Privacy Policy for St Mary Church App

Privacy Policy for St Mary Church App

Effective date: June 17, 2026

St Mary Church ("we", "our", or "us") operates the St Mary Church App and related web services. This privacy policy explains how we collect, use, store, and protect personal information, including Google user data.

## Information We Collect

We may collect:

- account information such as name, email address, phone number, date of birth, gender, and profile details
- sign-in information used to authenticate your account
- church account and role information
- location information, if you enable location-based app features
- Google account data used for sign-in or calendar connection
- calendar data connected by authorized users for church and priest calendar management

## Google Sign-In Data

When you sign in with Google, we may receive:

- your Google account email address
- your Google user ID
- your first name and last name, when provided by Google
- your verified email status

We use this information to:

- create and sign you into your church account
- identify your account in our system
- keep your profile information accurate
- prevent duplicate or unauthorized accounts

## Google Calendar Data

Authorized clergy and administrators may connect a Google account for calendar management. When a calendar connection is enabled, we may access:

- the list of calendars on the connected Google account
- calendar event details needed for sync
- access tokens and refresh tokens required to maintain the connection

We use this information to:

- list available calendars
- sync church and priest calendar events
- update calendar changes made in the app or in Google Calendar, depending on the configured sync mode

Only authorized users may connect or manage calendar access.

## How We Use Information

We use collected information to:

- provide authentication and account access
- support church app features
- manage calendar sync for authorized users
- send service-related notifications and emails
- improve the reliability and security of the app

## Sharing of Information

We do not sell personal information. We do not share Google user data with third parties except:

- when needed to provide the app's features
- when a service provider is needed to operate the app
- when required by law

Google sign-in and calendar data are used only for the purposes described in this policy.

## Storage and Protection

We use reasonable technical and organizational measures to protect personal information. For Google calendar connections, access tokens and refresh tokens are encrypted at rest on the server.

## Retention

We keep personal information only as long as needed to provide the app and maintain your account, or as required by law. Google calendar connection data is retained while the connection remains active and for a reasonable period after disconnecting to support account maintenance and auditing.

## Deletion and Disconnect

You may request account deletion or Google connection removal by contacting us. When a Google calendar connection is disconnected, we stop using the associated access for sync purposes.

## Location Data

If location features are enabled, location data may be collected during selected app features and only when relevant to the service being used.

## Links to External Sites

Our app may link to external sites that are not operated by us. We are not responsible for the privacy practices of those sites.

## Your Choices

You may decline to provide information, but some features may not work without it. You can also disable or disconnect Google-related access where available in the app.

## Contact Us

If you have questions about this privacy policy or how we handle data, contact us through the church's official support channel.