We built Communities OS specifically for mission-driven organizations and we take the privacy of your organizational data and your members' data seriously.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Contact Information:

If you have questions about this Privacy Policy, contact us at:

Information We Collect

We collect several types of information in connection with the operation of the Service. The types of information we collect depend on how you interact with Communities OS.

2.1 — Information You Provide Directly

Account Registration Information

When you create a Communities OS account or sign up for demo access, we collect:

  • First name and last name
  • Email address
  • Organization name
  • Organization type (church, nonprofit, association, etc.)
  • State or region (if provided)
  • Password (stored in encrypted form)

Contact Form Submissions

When you submit the contact form at communitiesos.app/contact, we collect:

  • First name and last name
  • Email address
  • Organization name
  • Organization type
  • State or region (if provided)
  • Inquiry type
  • Message content

Community Configuration Information

When you configure a Communities OS community as an organization administrator, we collect:

  • Community name and description
  • Brand assets including logos and color preferences
  • Custom domain information (Authority plan)
  • Channel and group structure preferences
  • Member permission and access settings

Payment Information

When you purchase a Communities OS subscription or done-for-you service, payment is processed through our third-party payment processor, Stripe. We do not store your full credit card number, CVV, or complete payment details on our servers. We receive and store:

  • Billing name and email address
  • Last four digits of payment card (for reference purposes)
  • Billing address
  • Subscription plan and billing history
  • Transaction confirmation identifiers

For information about how Stripe handles your payment data, please review the Stripe Privacy Policy at stripe.com/privacy.

Done-For-You Service Intake Information

When you engage a Communities OS done-for-you setup service, we collect:

  • Organization details and preferences provided through the service intake form
  • Brand assets provided for community configuration
  • Content and course materials submitted for platform setup
  • Technical credentials required for custom domain configuration (Authority plan only — handled securely and not retained after setup completion)

Community Member Data

When your organization uses Communities OS to operate a private community, member data is collected within your community platform. This data belongs to your organization — see Section 6 (Community Data Ownership) for details on how member data is handled, owned, and protected.

2.2 — Information Collected Automatically

When you access or use the Service, we automatically collect certain information about your device and usage activity:

Device and Technical Information

  • Device type, operating system, and browser type and version
  • IP address and approximate geographic location derived from IP address
  • Device identifiers
  • Screen resolution and display settings

Usage Information

  • Pages visited on communitiesos.app and within the platform
  • Features accessed and actions taken within the platform
  • Time and date of visits and feature usage
  • Session duration and navigation patterns
  • Referring URLs and exit pages

Log Data

  • Server logs recording access requests, error reports, and system performance data
  • Crash reports and performance data used for platform improvement

Cookies and Similar Tracking Technologies

See Section 7 (Cookies and Tracking Technologies) for detailed information about how we use cookies and similar technologies.

2.3 — Information From Third Parties

We may receive information about you from third-party sources including:

Payment Processors

Stripe provides transaction confirmation and billing status information when you purchase a subscription or service through the platform.

Analytics Providers

We use third-party analytics services to understand platform usage patterns and improve the Service. These services may collect usage data subject to their own privacy policies.

Integration Partners

If you connect third-party tools to your Communities OS community through available integrations, those tools may share relevant data with the platform in accordance with their own privacy policies and your configuration choices.

How We Use Your Information

We use the information we collect for the following purposes:

3.1 — To Provide and Operate the Service

  • Creating and managing your Communities OS account
  • Providing access to the demo community at communitiesos.app/demo
  • Processing subscription payments and managing billing through Stripe
  • Configuring and delivering done-for-you setup services
  • Providing technical support and responding to service inquiries
  • Maintaining the security and integrity of the platform
  • Delivering platform updates, feature releases, and system notifications

3.2 — To Communicate With You

  • Responding to contact form submissions, support requests, and service inquiries
  • Sending welcome emails and account access information
  • Providing follow-up resources related to demo access and platform evaluation
  • Sending subscription confirmation, billing receipts, and renewal notifications
  • Communicating service updates, policy changes, and important platform notices
  • Responding to press and media inquiries submitted through the contact form
  • Responding to partnership and integration inquiries

We do not make outbound sales calls to organizations or individuals who have not specifically requested a phone conversation. All proactive communications are delivered by email.

3.3 — To Improve the Service

  • Analyzing platform usage patterns to improve features and user experience
  • Identifying and resolving technical issues, bugs, and performance problems
  • Understanding how different organization types use the platform to inform feature development
  • Conducting internal research and analysis to improve platform capabilities

3.4 — To Protect the Service and Users

  • Detecting, preventing, and responding to fraud, abuse, and security threats
  • Enforcing our Terms of Service and other applicable policies
  • Complying with applicable legal obligations
  • Protecting the rights, property, and safety of Communities OS, our users, and the public

3.5 — Marketing Communications

If you have opted in to receive marketing communications from Communities OS, we use your email address to send:

  • Platform resource emails and educational content
  • Communities OS feature announcements and updates
  • Information about new done-for-you services and pricing
  • Organizational community management resources relevant to your organization type

You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at [email protected].

Submitting the demo access form, contact form, or any other form on communitiesos.app does not automatically enroll you in marketing communications unless you have specifically opted in.

How We Share Your Information

We do not sell your personal information to third parties. We do not share your personal information with third parties for advertising or marketing purposes. We share information only in the limited circumstances described below.

4.1 — Service Providers

We share information with third-party service providers that help us operate the Service. These providers are contractually required to use your information only for the purpose of providing services to us and are prohibited from using your information for their own commercial purposes. Our service providers include:

Payment Processing

Stripe — processes subscription payments and done-for-you service payments. Stripe's privacy policy is available at stripe.com/privacy.

Cloud Infrastructure and Hosting

The Communities OS platform is hosted on enterprise-grade cloud infrastructure. Our infrastructure providers maintain appropriate security controls and data protection practices.

Analytics Services

Third-party analytics providers help us understand platform usage. Analytics data is collected in aggregate or pseudonymous form where possible.

Email Delivery Services

Third-party email delivery services send transactional emails — welcome emails, access links, billing receipts, and support responses — on our behalf.

4.2 — Legal Requirements

We may disclose your information if required to do so by law or in response to a valid legal process including:

  • A court order, subpoena, or other legal process
  • A request from a government or law enforcement agency
  • Where disclosure is necessary to protect the rights, property, or safety of Communities OS, our users, or the public
  • Where disclosure is required to investigate or prevent fraud or illegal activity

4.3 — Business Transfers

In the event that Communities OS is involved in a merger, acquisition, asset sale, or other business transfer, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 — With Your Consent

We may share your information with third parties for purposes not described in this Privacy Policy when we have obtained your explicit consent to do so.

4.5 — Aggregated or De-Identified Information

We may share aggregated or de-identified information — information that cannot reasonably be used to identify you — for research, analysis, industry reporting, or other purposes. This information does not constitute personal information under applicable privacy laws.

Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy — unless a longer retention period is required or permitted by law.

Account Data

We retain account information for the duration of your active subscription. If you cancel your subscription, we retain your account data for a reasonable period following cancellation to allow for account reactivation, dispute resolution, and compliance with legal obligations — after which your account data is deleted or anonymized.

Community Data

Organization community data — including member lists, content, course materials, channels, and community configuration — is retained for the duration of your active subscription. See Section 6 (Community Data Ownership) for information about data export before cancellation.

Contact Form Data

Information submitted through the contact form is retained for internal communication documentation and support purposes. You may request deletion of contact form data by submitting a request to [email protected].

Payment Data

We retain billing and transaction records for the period required by applicable financial regulations and tax laws.

Analytics Data

Usage and analytics data is retained in aggregate or anonymized form for platform improvement purposes.

Community Data Ownership

This section is particularly important for organization administrators using Communities OS to operate a private community for their members.

6.1 — Your Organization Owns Its Data

Communities OS is a platform — not a data owner. When your organization uses Communities OS to build and operate a private community, your organization retains complete ownership of:

  • All member data including member names, email addresses, profiles, and engagement records
  • All content published in your community including posts, announcements, and discussions
  • All course materials, training libraries, and educational content uploaded to your community
  • All analytics and reporting data generated by your community's activity
  • All community configuration settings, branding assets, and customization

Communities OS does not claim ownership of, sell, or commercially exploit your organization's community data or your members' data.

6.2 — Data Export

Your organization can export your community data at any time — before, during, or following cancellation of your subscription. Data export options are available through your Communities OS admin dashboard. Communities OS does not withhold organizational data or impose export penalties at any time.

6.3 — Member Data Within Your Community

When your organization's members join your Communities OS community, they provide certain information — names, email addresses, profile details, and community activity — to your organization's community platform. As the community administrator, your organization is responsible for:

  • Informing your members about how their data is used within your community
  • Maintaining appropriate data privacy practices for your member data
  • Complying with applicable data protection laws in your jurisdiction as they relate to your organization's collection and use of member data

Communities OS processes member data within your community platform on behalf of your organization — as a data processor acting under your organization's direction as the data controller.

6.4 — Third-Party Integrations Within Communities

If your organization connects third-party integrations to your Communities OS community, those integrations may access member data within your community in accordance with your configuration choices and the privacy policies of those third-party services. Your organization is responsible for reviewing and accepting the privacy practices of any third-party integrations you enable within your community.

Cookies and Tracking Technologies

7.1 — What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help websites function properly, remember your preferences, and provide information about how visitors use the site. We also use similar technologies including web beacons, pixel tags, and local storage.

7.2 — Types of Cookies We Use

Strictly Necessary Cookies

These cookies are required for the platform to function. They enable core features including account login, session management, security, and platform navigation. You cannot opt out of strictly necessary cookies while using the Service.

Performance and Analytics Cookies

These cookies collect information about how visitors use our website and platform — which pages are visited most often, how visitors navigate the site, and where visitors encounter errors. We use this information to improve the Service. Analytics cookies may be set by us or by third-party analytics providers.

Functional Cookies

These cookies allow the platform to remember your preferences and settings — such as your language preferences, account settings, and community configuration choices — to provide a more personalized experience.

Marketing and Targeting Cookies

We may use cookies to track visitors to our website for the purpose of displaying relevant advertising or retargeting campaigns. You can opt out of marketing cookies through the cookie preference settings described below.

7.3 — Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

  • View cookies stored on your device
  • Delete existing cookies
  • Block cookies from specific websites or all websites
  • Set preferences for how your browser handles new cookies

Please note that disabling certain cookies may affect the functionality of the Service. Blocking strictly necessary cookies will prevent you from logging in or using core platform features.

You can also opt out of certain analytics tracking through the opt-out mechanisms provided by our analytics partners.

7.4 — Do Not Track

Some browsers include a "Do Not Track" feature that signals to websites that you do not want your online activity tracked. Because there is currently no consistent industry standard for responding to Do Not Track signals, our Service does not currently respond to Do Not Track browser signals. We will update this policy if a standard practice develops.

Data Security

We implement and maintain appropriate technical and organizational security measures designed to protect your information against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

  • Encryption of data in transit using industry-standard Transport Layer Security (TLS)
  • Encryption of sensitive data at rest
  • Secure access controls and authentication requirements for platform access
  • Regular security assessments and monitoring
  • Enterprise-grade cloud infrastructure with built-in security controls
  • Limited access to personal information by Communities OS personnel on a need-to-know basis
  • Contractual data security requirements for third-party service providers

No method of transmission over the internet or method of electronic storage is 100% secure. While we use commercially reasonable security measures, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

If you believe your account has been compromised or you have identified a security vulnerability, please contact us immediately at [email protected].

Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. This section describes those rights and how to exercise them.

9.1 — General Rights

Regardless of your location, you have the following rights with respect to your personal information:

Right to Access

You have the right to request a copy of the personal information we hold about you.

Right to Correction

You have the right to request that we correct inaccurate or incomplete personal information we hold about you.

Right to Deletion

You have the right to request that we delete your personal information, subject to certain exceptions including legal compliance obligations and legitimate business purposes.

Right to Opt Out of Marketing

You have the right to opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at [email protected].

Right to Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, machine-readable format.

To exercise any of these rights, contact us at [email protected] or (855) 599-0659. We will respond to your request within the timeframe required by applicable law.

9.2 — California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know

You have the right to know what personal information we collect, use, disclose, and sell about you — and the business purposes for which we collect and use it.

Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.

Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt Out of Sale or Sharing

Communities OS does not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising purposes.

Right to Limit Use of Sensitive Personal Information

To the extent we collect sensitive personal information as defined under CPRA, you have the right to limit our use of that information to the purposes specified under applicable law.

Right to Non-Discrimination

We will not discriminate against you for exercising your California privacy rights.

How to Submit a California Privacy Request

Submit your request by:

We will verify your identity before processing your request and respond within the timeframe required by applicable California law.

9.3 — Nevada Privacy Rights

Nevada residents may have the right to opt out of the sale of certain personal information. Communities OS does not currently sell personal information. If you have questions about Nevada privacy rights, contact us at [email protected].

9.4 — Rights for Users in the European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR) or applicable national data protection law:

Legal Basis for Processing

We process your personal information on the following legal bases:

  • Performance of a contract — processing necessary to provide the Service to you under our Terms of Service
  • Legitimate interests — processing necessary for our legitimate business interests including platform security, fraud prevention, and service improvement — where those interests are not overridden by your privacy rights
  • Consent — processing based on your explicit consent, including for marketing communications
  • Legal obligation — processing required to comply with applicable law

Additional Rights

In addition to the general rights described above, you have the right to:

  • Withdraw consent at any time for processing based on consent
  • Lodge a complaint with your local data protection supervisory authority
  • Object to processing based on legitimate interests
  • Restrict processing of your personal information in certain circumstances

International Data Transfers

The Communities OS platform is operated from the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. We implement appropriate safeguards for international data transfers in accordance with applicable law.

Data Protection Contact

For privacy inquiries from EEA, UK, or Swiss residents, contact us at [email protected].

Children's Privacy

The Communities OS platform is not directed to children under the age of 13 and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Service or provide any personal information to us.

If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe we may have collected information from a child under 13, please contact us immediately at [email protected].

Note for Organization Administrators

If your organization uses Communities OS to operate a community that includes minors — such as a church youth program or school organization — you are responsible as the community administrator for ensuring that your collection and use of minors' data within your community complies with applicable law including the Children's Online Privacy Protection Act (COPPA) and any applicable state law. Contact us at [email protected] if you have questions about configuring your community appropriately for communities serving minors.

Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not operated or controlled by Communities OS. This Privacy Policy does not apply to those third-party services.

When you click on a link to a third-party site or service, you are subject to the privacy policy and terms of that third-party service. We encourage you to review the privacy policies of any third-party services you access through the platform.

We are not responsible for the privacy practices, content, or security of third-party services — including third-party integrations connected to your Communities OS community, external payment processors, or websites linked from community content.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes to this Privacy Policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify registered account holders by email at the email address associated with their account
  • Display a prominent notice on the platform or website where appropriate

Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the updated Privacy Policy, you should stop using the Service and contact us at [email protected] to request deletion of your account and personal information.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us — Privacy Questions and Requests

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how Communities OS handles your personal information, please contact us through any of the following channels:

Email: [email protected]

For all privacy inquiries, data requests, and data deletion requests

Phone: (855) 599-0659

Business hours — Monday through Friday

Web Contact Form: communitiesos.app/contact

Select "General Question" or describe your privacy inquiry in the message field

Mailing Address:

Communities OS
[Physical address — insert before launch if applicable]
United States

We will acknowledge receipt of your privacy inquiry and respond within the timeframe required by applicable law — and in all cases within a reasonable time period. For time-sensitive privacy requests such as data breach notifications or urgent data deletion requests, contact us by phone at (855) 599-0659 for the fastest response.