Privacy Policy

Rabah360 ("we," "us," or "our") is committed to protecting the privacy of our users and their church communities. This Privacy Policy explains how we collect, use, store, and share information when you use the Rabah360 platform, website, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

1. Information we collect

Account information

When you create an account, we collect your name, email address, password, church name, and church location. If you upgrade to a paid plan, we collect billing information including your payment card details, which are processed and stored by our payment processor, Stripe. We do not store your full card number on our servers.

Church and member data

You and your authorized team members may enter data about your church members into the Service, including names, contact information, family relationships, attendance records, giving history, group memberships, and pastoral notes. This data is entered and managed by you. We process it on your behalf to provide the Service.

Usage data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, browser type, device type, operating system, and IP address. This data helps us improve the Service and diagnose technical issues.

Cookies and similar technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how the Service is used. You can control cookie settings through your browser. Disabling cookies may affect the functionality of certain features.

2. How we use your information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send related information, including billing confirmations and invoices
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities in connection with the Service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Power AI features such as weekly digest emails, auto-drafted announcements, and at-risk member alerts, using only your church's own data

3. AI features and your data

Rabah360 includes AI-powered features that analyze your church's data to generate insights, draft communications, and identify engagement patterns. These features operate exclusively on your church's data and are designed to assist your team, not replace human judgment.

Your church data is never used to train external AI models. AI processing occurs within our secure infrastructure, and the outputs (such as digest emails or draft announcements) are visible only to your authorized team members. You can disable any AI feature at any time from your account settings.

4. How we share your information

We do not sell your personal information or your church's member data. We share information only in the following circumstances:

• Service providers. We share information with third-party vendors who help us operate the Service, including cloud hosting (Amazon Web Services), payment processing (Stripe), email delivery, and analytics. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Legal requirements. We may disclose information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request.
• Business transfers. If Rabah360 is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
• With your consent. We may share information with third parties when you have given us explicit consent to do so.

5. Data security

We take the security of your data seriously. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. We maintain SOC 2 compliance, conduct regular third-party security audits, and implement access controls to ensure that only authorized personnel can access your data.

While we implement commercially reasonable security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the highest practical standard.

6. Data retention

We retain your account information and church data for as long as your account is active. If you cancel your subscription, your data is retained for 90 days to allow for reactivation. After 90 days, all data is permanently deleted from our systems, including backups.

You can export all of your data at any time through the Data Export feature in your account settings. We recommend exporting your data before canceling your account.

7. Your rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Access. You can request a copy of the personal information we hold about you.
• Correction. You can update or correct your personal information at any time through your account settings.
• Deletion. You can request that we delete your personal information. Note that we may retain certain information as required by law or for legitimate business purposes.
• Portability. You can export your data in standard formats (CSV) at any time.
• Objection. You can object to certain processing of your personal information, such as marketing communications.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

8. Church member data

Your church is the data controller for the member data you enter into Rabah360. We act as a data processor, handling this data on your behalf and according to your instructions. You are responsible for ensuring that you have the appropriate consent or legal basis to collect and store your members' personal information.

If a church member contacts us directly with a request regarding their personal data, we will refer them to you as the data controller. We will cooperate with you to fulfill any data subject requests in a timely manner.

9. Children's privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 for account creation purposes. However, churches may store information about minors (such as children's ministry participants) as part of their member directory. This data is managed by the church and subject to the church's own privacy practices.

10. International data transfers

Rabah360 is based in the United States, and data is stored in secure data centers within the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

For users in the European Economic Area (EEA) or the United Kingdom, we rely on standard contractual clauses approved by the European Commission to ensure adequate protection for data transfers outside the EEA.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the Service prior to the change becoming effective. We encourage you to review this policy periodically.

12. Contact us

If you have questions about this Privacy Policy or our data practices, please contact us at: