Altario Back

Privacy Policy

Last updated: April 13, 2026

1. Introduction

Altario ("we", "our", or "us") operates the altario.app platform and the Altario mobile applications for iOS and Android, collectively a church management software-as-a-service. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

2. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, and authentication credentials when you create an account (via email/password or Google Sign-In).
  • Church Data: Member information (name, email, phone, WhatsApp number, address, date of birth, anniversary date, gender, custom tags), event data, attendance records, and communications that you enter into the platform.
  • Donor Information: When donors make donations through a church's donation page, we collect their name, email address, and optional message. This information is retained with the donation record and shared with the church's connected Stripe account.
  • Payment Information: Billing details processed securely through Stripe. We do not store credit card numbers.
  • Usage Data: Log data, device information, IP addresses (for rate limiting and security), and analytics to improve our service.
  • Mobile Device Information: When you use our mobile app, we collect device type, operating system version, and a unique device identifier for authentication purposes. We do not collect precise location data.

3. How We Use Your Information

  • To provide and maintain the Altario service.
  • To process payments and manage subscriptions.
  • To send transactional emails (verification, receipts, notifications).
  • To provide customer support.
  • To monitor and improve the platform's performance and security.

4. Data Storage and Security

Your data is stored securely using Google Cloud (Firebase) infrastructure with encryption at rest and in transit. We implement industry-standard security measures including authentication, access controls, rate limiting, and audit logging. Only authorized personnel can access your data, and only when necessary to provide support.

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Google (Firebase): For authentication (including Google Sign-In), database storage, and file hosting.
  • Stripe: For subscription payment processing and donation processing via Stripe Connect.
  • Resend: For transactional email delivery (receipts, notifications, verification emails).
  • Vercel: For hosting, content delivery, and usage analytics.
  • Sentry: For error tracking and monitoring. We configure Sentry to exclude personally identifiable information from error reports.
  • Upstash: For rate limiting and security. Only temporary request counters are stored, not personal data.
  • Meta (WhatsApp Business API): When enabled by a church, member phone numbers and messages are sent via Meta's WhatsApp Business API. Churches are responsible for obtaining member consent before sending WhatsApp messages.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: You may request a copy of all personal data we hold about you.
  • Correction: You may request correction of inaccurate personal data.
  • Deletion: You may request deletion of your account and associated personal data. Upon deletion, your data will be permanently removed within 30 days. Churches may retain donation records for tax and accounting purposes.
  • Data Portability: Church administrators can export member lists and donation records in CSV format at any time.
  • Consent Withdrawal: You may withdraw consent for optional data processing (e.g., WhatsApp messaging) at any time.

To exercise any of these rights, contact us at support@altario.app.

7. Cookies and Local Storage

On our web platform, we use essential cookies for authentication and session management, and browser local storage to remember your preferences (such as dismissed notifications). On our mobile apps, we use device-local storage for authentication tokens and user preferences. We do not use advertising or tracking cookies on any platform.

8. Data Location

Your data is stored on Google Cloud (Firebase) infrastructure. By using Altario , you consent to the transfer and processing of your data by our service providers. For customers subject to GDPR, a Data Processing Agreement (DPA) is available upon request.

9. Church Responsibilities

Churches using Altario act as data controllers for their member data. Churches are responsible for obtaining appropriate consent from their members before entering personal data into the platform, sending communications, or enabling WhatsApp messaging. Altario provides the tools; the church manages the relationship with its members.

10. Audit Logging

We maintain audit logs of administrative actions for security and compliance purposes. These logs include user identifiers, action types, and timestamps, and are retained as required by law.

11. Data Retention

We retain your data for as long as your account is active. When you delete your account, we remove your personal data within 30 days. Church data is retained for the church administrator to manage.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@altario.app.