Privacy Policy

1. Introduction

GenSermon ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service. By using GenSermon, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect your name and email address through Google OAuth authentication. We do not store your Google password.

Organization Information

We collect information you provide about your church or ministry organization, including the organization name, website, default speaker name, service time, and contact email addresses for your team members.

Sermon Content

We process YouTube video URLs and associated audio content to generate transcripts and ministry materials. Transcripts and generated content are stored in your account and associated with your organization only.

Integration Credentials

When you connect third-party services (Planning Center, Gmail, YouTube), we store OAuth access and refresh tokens necessary to perform actions on your behalf. We store only the minimum credentials required to provide the Service.

Usage Data

We collect information about how you use the Service, including the number of sermons processed, feature usage, and error logs, to improve the Service and troubleshoot issues.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers or banking information. We receive only non-sensitive billing details such as the last four digits of your card and billing address from Stripe.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process sermon recordings and generate ministry content
• Communicate with you about your account, billing, and support
• Send transactional emails related to your account activity
• Improve and develop new features for the Service
• Comply with legal obligations

We do not sell your personal information or your sermon content to third parties. We do not use your sermon content to train AI models beyond what is necessary to process your specific requests.

4. Third-Party Services

The Service uses the following third-party services to operate. Each has its own privacy policy governing their use of your data:

• Supabase — database and authentication hosting. Your data is stored in Supabase-managed PostgreSQL databases with encryption at rest.
• Anthropic (Claude) — AI content generation. Sermon transcripts are sent to Anthropic's API to generate ministry content. Anthropic's API data handling policies apply.
• AssemblyAI — audio transcription. Audio files are sent to AssemblyAI for speech-to-text processing.
• Stripe — payment processing. Payment information is collected and processed directly by Stripe.
• Google (YouTube, Gmail) — video access and email sending, when you connect these integrations.
• Planning Center Online — ministry management integration, when you connect this service.
• Vercel — application hosting and infrastructure.

5. Google API Services Usage Disclosure

GenSermon's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access

When you connect your YouTube channel, GenSermon requests access to the youtube.force-ssl scope, which allows us to:

• Update video titles and descriptions with AI-generated sermon metadata
• Upload custom thumbnails to your YouTube videos

We only access and modify the specific videos you select for processing. We do not read, download, or access any other videos, playlists, or channel data.

How we use Google data

• YouTube OAuth tokens are used solely to update video metadata and thumbnails on your behalf
• We do not store YouTube video content, comments, analytics, or subscriber information
• We do not use Google data for advertising, market research, or any purpose unrelated to providing the Service
• We do not transfer Google data to third parties except as necessary to provide the Service (e.g., storing encrypted tokens in our database)

Revoking access

You can disconnect your YouTube account at any time from your Settings page. You can also revoke GenSermon's access directly from your Google Account permissions page. Upon disconnection, we delete your stored YouTube OAuth tokens.

6. Data Storage and Security

Your data is stored on servers located in the United States. We implement industry-standard security measures including encryption in transit (HTTPS/TLS), encryption at rest, and row-level security controls so that each organization can only access its own data.

While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

7. Data Retention

We retain your account information and sermon data for as long as your account is active. If you cancel your account, we will retain your data for 30 days before deletion, after which it cannot be recovered. You may request earlier deletion by contacting us.

Transcription files (temporary audio files) are deleted immediately after transcription is complete and are not stored permanently.

8. Your Rights

You have the right to:

• Access the personal information we hold about you
• Correct inaccurate information in your account
• Request deletion of your account and associated data
• Export your sermon content and generated materials
• Disconnect third-party integrations at any time through your Settings page

To exercise these rights, contact us at support@gensermon.com.

9. Cookies

We use essential cookies and session tokens to maintain your authenticated session. We do not use third-party advertising cookies or tracking pixels. The only cookies set are those necessary to keep you logged in and to maintain application state.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service. Your continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us at: