Vitals

Privacy Policy

Last updated: January 31, 2026

Introduction

Vitals ("we," "our," or "us") operates the vitals.church website and provides church analytics and metrics tracking services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to protecting your church's data with the highest standards of security and privacy. Your trust is essential to us, and we take that responsibility seriously.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Organization/church name and details
  • Campus locations and addresses
  • Authentication credentials (encrypted and never stored in plain text)
  • Billing information (processed securely through our payment provider)

Church Metrics Data

The core of our service involves collecting and displaying church metrics:

  • Attendance numbers (weekend services, kids, students, groups)
  • Giving totals (aggregate amounts only, no individual donor information)
  • Event and ministry participation data
  • Historical trends and comparisons
  • Custom metrics you define

Information from Third-Party Services

With your explicit authorization, we connect to third-party services to collect metrics and data. You control which integrations to enable, and you can disconnect them at any time. These integrations may include:

  • Planning Center: Attendance data, check-ins, and people metrics for the Vitals Review feature
  • YouTube: Video views, subscribers, and engagement metrics
  • Google Analytics: Website traffic and visitor data
  • Facebook/Instagram: Social media engagement metrics
  • Giving Platforms: Aggregate donation totals (no individual donor information)

Usage Data

We automatically collect certain information when you use our service:

  • Log data (IP address, browser type, pages visited)
  • Device information for mobile app functionality
  • Usage patterns to improve our service
  • Error logs to diagnose and fix issues

How We Use Your Information

We use the collected information to:

  • Provide and maintain your dashboards and analytics
  • Display your church's metrics with contextual information (weather, events)
  • Generate Vitals Reviews for service debriefs and follow-up actions
  • Send weekly reports and notifications you've configured
  • Calculate trends, comparisons, and insights
  • Improve and personalize your experience
  • Respond to your inquiries and support requests
  • Detect and prevent fraud or abuse

Data Sharing and Disclosure

We do not sell your personal information. Ever. Your data is yours, and our business model is simple: you pay for the service, and that's it.

We may share your information only in these limited circumstances:

  • With your consent: When you explicitly authorize sharing with specific parties
  • Service providers: Third-party vendors who help us operate our service (hosting, email delivery), bound by strict confidentiality agreements
  • Legal requirements: When required by law or to protect our legal rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with advance notice to you)

Data Security

We implement enterprise-grade security measures to protect your information:

  • Encryption in Transit: All data transmitted between your browser/app and our servers uses TLS 1.3 encryption
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption
  • Secure Authentication: We support secure login methods including Google OAuth and two-factor authentication
  • Role-Based Access Control: Granular permissions ensure team members only see what they need
  • Audit Logging: We maintain logs of data access for security monitoring
  • Regular Backups: Your data is backed up multiple times daily with geographic redundancy
  • SOC 2 Compliant Infrastructure: We use enterprise-grade cloud infrastructure that meets SOC 2 security standards
  • Security Assessments: Regular security audits and vulnerability assessments

While no method of transmission over the Internet is 100% secure, we continuously monitor and improve our security practices to protect your data.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Historical data is retained to provide trend analysis and year-over-year comparisons.

Upon account cancellation:

  • Your data is retained for 30 days in case you wish to reactivate
  • After 30 days, all data is permanently deleted from our systems
  • You may request immediate deletion at any time
  • Backups are purged within 90 days of deletion request

Your Rights

You have the right to:

  • Access: Request and receive a copy of all your data
  • Export: Download your data in standard formats (CSV) at any time
  • Correct: Update or correct inaccurate information
  • Delete: Request permanent deletion of your data
  • Disconnect: Remove third-party integrations at any time
  • Restrict: Limit how we process certain data
  • Opt out: Unsubscribe from marketing communications
  • Portability: Receive your data in a machine-readable format

To exercise any of these rights, contact us at privacy@vitals.church.

GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). Our legal basis for processing includes:

  • Contract performance (providing the service you signed up for)
  • Legitimate interests (improving our service, preventing fraud)
  • Consent (for optional features and marketing)

Third-Party Services

Our service integrates with third-party platforms. Each platform has its own privacy policy governing how they collect and use data. We encourage you to review their policies:

Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for the service to function (authentication, security)
  • Analytics cookies: To understand how you use our service and improve it
  • Preference cookies: To remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our service.

Children's Privacy

Our service is designed for church administrators and staff, not for individuals under 18 years of age. We do not knowingly collect personal information from children. The service tracks aggregate attendance numbers for children's ministry but does not store individual children's personal information.

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we don't sell your data)
  • Right to non-discrimination for exercising your privacy rights

International Data Transfers

Your data is stored on servers in the United States. If you access our service from outside the United States, your information may be transferred to, stored, and processed in the United States. We ensure appropriate safeguards are in place for such transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and sending an email notification for significant changes.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

We take privacy concerns seriously and will respond to your inquiry promptly.