RHYTHMIC

Privacy Policy

Last updated: June 7, 2026

This Privacy Policy explains how Rhythmic ([Legal Entity Name], "Rhythmic," "we," "us," or "our") collects, uses, and shares information when you use our church management platform and related websites and services (the "Services"). By using the Services, you agree to the practices described here.

Our role: controller and processor

Rhythmic provides software to churches and similar organizations (each a "Customer"). For the data a Customer and its members put into the Services (member profiles, events, applications, payments, files, and similar content), the Customer is the data controller and Rhythmic acts as a data processor that handles that data on the Customer's behalf and under their instructions. For information we collect to run our own business (such as account registration, billing, and website analytics), Rhythmic is the controller. If you are a member of a church that uses Rhythmic and have questions about your data, please contact that organization first, as they control it.

Information we collect

Information you provide

  • Account information: name, email address, and password, or, if you sign in with Google, the basic profile information Google shares (name, email, and profile image).
  • Member and organization data: profiles, contact details, roles, positions, teams, scheduling and event information, applications, and auditions that Customers and their members add to the Services.
  • Payment and tax information: when payments are enabled, details needed to process and report payouts to members, including tax information (such as W-9 details) and payout account information. Card and bank details are handled by our payment processor and are not stored on Rhythmic's servers.
  • Content and files: documents, images, and other files uploaded to the Services.
  • Communications: messages you send us and notification preferences for email and SMS.

Information we collect automatically

  • Usage and device data: pages viewed, actions taken, IP address, browser and device type, and similar log data, collected through cookies and analytics tools to operate and improve the Services.

Information from integrations you connect

If a Customer connects a third-party integration (such as Google Calendar, Planning Center, or Slack), we receive data from that service as needed to provide the connected feature, scoped to the permissions granted during authorization.

How we use information

  • Provide, maintain, and improve the Services.
  • Authenticate users and secure accounts.
  • Process payments and related tax reporting where enabled.
  • Send transactional emails, notifications, and, where opted in, SMS messages.
  • Respond to support requests and communicate about the Services.
  • Monitor performance, detect abuse, and protect the Services.
  • Comply with legal obligations.

How we share information

We do not sell personal information. We share information with service providers ("sub-processors") who help us run the Services, only as needed and under appropriate confidentiality and data-protection obligations. These currently include:

  • Google (sign-in and calendar integration)
  • Stripe (payment processing and payouts)
  • Planning Center and Slack (integrations a Customer chooses to connect)
  • Resend (transactional email delivery)
  • PostHog (product analytics) and Sentry (error monitoring)
  • Railway (hosting) and cloud storage providers (file storage)

We may also share information to comply with law or legal process, to enforce our terms, to protect the rights and safety of users and the public, and in connection with a merger, acquisition, or sale of assets, subject to this Policy.

Data retention

We retain information for as long as a Customer's account is active or as needed to provide the Services, and afterward as required to comply with legal, tax, and accounting obligations, resolve disputes, and enforce agreements. Customers can request deletion of their data as described below.

Security

We use technical and organizational measures designed to protect information, including encryption in transit, access controls, and tenant isolation so each organization's data is kept separate. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. Because much of the data in the Services is controlled by a Customer, we will route requests to the relevant Customer where appropriate. To exercise your rights, contact us using the details below. Residents of the EU/UK (under the GDPR) and California (under the CCPA/CPRA) have additional rights, and we will honor those that apply to you.

Children's privacy

Churches that use Rhythmic may manage information about minors as part of their ministries. Where this happens, the Customer is the controller of that data and is responsible for obtaining any required parental consent. Rhythmic does not knowingly collect personal information directly from children under 13 for its own purposes. If you believe a child has provided us information improperly, contact us and we will take appropriate steps to delete it.

International data transfers

We operate in the United States, and information may be processed there or in other countries where we or our sub-processors operate. Where required, we use appropriate safeguards for cross-border transfers.

Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice.

Contact us

Questions about this Policy or your information can be sent to privacy@rhythmic.church.