Privacy Policy

Effective Date: 3 May 2026 Last Updated: 3 June 2026

This Privacy Policy describes how Injil AI ("we," "us," "our") collects, uses, and shares information when you use the Steward mobile application and admin web panel (collectively, the "Service").

The Service is licensed to churches ("Church Customers") who in turn enroll their members, staff, and visitors as users of the Service. The Church Customer is the data controller (the entity that determines how and why personal information is handled) with respect to the personal information of its enrolled members; Injil AI acts as a data processor on the Church Customer's behalf.

Injil AI is based in Australia and handles personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how Injil AI handles personal information as a platform; how your specific church handles your information is governed by that church's own privacy practices.

1. Information We Collect

1.1 Information You Provide

When a Church Customer enrolls you in the Service or you create an account, we may collect:

  • Account information: email address, password (stored only as a bcrypt hash), name
  • Profile information: date of birth, postal address, marital status, gender, profile photo
  • Family relationships: which household you belong to and your role within it (head, spouse, child, other)
  • Ministry involvement: which ministry teams and sub-teams you are a member of, and your role
  • Authorized pickup relationships (for parents/guardians of children): which adults you authorize to collect a child from children's ministry

1.2 Information Collected Automatically

When you use the Service, we may automatically collect:

  • Attendance records: timestamps of when you arrived at and departed from a scheduled church service, and which service you attended. Because attendance is tied to a specific church address, these records inherently reflect that you were physically present at the church at the time of the event.
  • Bluetooth beacon proximity: the presence (not contents) of nearby Bluetooth Low Energy beacons that have been registered by your Church Customer. We do not scan for or record any Bluetooth devices other than these registered beacons.
  • Location permission: We request "Always" location permission because both iOS and Android require this permission as a technical prerequisite for Bluetooth beacon detection in the background. On iOS, we do not read GPS coordinates — the permission solely enables Apple's beacon-region monitoring API to deliver beacon-entry events to the app. On Android, the permission additionally enables a single geofence around your Church Customer's registered church address(es) that wakes the app to scan for beacons when you arrive. We do not record continuous location traces. Background beacon detection is only registered with the operating system during scheduled service windows (typically 1 hour before through 30 minutes after a service); outside these windows, monitoring is unregistered and no proximity or location events are delivered to the app.
  • Push notification tokens: device-issued tokens used solely to deliver notifications you have opted into
  • Usage data: pages viewed, features used, error logs (used for debugging and product improvement)
  • Device information: device model, operating system version, app version

1.3 Information About Children

When a Church Customer operates a children's ministry through the Service, the following information about children may be processed:

  • Name and date of birth (provided by parent/guardian during enrollment)
  • Family membership (linking the child to a parent/guardian)
  • Check-in / check-out timestamps for children's ministry sessions
  • Authorized pickup person at each check-out

We do not: collect children's contact information, send marketing communications to children, allow children to publicly post content, or use children's data for advertising. The Service is administered exclusively by adults (parents/guardians, church staff, children's ministry volunteers). Children themselves do not have direct user accounts under the children's ministry feature.

Information about children is collected from a parent or guardian during enrollment, not from children directly, and is handled under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. The Church Customer is responsible for obtaining appropriate parental or guardian consent. If you are a parent or guardian and wish to review or delete information about your child, contact your church administrator or email privacy@injil-ai.com.

2. How We Use Information

We use the information we collect to:

  • Provide the core Service: attendance tracking, member directory, family management, ministry rostering, children's check-in, sermon archive, calendar, announcements
  • Send push notifications and other communications you have opted into
  • Generate engagement reports for your Church Customer (attendance trends, at-risk member alerts, segmentation) — these reports are visible only to authorized church staff
  • Authenticate you, prevent fraud, and protect the security of the Service
  • Debug and improve the Service
  • Comply with legal obligations

We do not sell personal information. We do not use personal information for cross-context behavioral advertising. We do not share personal information with advertising networks.

3. How We Share Information

We share information only as follows:

  • With your Church Customer: All information you provide is, by definition, shared with the church that enrolled you. Within the church, information visibility is controlled by role (admin, ministry leader, member) and your privacy preferences (see Section 5).
  • With other members of your church: Subject to your privacy settings (see Section 5) and the directory visibility setting configured by your church administrator. Some fields (phone, email, address) can be hidden by you.
  • With service providers: We use third-party infrastructure providers to operate the Service. These providers are contractually bound to use information only to provide their services to us:
    • DigitalOcean (hosting and backups) — data is stored in Australia (Sydney).
    • Expo (push-notification delivery) — located in the United States.
    • Zoho (transactional email, e.g. password resets) — hosted in Australia. Of these recipients, only Expo (push-notification delivery) is located outside Australia (in the United States); DigitalOcean and Zoho store your information in Australia. Consistent with Australian Privacy Principle 8, we take reasonable steps to ensure overseas recipients handle your personal information in accordance with this policy; however, an overseas recipient may not be subject to the Privacy Act 1988 (Cth).
  • For legal reasons: If required by law, court order, or to protect the rights, property, or safety of Injil AI, our users, or the public.
  • In a business transfer: If Injil AI is acquired or merges with another entity, your information may be transferred. We will notify you and your Church Customer before any such transfer that materially changes how your information is handled.

4. Your Choices

4.1 Privacy Settings (Member Directory)

You can control whether other members of your church see your phone number, email address, and postal address. These settings are accessible in the app under Settings → Privacy.

4.2 Push Notifications

You can opt out of push notifications, either in the app or in your device's system settings.

4.3 Location and Bluetooth

You can revoke location and Bluetooth permissions at any time in your device settings. Doing so disables automatic attendance detection; manual attendance entry remains available.

4.4 Account Deletion

Contact your church administrator to deactivate your account. You may also email privacy@injil-ai.com to request deletion of personal information directly from Injil AI; we will honor verified deletion requests within 30 days, subject to legal retention obligations.

5. Data Retention

We retain personal information for as long as your Church Customer remains a customer of Steward, plus a reasonable wind-down period if the church terminates its subscription (typically 90 days, during which the church may export its data). Anonymized, aggregated data may be retained indefinitely for product analytics.

6. Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest for sensitive fields, bcrypt password hashing, and access controls limiting personal data access to authorized personnel. No system is perfectly secure; we cannot guarantee absolute security, but in the event of an eligible data breach we will notify affected individuals and your Church Customer as required by the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth) and other applicable law. For more detail on our hosting, encryption, and backup practices, see our Security & Reliability page.

7. Location of Your Information

The Service is operated from Australia and your information is stored in Australia (Sydney). Some of our service providers are located overseas (see Section 3). If you access the Service from outside Australia, your information will be transferred to and processed in Australia.

8. Your Rights

Under the Australian Privacy Principles you have the right to access the personal information we hold about you (APP 12) and to ask us to correct it if it is inaccurate, out of date, or incomplete (APP 13). Depending on your circumstances you may also be able to:

  • Delete your information, subject to our legal retention obligations
  • Object to or restrict certain processing
  • Receive a copy of your information in a portable format

To exercise these rights, contact your church administrator or email privacy@injil-ai.com. We will verify your identity before acting on a request and respond within a reasonable period.

If you are not satisfied with how we have handled your personal information or a privacy request, you may lodge a complaint with us at privacy@injil-ai.com. You also have the right to escalate to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

9. Children's Privacy

The Service is operated by adults on behalf of churches. Children do not directly use the Service to create content, send messages, or access social features. Information about children processed for children's ministry check-in (Section 1.3) is collected from parents or guardians, not from children directly, and is handled under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification. Continued use of the Service after the effective date of an update constitutes acceptance of the updated policy.

11. Contact

Injil AI Email: privacy@injil-ai.com

For questions about how your specific church handles your data (as opposed to how Steward as a platform handles it), contact your church administrator directly.