Privacy Policy

1. Introduction

CovenantFlow, a product of Elenta Technology Inc. ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform that transforms sermons into age-appropriate ministry content using artificial intelligence.

By accessing or using CovenantFlow, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the platform.

2. Information We Collect

Personal Information

We collect information you provide directly to us, including:

• Name and email address
• Church name and organization details
• Phone number (optional)
• Account credentials
• Billing and payment information

Content Data

We collect content you upload or create within the platform:

• Sermon manuscripts (PDF, DOCX formats)
• Audio and video sermon recordings
• Scripture references and notes
• AI-generated ministry content
• Customizations and preferences

Usage Information

We automatically collect certain information when you use our platform:

• Log data (IP address, browser type, pages visited)
• Device information
• Feature usage and interaction data
• Content generation history

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process sermon content through AI to generate age-appropriate materials
• Authenticate users and manage accounts
• Process payments and manage subscriptions
• Send service-related communications
• Respond to support requests
• Analyze usage patterns to improve our platform
• Comply with legal obligations

4. AI Content Processing

CovenantFlow uses Amazon Bedrock, an AI service provided by Amazon Web Services (AWS), to process your sermon content and generate age-appropriate ministry materials.

How AI Processing Works

• Your sermon content is sent to Amazon Bedrock for analysis
• AI models generate adapted content for different age groups
• Generated content is stored in your church's isolated data space
• Content is not used to train AI models

AI Content Disclaimers

AI-generated content should be reviewed by authorized church personnel before use. While we implement safety guardrails, AI-generated content may occasionally contain inaccuracies or require theological review.

5. Multi-Tenant Data Isolation

CovenantFlow implements strict multi-tenant data isolation to ensure your church's data remains private and separate from other organizations.

• Each church organization has a unique identifier (churchId)
• All database queries are filtered by your organization's churchId
• File storage is segregated using organization-specific prefixes
• No data is shared or accessible between different church organizations
• Authentication tokens include organization context for access control

6. Data Storage and Security

We implement industry-standard security measures to protect your data:

Infrastructure Security

• All data is stored on Amazon Web Services (AWS) infrastructure
• Data is encrypted at rest using AES-256 encryption
• Data is encrypted in transit using TLS 1.2+
• Database backups are encrypted and stored securely

Access Controls

• Role-based access control within your organization
• Multi-factor authentication available
• Regular security audits and vulnerability assessments
• Audit logging for administrative actions

7. Third-Party Services

We use the following third-party services to operate our platform:

Amazon Web Services (AWS)

• Amazon Cognito - User authentication and identity management
• Amazon S3 - File storage for uploaded sermons and generated content
• Amazon Bedrock - AI content generation and processing
• Amazon RDS - Database hosting

These services are operated by AWS and are subject to the AWS Privacy Notice.

Payment Processing

Payment information is processed by our payment provider and is not stored on our servers. Payment processors are PCI-DSS compliant.

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies - Required for authentication and security
• Preference cookies - Remember your settings and preferences
• Analytics cookies - Help us understand how you use our platform

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

9. Your Rights

You have the following rights regarding your personal data:

Access and Portability

You can request a copy of your personal data in a structured, machine-readable format.

Correction

You can update or correct your personal information through your account settings or by contacting us.

Deletion

You can request deletion of your personal data. Note that we may retain certain information as required by law or for legitimate business purposes.

Export

You can export your sermon content and generated materials at any time.

GDPR Rights (EU Residents)

If you are located in the European Union, you have additional rights under GDPR including the right to object to processing and the right to withdraw consent.

CCPA Rights (California Residents)

If you are a California resident, you have rights under CCPA including the right to know what personal information we collect, the right to delete, and the right to opt-out of sale of personal information. Note: We do not sell personal information.

10. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account termination:

• Personal information is deleted within 30 days
• Content data is deleted within 90 days
• Backup data is purged according to our backup retention schedule
• We may retain certain data as required by law

11. Children's Privacy

CovenantFlow is designed for use by church staff and volunteers who are adults. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us immediately.

12. International Data Transfers

Our services are hosted in the United States. If you access our platform from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of CovenantFlow after such modifications constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: