Privacy Policy

We take your privacy seriously. This policy explains what data we collect, how we use it, and the rights you have over it. We never sell your data.

1. Who We Are

NewoHQ ("we", "us", "our") is a SaaS platform that helps churches build websites and manage their congregations. When you use NewoHQ, you trust us with information about yourself and your members. We take that responsibility seriously.

2. What Data We Collect

Account data: When you register, we collect your name, email address, and password (hashed — never stored in plain text). We also collect your church's name and subdomain slug.

Congregation data: As you use the platform, data about your church members (names, emails, attendance records, giving history, form submissions) is stored on your behalf. You are the data controller for this information; we process it only to provide the service.

Payment data: Online giving and store transactions are processed by Stripe. We do not store card numbers or full payment details — Stripe handles PCI compliance. We store transaction records (amount, date, donor name/email) to provide reporting to your church.

Usage data: We collect logs of how the platform is used (page views, feature interactions, error logs) to improve the service. This data is aggregated and not linked to individual identities.

Cookies: We use cookies to keep you logged in and remember your preferences. See Section 8 for details.

3. How We Use Your Data

To provide and maintain the NewoHQ platform
To authenticate your account and keep it secure
To process donations and store transactions through Stripe
To send transactional emails (password resets, receipt confirmations)
To respond to support requests
To improve the platform through aggregated usage analytics

We do not use your data or your members' data for advertising, and we do not sell it to any third parties.

4. Data Sharing

We share data only with:

Stripe — for payment processing. Stripe's privacy policy applies to payment data.
Cloud infrastructure providers — our hosting and database providers operate under data processing agreements with us.
Law enforcement — only when legally required by a valid court order or subpoena.

We will never sell, rent, or share your data with advertisers or data brokers.

5. Data Retention

Your data is retained while your account is active. If you cancel your account, your data is retained for 30 days to allow for export, then permanently deleted. You may request immediate deletion by contacting us at admin@newohq.com.

Transaction records may be retained for up to 7 years as required by financial regulations.

6. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of the data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and associated data
Portability: Export your church's data in a portable format
Objection: Object to certain uses of your data

To exercise any of these rights, contact us at admin@newohq.com. We will respond within 30 days.

7. Security

We protect your data using:

HTTPS/TLS encryption for all data in transit
HttpOnly, Secure, SameSite cookies to prevent token theft
Bcrypt password hashing
Session invalidation on logout and password reset
Role-based access control — church admins can only access their own church's data

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to admin@newohq.com.

8. Cookies

We use the following types of cookies:

Authentication cookies: HttpOnly session cookies that keep you logged in. These cannot be accessed by JavaScript and expire after 7 days.
Preference cookies: Store settings like your cookie consent choice (newo_consent), valid for 1 year.

You can decline non-essential cookies using the banner shown on your first visit. Declining cookies does not affect your ability to use the platform, but you will need to log in each session.

9. Children's Privacy

NewoHQ is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

Note: churches may use the Kids Check-In module to record attendance for minors. This data is managed by the church (the data controller) and is only accessible to that church's administrators.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting the updated policy here with a new "Last updated" date. Continued use of the platform after changes constitutes acceptance.

11. Contact

For privacy-related questions or to exercise your rights, contact us at admin@newohq.com.