Holy ResourceHoly Resource
Legal

Privacy Policy

How Holy Resource handles data and privacy.

TL;DR

Holy Resource is built to keep church data local by default. We process only the information needed to provide licensing, updates, optional sync, messaging, payments, support, and any features you deliberately enable.

This Privacy Policy explains how Holy Resource ("Holy Resource," "we," "us," or "our"), a product developed and operated by Found CTRL, collects, uses, stores, discloses, and protects information in connection with the Holy Resource desktop application, related documentation and download pages, licensing and checkout flows, update delivery, support operations, and optional sync or communication features (collectively, the "Services").

Found CTRL Limited is a company incorporated in England and Wales (company no. 17079973). We operate the Services globally; you may use the Services from any jurisdiction provided you comply with local laws. International transfers of personal data are described in section 15 below.

Where we process Church Data on your behalf through connected Holy Resource features, our Data Processing Addendum applies in addition to this Privacy Policy.

This policy is written to match Holy Resource's actual operating model: a local-first, branch-aware desktop application where core church records are stored on the customer's device or infrastructure by default, while certain account, licensing, update, payment, and optional networked features may involve external systems.

1. Scope

This Privacy Policy applies to:

  • the Holy Resource desktop application and installer,
  • the Holy Resource website, documentation, contact, and download pages,
  • license validation, offline lease, owner verification, invite, and recovery workflows,
  • payment and checkout-related workflows,
  • application update checks and update delivery,
  • optional synchronization features,
  • optional messaging, notification, and AI-assisted features,
  • support, troubleshooting, and operational security processes.

This Privacy Policy does not replace the privacy policies of third-party services you choose to connect to Holy Resource. If you enable third-party email, SMS, payment, AI, hosting, or sync infrastructure, those providers may process data under their own terms and policies.

2. Our Privacy Model

Holy Resource is designed to be privacy-first and offline-capable.

2.1 Local-first architecture

Core church records are stored locally by default in the application's local database. That means Holy Resource is not designed around the assumption that all church data must be continuously uploaded to our infrastructure in order for the app to function.

2.2 Branch-aware data model

Holy Resource uses a branch-first structure. In practice, many records in the app are associated with a particular branch or workspace, and operational features are designed around branch-level isolation rather than a single undifferentiated global tenant.

2.3 Optional networked features

Some Holy Resource capabilities are intentionally network-aware or provider-backed. These may include:

  • license validation and renewal checks,
  • offline lease issuance and revalidation,
  • owner claim, invite, and recovery flows,
  • application updates,
  • optional LAN or server sync,
  • donor-facing payment links and related payment events,
  • messaging or notification delivery through configured providers,
  • contact/support submissions,
  • optional AI-assisted drafting or content-generation tools.

3. Categories of Information We Process

Depending on how you use Holy Resource, we may process the following categories of information.

3.1 Church Data you create or manage in the app

This includes data entered, generated, imported, edited, synced, exported, or otherwise managed by your organization inside Holy Resource. Depending on enabled modules, this may include:

  • member and family records,
  • branch and staff assignments,
  • ministry structures and volunteer records,
  • attendance and event participation,
  • announcements, templates, automations, and communication logs,
  • donations, recurring donations, receipt templates, gateways, and related financial records,
  • expenses, budgets, financial goals, and other finance records,
  • visitor and follow-up pipeline data,
  • kids ministry, guardian, pickup, and checkout records,
  • inventory, scheduling, service planning, and operational records,
  • notes, uploaded content, attachments, and exported reports.

Under Holy Resource's normal operating model, this category of data is primarily stored locally unless you explicitly enable a feature that transmits some portion of it elsewhere.

3.2 Licensing and subscription information

We may process information necessary to provision, verify, enforce, recover, or support your license, including:

  • license keys,
  • license tier and enabled feature metadata,
  • organization or church name,
  • expiration and renewal metadata,
  • owner email or checkout email,
  • owner claim or device-claim status,
  • offline lease tokens, public-key metadata, key identifiers, and revalidation state,
  • invite and invite redemption state,
  • account-recovery or ownership-recovery verification state,
  • anti-abuse, rate-limit, and operational security signals associated with license events.

3.3 Account, access, and user-management information

Depending on workflow, we may process:

  • admin or user email addresses,
  • usernames and display names,
  • role, permission, or branch-access metadata,
  • locally stored session state,
  • account recovery or saved-account verification metadata,
  • records of user updates or credential-related actions.

3.4 Payments and commercial information

If you purchase a license, subscription, or related service, we may process:

  • purchaser or owner contact information,
  • order identifiers and transaction references,
  • subscription status,
  • payment status,
  • invoice or receipt references,
  • tax-related information where required,
  • refund, dispute, or chargeback status.

Holy Resource does not store full payment-card details in the application itself. Payment-card handling is performed by the relevant payment processor or gateway provider.

3.5 Device, update, and operational information

We may process technical data needed to keep the product secure and functional, such as:

  • app version and installer/update channel information,
  • device or environment details relevant to update compatibility,
  • update check requests,
  • optional update server authorization headers or locally stored update access tokens on your device,
  • error logs, diagnostic events, and troubleshooting context,
  • request metadata and abuse-prevention signals,
  • network status information relevant to optional sync.

3.6 Messaging and communications data

If you configure messaging features, Holy Resource may process:

  • recipient email addresses or phone numbers,
  • sender configuration data,
  • provider routing policies,
  • message content, subject lines, templates, and attachments,
  • delivery status, retry results, provider message IDs, and failure reasons,
  • communication usage or quota data where applicable.

This may involve branch-configured providers such as custom SMTP or supported API-based providers for email and SMS.

3.7 Support and contact data

If you contact us or use support/contact workflows, we may process:

  • your name,
  • email address,
  • organization name,
  • message contents,
  • screenshots, logs, or troubleshooting information you voluntarily submit,
  • follow-up correspondence and resolution notes.

3.8 AI feature data

If you enable AI-assisted features, prompts, context, or generated outputs may be transmitted to the configured provider for processing. The exact data sent depends on the specific feature and your configuration.

Age and Children

Holy Resource is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently gathered data from a minor, we will take steps to delete it.

4. Sources of Information

We collect or receive information:

  • directly from you,
  • from authorized users in your organization,
  • from your interactions with the Services,
  • from license, payment, update, and security workflows,
  • from third-party providers you connect or use,
  • from support and contact submissions,
  • from optional sync peers or sync infrastructure when sync is enabled.

5. How We Use Information

We use information for the following purposes.

5.1 To provide and operate Holy Resource

This includes enabling app functionality, maintaining branch-aware workflows, supporting permissions and user access, and keeping records available on your device.

5.2 To provision and enforce licensing

We use licensing data to:

  • validate licenses,
  • determine feature entitlement,
  • issue and verify offline lease state,
  • manage owner-claim and recovery workflows,
  • investigate unauthorized use or distribution,
  • support renewals and license continuity.

5.3 To support optional sync features

If you enable sync, we may use information to:

  • queue and transmit pending changes,
  • reconcile records across devices,
  • resolve sync conflicts,
  • report sync health, peer status, pending counts, and conflict state,
  • keep branch-scoped records consistent across participating devices or infrastructure.

We use payment-related information to:

  • complete purchases,
  • manage subscriptions and renewals,
  • support receipts, disputes, and chargebacks,
  • provision paid capabilities,
  • audit or reconcile commercial activity.

5.5 To send or route communications you configure

We use messaging-related information to:

  • deliver email or SMS messages through configured providers,
  • test provider health,
  • route messages according to configured policy,
  • troubleshoot failures,
  • maintain communication usage records where needed for operations or billing.

5.6 To deliver updates and maintain security

We use technical and operational information to:

  • check for new releases,
  • fetch or verify updater metadata,
  • deliver installer and update assets,
  • diagnose failures,
  • monitor abuse or suspicious behavior,
  • improve stability and reliability.

5.7 To provide support and respond to inquiries

We use support information to answer questions, troubleshoot issues, recover ownership where appropriate, and improve documentation and service operations.

5.8 To improve the Services

We may use operational and support information to improve workflows, reliability, usability, and product safety.

5.9 To comply with law and protect rights

We may process information to comply with applicable legal obligations, enforce our agreements, protect users and organizations, and investigate fraud, abuse, or misuse.

6. When Church Data Leaves the Local Device

Holy Resource is not a "no-network-ever" product. Certain features may cause data to leave the local device, including when you:

  • enable sync to another device, peer, or server target,
  • use donor-facing payment or payment-link workflows,
  • send emails or SMS messages through configured providers,
  • use AI-assisted features,
  • submit support or contact information,
  • validate or recover a license,
  • download updates or release metadata,
  • export, import, or share records yourself.

The exact data transmitted depends on the feature used.

7. Sync, Queues, and Conflict Handling

If you enable optional sync functionality:

  • changes may be queued locally before transmission,
  • the app may attempt background or immediate sync depending on your configuration and network state,
  • sync may operate across LAN peers or server-backed endpoints,
  • branch-specific records may be synchronized across participating devices,
  • conflict records may be created when local and remote changes cannot be merged automatically,
  • conflict metadata may include local/remote data snapshots, versions, device references, timestamps, and chosen resolution state.

If sync is disabled, the app may remain effectively local-only for affected workflows.

Holy Resource may support payment or donation workflows through configured gateways and processors. Depending on configuration, donor-facing links, gateway setup details, public giving pages, webhook events, recurring payment processing, and donation records may be involved.

Important points:

  • payment processors handle card or payment instrument data under their own policies,
  • Holy Resource may store transaction references, status, gateway configuration details, and resulting donation records,
  • online giving or payment links may expose certain metadata needed to complete the transaction,
  • completed payments may be synced back into Holy Resource as donation or finance records depending on the configured workflow.

9. Messaging, Notifications, and Contact Workflows

Holy Resource supports configurable communication features. Depending on branch configuration, these may use:

  • API-based email providers,
  • custom SMTP,
  • API-based SMS providers,
  • local desktop notifications,
  • contact or support email routing.

These features may process recipient information, message contents, sender settings, routing preferences, and delivery outcomes. You are responsible for ensuring you have the necessary permissions and lawful basis to contact the people whose information you store or message.

10. AI-Assisted Features

If you enable AI-assisted functionality, the feature may send prompts and related context to the external AI provider you configure or use. Generated content may be stored locally in your records if you save it.

Because these features may involve third-party model providers:

  • do not assume zero external processing when AI features are enabled,
  • review the provider's own privacy and data-handling terms,
  • avoid sending unnecessary sensitive information where possible,
  • use internal policies appropriate for pastoral, safeguarding, financial, and child-related records.

11. How We Share Information

We do not sell church data or personal data to data brokers.

We may share information in the following limited circumstances (each recipient will be subject to an appropriate data processing agreement; a public list of subprocessors is maintained on our website):

  • with payment processors and related commerce providers,
  • with update, hosting, or download infrastructure,
  • with communication or notification providers you configure,
  • with AI providers when you enable AI-assisted features,
  • with sync participants or sync infrastructure when sync is enabled,
  • with service providers helping us operate support, security, or delivery workflows,
  • where required by law, court order, or valid legal process,
  • where necessary to protect rights, safety, security, or prevent fraud or abuse,
  • in connection with a merger, financing, acquisition, restructuring, or sale of all or part of the business, subject to appropriate protections where required.

Where applicable law requires a lawful basis for processing, we generally rely on one or more of the following:

  • performance of a contract,
  • legitimate interests,
  • compliance with legal obligations,
  • consent where required or appropriate.

Examples:

  • license validation and paid-feature provisioning may be necessary to perform our contract with you,
  • fraud detection, rate limiting, and abuse prevention may rely on legitimate interests,
  • accounting or tax retention may be required by law,
  • certain optional marketing or specific optional processing may rely on consent if applicable.

13. Data Retention

Retention varies by category.

13.1 Local church records

Church Data stored locally is generally retained under your control until you edit, export, delete, purge, overwrite, or otherwise remove it from your environment.

13.2 Licensing, account, and commercial records

We retain licensing, payment, verification, abuse-prevention, and related operational records for as long as reasonably necessary to provide services, enforce agreements, resolve disputes, maintain continuity, and comply with legal obligations.

13.3 Support and operational records

We retain support tickets, contact submissions, and operational logs for as long as reasonably necessary for support, troubleshooting, security, quality improvement, and legal compliance.

13.4 Update, sync, and communication records

We may retain update, sync, routing, quota, and provider-attempt information for operational continuity, auditing, abuse prevention, delivery troubleshooting, and service analytics.

14. Security

We use reasonable administrative, technical, and organizational measures designed to protect information. These may include:

  • signed updater metadata and release artifacts,
  • encryption or secure transport for relevant network operations,
  • branch-aware separation of records,
  • access controls and ownership verification flows,
  • offline lease and revalidation logic,
  • provider credential validation and testing workflows,
  • conflict tracking and audit-related metadata for sync operations,
  • operational safeguards against misuse or unauthorized distribution.

No method of storage, processing, or transmission is perfectly secure. You remain responsible for:

  • endpoint security,
  • operating-system security,
  • safe credential handling,
  • local backups,
  • access revocation for former staff or volunteers,
  • your own safeguarding and compliance controls.

15. International Transfers

If you use providers or infrastructure located outside your jurisdiction, information may be processed in other countries. Where required, we expect providers to use appropriate safeguards, but the exact protections depend on the provider and jurisdiction.

16. Children's and Sensitive Information

Holy Resource is an administrative tool for churches and ministries, not a consumer social platform for children.

However, organizations may use it to store data relating to:

  • children,
  • guardians,
  • pastoral care,
  • financial giving,
  • volunteer screening or ministry participation,
  • other information that may be sensitive under applicable law.

Your organization is responsible for determining whether it has the necessary notice, consent, lawful basis, policy framework, and safeguards to collect and process those records.

17. Your Rights and Choices

Depending on applicable law, you may have rights such as:

  • access,
  • correction,
  • deletion,
  • restriction,
  • objection,
  • portability,
  • withdrawal of consent where consent is the basis,
  • complaint to a supervisory or regulatory authority.

Because Holy Resource is local-first, many requests relating to Church Data can often be handled directly by your organization inside the app by editing, exporting, deleting, or restricting records locally.

Requests relating to information we control directly, such as licensing, payment, support, or contact data, may be submitted using the contact information below.

18. What We Do Not Promise

This Privacy Policy explains how information is handled. It does not guarantee:

  • that every third-party provider you use has identical privacy practices,
  • that locally stored information can always be recovered if your device fails,
  • that sync conflicts will never occur,
  • that any feature will remain network-free if you intentionally enable connected services.

19. Changes to This Policy

We may update this Privacy Policy from time to time to reflect product, operational, legal, or commercial changes. The version published on this page is the current controlling version unless a different version is expressly required by law.

20. Contact

If you have privacy questions, data requests, or concerns about Holy Resource or Found CTRL's handling of information, contact us at:

Found CTRL
Registered in England & Wales (No. 17079973)
Email: holyresource@foundctrl.com
Website: foundctrl.com

Last updated on

Was this helpful?

Terms of Service

Terms for using Holy Resource and its associated services.

Data Processing Addendum

Terms that apply when Found CTRL processes Church Data on your behalf.

On this page

1. Scope2. Our Privacy Model2.1 Local-first architecture2.2 Branch-aware data model2.3 Optional networked features3. Categories of Information We Process3.1 Church Data you create or manage in the app3.2 Licensing and subscription information3.3 Account, access, and user-management information3.4 Payments and commercial information3.5 Device, update, and operational information3.6 Messaging and communications data3.7 Support and contact data3.8 AI feature dataAge and Children4. Sources of Information5. How We Use Information5.1 To provide and operate Holy Resource5.2 To provision and enforce licensing5.3 To support optional sync features5.4 To process payments and related commercial workflows5.5 To send or route communications you configure5.6 To deliver updates and maintain security5.7 To provide support and respond to inquiries5.8 To improve the Services5.9 To comply with law and protect rights6. When Church Data Leaves the Local Device7. Sync, Queues, and Conflict Handling8. Payments and Donation-Related Features9. Messaging, Notifications, and Contact Workflows10. AI-Assisted Features11. How We Share Information12. Legal Bases13. Data Retention13.1 Local church records13.2 Licensing, account, and commercial records13.3 Support and operational records13.4 Update, sync, and communication records14. Security15. International Transfers16. Children's and Sensitive Information17. Your Rights and Choices18. What We Do Not Promise19. Changes to This Policy20. Contact