Privacy Policy

Last updated: March 2026

1. Introduction

Lumen Suite ("we," "our," or "us") is a cloud-based church management platform. We are committed to protecting the privacy and security of the personal data entrusted to us by churches and their congregations. This Privacy Policy explains how we collect, use, store, and share information when you use our services.

2. Information We Collect

2.1 Account Information

When a church registers for Lumen Suite, we collect:

• Church administrator's name, email address, phone number, and login credentials
• Church name, address, website, head pastor, logo, and accent color preferences
• Subscription tier (Free, Basic, Pro, or Enterprise), billing details, and Stripe customer/subscription IDs

2.2 Member Data

Church administrators enter and manage the following data about their congregation members:

• Personal information: First name, last name, email, phone, address, birthday, anniversary, gender, baptism date, and photographs
• Church information: Membership status, member-since date, family affiliations, and ministry assignments
• Attendance records: Event check-in history and attendance patterns
• Financial records: Offering amounts, offering types, batch entries, donor summaries, expense submissions, budget allocations, and year-end giving statements
• Pastoral notes: Private notes attached to member profiles

2.3 Prayer Requests

Members may submit prayer requests with titles, descriptions, categories (Health, Family, Financial, Spiritual, Other), and visibility settings. Prayer request status (Active, Answered, Archived) is tracked over time.

2.4 Families & Visitation Data

Family records include household groupings, addresses, head-of-household designation, and linked members. Visitation plans include visit points, route ordering, visit dates, start times, and notes. When using route optimization, addresses are sent to Google Directions API.

2.5 Assets & Inventory

Asset records may include item names, categories, purchase dates, costs, condition ratings, locations, serial numbers, photographs, barcode data, and maintenance schedules.

2.6 Bulletins, Study Groups & Registration Forms

Bulletin content includes sermon titles, scripture references, worship order, announcements, and QR code URLs. Study group data includes group names, leaders, session topics, attendance, and member comments. Registration form submissions may include any custom fields defined by the church.

2.7 Technical Data

We automatically collect browser user agent strings and general usage analytics to improve our service. We do not use tracking cookies for advertising.

3. How We Use Your Data

We use the information collected to:

• Provide and maintain Lumen Suite's church management features
• Enforce subscription tier limits and feature gating through our FeatureGate system
• Process billing through Stripe
• Provide the 14-day free trial experience with Pro-level access
• Send system notifications and account-related communications
• Maintain audit trails via the Activity Log for accountability
• Provide personalized data migration assistance (Excel, CSV, PDF import)
• Generate reports: financial summaries, attendance trends, member analytics, and giving statements

4. Multi-Tenant Data Isolation

Lumen Suite is a multi-tenant application. Each church's data is completely isolated at the database level using tenant-scoped queries. No church can access another church's data. Row-level security (RLS) policies in our database layer enforce this isolation.

5. Role-Based Access Control

Within each church tenant, we enforce granular role-based access control (RBAC) with 11 defined roles: System Admin, Church Admin, Expense Admin, Member Admin, Ministry Admin, Events Admin, Asset Admin, Forms Admin, Bulletin Admin, Small Group Admin, and Prayer Admin. Each role limits access to specific modules following the principle of least privilege.

6. Data Security

We employ industry-standard security measures including:

• Encryption in transit (TLS/HTTPS) and at rest
• Content Security Policy (CSP), Strict Transport Security (HSTS), and Cross-Origin policies
• Client-side JavaScript obfuscation for production deployments
• Supabase Row-Level Security for database-layer data protection
• Azure Static Web Apps hosting with enterprise-grade infrastructure

7. Third-Party Services

We integrate with the following third-party services:

• Stripe: Payment processing for subscription billing.
• Google Maps / Directions API: Used for the Families map view and Visitation route optimization.
• Supabase: Backend-as-a-service for authentication, database hosting, and real-time features.
• Azure: Static Web Apps hosting for the landing page and related infrastructure.

8. Data Retention & Deletion

Church data is retained for the duration of the active subscription. When a church administrator deactivates their account or requests deletion, all associated data will be permanently deleted within 30 days. Churches can export their data at any time using CSV and Excel export features.

9. Children's Privacy

Lumen Suite includes features for children's ministry check-in and family grouping. While churches may enter information about minors as part of their member directory, we do not directly collect personal information from children. Church administrators are responsible for obtaining appropriate parental consent.

10. International Use & Multi-Language

Lumen Suite supports English, Korean (한국어), and Spanish (Español) for its user interface. While our servers are hosted in the United States, the service may be used by churches worldwide. By using Lumen Suite, you consent to the transfer of data to the United States for processing.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a machine-readable format
• Object to certain processing activities

Church administrators can exercise most of these rights directly through the Lumen Suite interface. For additional requests, contact us at support@lumensuite.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active subscribers of material changes via email. Continued use of Lumen Suite after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: xjimmypark@gmail.com
• Contact form: lumensuite.com/contact