Privacy policy

Vestrybooks ("we," "us") provides church accounting and online-giving software. We take the privacy of your church's records and your donors' information seriously — protecting it is the whole point of the product. This policy explains what we collect, why, who we share it with, and the choices you have.

Who controls the data

For the donor and financial information your church enters or imports, your church is the controller and Vestrybooks is the processor — we handle that data on your church's behalf and under your instructions. For the account you create with us (your name, email, login), Vestrybooks is the controller.

What we collect

• Account information — your name, email address, and a securely hashed password when you create a login.
• Church & financial records — funds, transactions, and reports you enter to keep your books.
• Donor information — names, email/mailing addresses, and giving history your church adds or imports, used to track contributions and produce year-end statements.
• Payment information — online gifts and subscription payments are processed by Stripe. We never receive or store full card numbers; card details go directly to Stripe.
• Technical data — basic log data (IP address, browser type, timestamps) needed to run and secure the service.

How we use it

• To provide the service: keep your books, process giving, and generate IRS-ready statements.
• To secure accounts (authentication, fraud and abuse prevention, rate limiting).
• To communicate with you about your account, support requests, and important service notices.
• We do not sell your data, and we never take a cut of your church's gifts.

Who we share it with (subprocessors)

We use a small set of trusted providers to run the service. Each processes data only as needed to provide their function:

• Stripe — payment processing (online giving and subscriptions).
• Neon — database hosting (your records).
• Vercel — application hosting.
• Cloudflare — website hosting, DNS, and security.
• Resend — sending email (statements and notifications).

We share information with these providers, and otherwise only when required by law or to protect rights and safety. We don't share donor data with advertisers.

Your rights & choices

Depending on where you live (including under the California Consumer Privacy Act / CPRA and similar US state laws), you may have the right to access, correct, delete, or export your personal information, and to opt out of any "sale" or "sharing" of it (we do neither). You will not be discriminated against for exercising these rights.

• Export: from inside the app you can download a full export of your donors, gifts, and ledger at any time.
• Deletion: you can remove a donor's personal details, or ask us to delete your account data, by emailing [email protected]. (Note: some financial records must be retained to keep prior-year statements and the audit trail accurate, consistent with tax-record requirements.)

Data retention & security

We keep your data for as long as your account is active or as needed to provide the service and meet legal/tax obligations. Everything is encrypted in transit (HTTPS/TLS) and at rest, passwords are hashed, and access is restricted by per-person logins and roles.

Cookies

The marketing site uses only the essential cookies needed to function. If we add analytics, we'll update this policy and provide any required consent controls.

Children

Vestrybooks is for church administration and isn't directed to children under 13; we don't knowingly collect their information.

Changes

We'll update this page if our practices change and revise the "last updated" date above. Material changes will be communicated to account holders.

Contact

Questions or requests: [email protected].