Privacy policy

When a church signs up, we collect: the church's display name, the admin's email address, your billing info (handled by Stripe — we never see your card number), and your language + branding choices. We also collect usage telemetry: minutes of translated audio per language, listener counts per service, latency measurements, and which capture devices are connected.

We never sell or share any of this with third-party advertisers, data brokers, or denominational organizations.

Almost nothing. Your church's listener page asks for one thing: which language to play. We don't ask for an email, name, phone number, location, or any account. We log an anonymous session ID (random string), the IP address (used only to detect duplicate listeners + block obvious abuse), and the language they picked. None of this is shared with the church admin in a way that identifies individual listeners — admins see counts per language, never an individual person's history.

Live sermon audio flows from your capture Mac → our servers on Fly.io → OpenAI's real-time translation API → back to your servers → out to listener phones. It does not sit in long-term storage with us or with OpenAI by default. Once a segment is delivered to listeners it's discarded server-side. Aggregate metrics (minute counts, latency) persist; the audio bytes themselves do not.

We use OpenAI under their enterprise API terms, which state that audio submitted to the real-time translation endpoint is not used for training their models and is retained only briefly for abuse-detection purposes before being deleted. We'll update this page if OpenAI's terms change in a way that affects this.

If your church wants sermon recordings (for archive or podcast use), we offer opt-in tenant-side recording — turn it on and recordings save to a private storage bucket only your admins can access. Default is off.

We use the following third-party services to run the platform:

• Stripe — payment processing. Stripe handles all card data; we never see it.
• Clerk — dashboard sign-in (your admin email + password / Google sign-in). Stores per-tenant metadata (which church a user belongs to) and nothing else about you.
• Fly.io — server hosting for the translation pipeline, dashboard, and listener app. Data is encrypted in transit and at rest.
• Cloudflare — edge networking, DDoS protection, and free TLS certificates for custom domains.
• OpenAI — real-time translation model (gpt-realtime-translate). Audio is processed under their enterprise no-training terms.

We don't use any tracking pixels, advertising networks, analytics platforms (no Google Analytics, no Facebook Pixel, no Mixpanel), or session-recording tools.

We use cookies for sign-in sessions (Clerk session cookies) and remembering your dashboard preferences. We don't use third-party tracking cookies. The listener page uses one local-storage entry to remember the visitor's language choice across visits — nothing that travels off-device.

To cancel and delete your tenant: open the Stripe Customer Portal from the Billing page and click Cancel. Your translation service stays live until the end of the current billing cycle. Within 14 days of cancellation we permanently delete the tenant config, branding assets, voice-clone references, and any opt-in recordings. Aggregate billing records (invoice history, usage minutes) are retained for 7 years to comply with tax law.

For individual data-subject requests (GDPR / CCPA), email help@churchtranslator.ai with the subject line "Data request". We respond within 30 days as required.

The platform is sold to churches, used by adult admins. The listener page is open to anyone in the room, including children, but it collects no personal information from listeners. We don't knowingly market to or collect data from children under 13.

We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest for stored data). Admin authentication is MFA-capable through Clerk. Capture-app pairing tokens are unique per device, revocable from the dashboard, and never shared across tenants. We patch infrastructure dependencies weekly. We'll notify affected churches within 72 hours of confirming any breach that exposes their data.

We'll post material changes here with a new "last updated" date and email all active tenants. Continuing to use the service after a posted change means you accept the new terms.

ChurchTranslator.AI — a product of Openclaw Software, LLC.
help@churchtranslator.ai