Pulpit← Back home

Legal · Privacy Policy

Privacy Policy

Effective May 7, 2026 · Last updated May 7, 2026

This Privacy Policy describes how Pulpit (operated by Kaldr Tech, “we”, “us”) collects, uses, and protects information when you use our service. Plain-English version: your church's data is your church's data.

What we collect

  • Account info: name, email, phone number, role within your church.
  • Member directory: the names, contact info, and pastoral status tags your pastor enters about congregants.
  • Voice + SMS records: call transcripts, recordings (where state law and consent allow), and SMS message logs from interactions with Pulpit's voice agents and SMS line.
  • Giving data: donation amounts and dates (processed via Stripe; we never see card numbers).
  • Usage telemetry: page views, click events, and audit-log entries for security and product improvement.

Pastoral care notes & clergy privilege

Pastoral care notes are encrypted with a per-pastor key derived from a master key Kaldr Tech holds in escrow. We designed the system so we cannot read these notes without your pastor's active session. Default retention is 30 days; crisis-tagged notes retain for 7 days; notes the caller asks to be marked private retain for 0 days.

Crisis call data

Calls flagged by the 988 detection system are logged with minimum metadata (timestamp, transfer destination, duration). The transcript is encrypted; only the originating church's pastor and Kaldr Trust & Safety reviewers can decrypt, and T&S decryption requires an audit-logged reason.

How we use your data

  • To deliver the service you signed up for
  • To send service emails (magic links, receipts, alerts)
  • To detect abuse, fraud, and crisis indicators
  • To improve product features (aggregated, never identified)

We do not train AI models on your data and we do not sell or rent your member directory.

Who we share data with

  • Sub-processors who help us deliver the service: Supabase (database + auth), Vercel (hosting), Stripe (payments), Twilio (SMS), Vapi (voice), ElevenLabs (text-to-speech), OpenRouter (AI), Resend (email).
  • The 988 Lifeline when a crisis is detected and we transfer the call. We pass only the caller's phone number; we do not share name, address, or church affiliation.
  • Law enforcement only when compelled by valid legal process and with notice to you where lawful.

Your rights

  • Export all your data at any time
  • Delete your account and all data within 30 days
  • Correct inaccurate information
  • Opt out of non-essential email and push notifications
  • Members of your church can request their personal data be corrected or deleted; the pastor processes these requests through the admin tools

Data retention

We retain account data while your subscription is active. After cancellation, you have 30 days to export data; after that we delete it within 90 days. Audit logs are retained for 7 years for compliance purposes.

Data security

All data is encrypted in transit (TLS) and at rest (AES-256). We use Row Level Security in Postgres so churches cannot see each other's data even in the event of a code bug. Multi-factor authentication is required for pastoral, treasurer, and super-admin roles.

Children

Pulpit is designed for use by adults. Children's data (kids' ministry check-in PINs, photo permissions) is processed only on behalf of the church under the parent/guardian relationship managed by the church. We comply with COPPA where applicable.

Changes to this policy

Material changes will be announced by email at least 30 days before they take effect. The “last updated” date at the top of this page reflects the most recent revision.

Contact

Questions about your data? Email lasean@kaldrbusiness.com.