1. Introduction

TheVine (“we”, “our”, or “us”) operates the TheVine mobile application and web platform (collectively, the “Service”). This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the choices you have regarding your data.

By creating an account or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account registration: First name, last name, email address, phone number, and an invite code required to join the platform.
• Profile information: Role within your organisation (e.g. member, admin), church or organisation name, and denomination.
• Convert records: Names, phone numbers, locations, categories (prospective or current), conversion dates, and notes about individuals you are following up with as part of your ministry work.
• Follow-up tasks: Task descriptions, due dates, assigned users, status updates, and notes.
• Activity logs: Notes, mood indicators, engagement ratings, and outcomes you record after pastoral interactions.
• Call outcome records: Whether a call was answered, unanswered, or deferred, along with optional notes you choose to add.
• Password / PIN: Stored in hashed form; we never store or transmit plain-text credentials.

2.2 Information Collected Automatically

• Device identifiers: Firebase Cloud Messaging (FCM) device tokens used solely to deliver push notifications to your device.
• Platform information: Operating system type (Android or iOS) associated with your device token.
• Usage events: API request logs (endpoint, response status, timestamp) retained for debugging and reliability purposes. These logs do not contain the full content of your data.
• IP address: Captured by our server infrastructure for security monitoring and rate-limiting; not linked to your user profile for analytical purposes.

2.3 Information We Do Not Collect

• We do not collect precise GPS location or background location data.
• We do not access your contacts, camera, microphone, or media library.
• We do not collect financial or payment information.
• We do not use third-party advertising networks or sell your data to advertisers.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account and authenticate your identity.
• Provide core Service features: managing converts, tasks, activity logs, and ministry statistics.
• Send push notifications about overdue follow-up tasks, call outcome reminders, and other in-app alerts you have enabled.
• Process and display dashboard statistics aggregated from your records (e.g. prospective convert count, task completion rate).
• Allow organisation administrators to manage members and settings.
• Monitor service health, investigate errors, and improve the reliability and performance of the platform.
• Comply with applicable legal obligations.

4. Push Notifications

The Android application requests the POST_NOTIFICATIONS permission on Android 13 and above. We use Firebase Cloud Messaging (FCM) to deliver notifications. Your FCM device token is stored on our servers and associated with your account. It is used only to send you notifications relevant to your ministry activity (e.g. task reminders, call outcome prompts).

You may revoke notification permission at any time through your device's system settings. Revoking permission will prevent push notifications but will not affect other Service features.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

• Within your organisation: Records you create (converts, tasks, activity logs) are visible to other members of your organisation on the platform as part of the collaborative ministry workflow.
• Service providers: We engage third-party infrastructure providers (cloud hosting, database, and Firebase for push notifications) who process data on our behalf under data processing agreements. They are contractually restricted from using your data for any other purpose.
• Legal obligations: We may disclose information if required by law, court order, or to protect the rights, property, or safety of TheVine, our users, or the public.
• Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email or a prominent notice on the Service before your data becomes subject to a different privacy policy.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal compliance (e.g. financial records) or where it is part of aggregated, non-identifiable statistics.

FCM device tokens are deleted from our servers when you log out from a device or when your account is deleted.

7. Data Security

We apply industry-standard security measures to protect your data:

• All data in transit is encrypted using TLS (HTTPS).
• Passwords and PINs are stored using strong one-way hashing (bcrypt / Argon2); we cannot retrieve your plain-text credentials.
• Our servers are hosted in a private VPS environment with restricted access, firewalls, and regular security updates.
• Access to production data is limited to authorised personnel only.

While we take every reasonable precaution, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated personal data.
• Portability: Request an export of your data in a structured, machine-readable format.
• Objection / Restriction: Object to or request restriction of certain processing activities.
• Withdraw consent: Where processing is based on consent (e.g. push notifications), you may withdraw consent at any time via device settings.

To exercise any of these rights, contact us at support@thevine.app. We will respond within 30 days.

9. Children's Privacy

The Service is intended for use by individuals aged 16 and older. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16 without verifiable parental consent, we will delete that information promptly. If you believe we may have inadvertently collected such data, please contact us at support@thevine.app.

10. Third-Party Services

The Service integrates with the following third-party services. Each has its own privacy policy:

• Firebase (Google LLC): Used for push notification delivery via Firebase Cloud Messaging. Firebase Privacy Policy
• Cloud hosting provider: Our application and database run on a Virtual Private Server (VPS). Data is stored within the hosting region selected by our infrastructure configuration.

We are not responsible for the privacy practices of third-party services. We encourage you to review their policies before use.

11. International Data Transfers

Your data may be processed and stored in countries outside your country of residence. By using the Service, you consent to the transfer of your information to servers that may be located outside your jurisdiction. We take steps to ensure that any cross-border transfer complies with applicable data protection law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the effective date at the top of this page and, where appropriate, by sending a notification through the app or to your registered email address. We encourage you to review this policy periodically.

Continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: