Privacy Policy

Notice at Collection

This short notice summarizes our privacy practices. The full details are in the numbered sections below.

What we collect: account and church information from staff, conversation content and contact details voluntarily shared by visitors, and limited technical data such as IP address and browser type. See Section 3.
Why we collect it: to operate the digital greeter, generate responses, deliver the Service, process payments, send transactional and (with consent) marketing email, and keep the platform secure. See Section 4.
Who we share it with: only with vetted service providers acting on our behalf (hosting, AI inference, payments, email, SMS) and with church integrations you choose to connect. See Section 7.
We do not sell your personal data and we do not use it for targeted advertising or for profiling that produces legal or similarly significant effects.
Sensitive data: visitors may voluntarily share religious, health, family, or other sensitive information (for example, in a prayer request). We treat that information as sensitive personal data and only process it for the purposes you submit it for. See Section 3.4.
Your rights: depending on where you live, you can request access, correction, deletion, portability, or opt out of certain processing. Submit a request at /privacy/request or email privacy@greetyr.com. See Section 10.

1. Introduction & Scope

Greetyr ("Greetyr," "we," "us," or "our") operates a digital greeter service for churches and religious organizations (the "Service"). This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have. It applies to the Service, the greetyr.com website, our embeddable greeter widget, transactional communications we send, and any related Greetyr-operated pages.

We use this policy to describe practices for two groups of people:

Church staff and account holders (our customers) who create accounts, configure their digital greeter, and manage visitor conversations from the Greetyr dashboard.
Visitors who interact with a digital greeter that has been embedded on a church's website.

For visitor data processed through a church's digital greeter, the church is the "controller" (or "business") of that data and Greetyr acts as a "processor" (or "service provider") on the church's behalf. Visitors with questions about a specific church's practices should contact that church directly. For account, billing, and Service-level data, Greetyr is the controller.

2. Who We Are

Greetyr is operated from Austin, TX. You can reach us at:

Greetyr
5900 Balcones Drive, STE 100
Austin, TX 78731
USA
Email: privacy@greetyr.com

3. Information We Collect

3.1 Church Staff Account Data

When you create or use a staff account, we collect:

Email address and full name
Password (stored only as a salted hash by our authentication provider)
Profile picture or avatar URL (optional)
Role within the church account (owner, staff, or admin)
Church identifier and team membership
Last-login timestamp and basic audit history

3.2 Church Configuration & Content

To customize and operate your digital greeter, churches provide and we store:

Church name, denomination, location, campuses, and contact information
Service times, calendar events, and recurrence rules
Documents you upload (PDFs, DOCX, TXT) and their text and vector embeddings
Website content we crawl when you connect your church website
Social media posts from accounts you choose to connect (YouTube, Facebook, Instagram, TikTok)
OAuth tokens for connected services (encrypted at rest)
Widget customization (colors, greeter character, welcome messages)
Policies, guardrails, topic controls, and staff-authored corrections

3.3 Visitor Data

When a visitor interacts with a digital greeter, we collect (on behalf of the church that deployed it):

Conversation messages and the greeter's responses
Anonymous session and visitor identifiers (such as a random session ID stored in browser sessionStorage and a returning-visitor flag in localStorage)
Contact details voluntarily provided by the visitor — name, email, and phone number — submitted through a contact card
Interests, source/how-found values, and visit-intent details (e.g., planned visit date, first-time-visitor flag)
Conversation summaries and memory generated to maintain context across a session
Escalation requests and any feedback or rating left for a response
IP address, user-agent string, and timestamp of each request (collected for security, abuse prevention, and rate limiting)
Consent indicators recorded when a visitor submits contact information

3.4 Sensitive Personal Data

The Service is built for churches, and conversations may touch on topics that several US state privacy laws (including the Texas Data Privacy and Security Act, the California Consumer Privacy Act, and similar laws in Virginia, Colorado, Connecticut, Utah, and Florida) classify as "sensitive personal data." In particular:

Religious or philosophical beliefs (denominational context, prayer requests, faith-related questions)
Health, mental health, family, or relationship information a visitor chooses to share in chat or in a prayer request
Other categories a visitor voluntarily includes in a message

We process sensitive personal data only for the purposes the visitor submitted it for (for example, to deliver a prayer request to the church or to answer a faith-related question), to operate and secure the Service, and as required by law. We do not sell sensitive personal data and we do not use it to build cross-context advertising profiles. By voluntarily submitting a prayer request or including sensitive information in a message, the visitor consents to our processing of that information for those purposes.

3.5 Usage & Technical Data

When you or visitors use the Service we automatically collect:

Server access logs (IP address, request path, response code, user-agent)
Error logs and performance telemetry
Feature usage events generated by the dashboard and the widget
Device and browser characteristics needed to render the Service correctly

We do not currently load third-party advertising or analytics pixels (such as Google Analytics, Meta Pixel, or similar) on our marketing website or in the embedded widget.

3.6 Payment Data

Payments are processed by Stripe. We do not receive or store full payment-card numbers. From Stripe we receive a customer identifier, a subscription identifier, your subscription status, and limited metadata (such as the last four digits of a card, card brand, and expiration date) needed to display billing information and support the account.

4. How We Use Information

We use the information described above to:

Provide, operate, and maintain the Service and the embeddable widget
Generate responses to visitor messages using retrieval and large language models
Create and store vector embeddings of church content for semantic search
Run background jobs that summarize conversations, accumulate visitor memory, detect themes, and identify knowledge gaps
Run quality-assurance evaluations of the greeter's answers
Process subscriptions and payments and manage your billing relationship with Stripe
Send transactional email and (where applicable) SMS — account notifications, escalations, prayer-request alerts, and security messages
Send marketing email to people who subscribed to the Greetyr Journal newsletter (every commercial message includes an unsubscribe link)
Respond to support requests and inquiries
Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms
Comply with legal obligations and enforce our agreements

5. AI Processing & Data

The Service relies on large language models to generate greeter responses. When a visitor sends a message, we assemble a prompt that may include:

The visitor's message and recent conversation history
Relevant excerpts retrieved from the church's knowledge base (documents, website content, calendar events, social posts, staff corrections)
The church's configured voice, policies, guardrails, and topic controls

That assembled prompt is sent to our AI providers (currently OpenAI and Anthropic) for inference. We rely on each provider's enterprise API terms, which prohibit the use of customer inputs and outputs to train their foundation models. We do not use customer or visitor data to train any of our own or any third-party general-purpose AI models. Document text and embeddings remain in our own database.

6. Google API Services

If you connect your Google Calendar, Greetyr accesses your calendar data using the following Google API scopes:

calendar.readonly: read your calendar events (service times, church events, schedules)
calendar.events: create events in your calendar when you push events from the dashboard

Greetyr's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We only use Google Calendar data to power your church's digital greeter and display events in your dashboard
We do not use Google data for advertising or sell it to third parties
We do not use Google data to build user profiles for purposes unrelated to the Service
Calendar data is stored securely and only accessible to your church's account administrators

8. Data Retention

We retain personal information as follows:

Account data: retained while your account is active and deleted within 30 days after you confirm account deletion from the dashboard
Church content (uploaded documents, crawled website content, synced social content, calendar events): retained while your account is active
Chat sessions: archived after 90 days of inactivity; expired sessions are automatically purged after their expiration timestamp
Preview sessions (created by the in-dashboard widget tester): purged within 24 hours
Server logs and security telemetry: retained for a limited period needed for security, debugging, and abuse prevention
Payment and tax records: retained for up to 7 years as required by applicable financial and tax law

You can request earlier deletion of personal data at any time using the process in Section 10, subject to limited exceptions where we are required or permitted to retain it (for example, to complete a transaction, prevent fraud, or comply with law).

9. Security

We implement reasonable administrative, technical, and physical safeguards to protect personal information, including:

HTTPS/TLS encryption in transit
Encryption at rest for the database and for stored OAuth credentials
Salted, hashed password storage through our authentication provider
Row-level security policies on database tables to prevent cross-tenant access
CSRF protection, rate limiting, and request validation at the API boundary
Access controls, audit logging, and least-privilege practices for our internal staff

No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information we will notify you as required by applicable law.

10. Your Privacy Rights

The rights described below come from applicable US state privacy laws. We extend the substantive rights (access, correction, deletion, portability) to all individuals on a good-faith basis regardless of state of residence. To submit a request, see Section 10.4.

10.1 Texas Residents (TDPSA)

Under the Texas Data Privacy and Security Act, Texas residents have the right to:

Confirm whether we are processing your personal data and access that data
Correct inaccuracies in your personal data
Delete personal data provided by or obtained about you
Obtain a copy of your personal data in a portable, readily usable format
Opt out of the sale of personal data, the processing of personal data for targeted advertising, and profiling in furtherance of decisions that produce legal or similarly significant effects
Appeal a decision we make on a privacy request

We do not engage in the sale of personal data, targeted advertising, or profiling that produces legal or similarly significant effects, so there is currently no opt-out for you to exercise in those categories.

We will respond to verified requests within 45 days. We may extend that period once by an additional 45 days when reasonably necessary, and we will notify you of any extension. If we decline a request you may appeal by replying to our response email or writing to privacy@greetyr.com; we will respond to the appeal within 60 days and, if denied, will provide instructions for filing a complaint with the Texas Attorney General.

10.2 California Residents (CCPA/CPRA)

California residents have the right to:

Know what categories of personal information we collect, the sources of that information, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it
Access a copy of the specific pieces of personal information we have collected about you in the prior 12 months
Correct inaccurate personal information
Request deletion of personal information we collected from you
Opt out of the "sale" or "sharing" of personal information (we do neither)
Limit our use and disclosure of sensitive personal information to purposes specified in the CCPA
Not receive discriminatory treatment for exercising your rights
Designate an authorized agent to submit a request on your behalf

In the prior 12 months we have collected personal information in the categories listed in Section 3 (identifiers, contact information, commercial information such as subscription records, internet or other electronic network activity, and inferences drawn from any of the above). We collect it from the sources described in Section 3 (directly from you, from visitor interactions with the greeter, and automatically from your use of the Service) and share it with the categories of recipients described in Section 7. We do not sell or share personal information for cross-context behavioral advertising, and we have not done so in the prior 12 months. We have not knowingly sold or shared the personal information of consumers under 16 years of age.

10.3 Virginia, Colorado, Connecticut, Utah, and Florida Residents

Under the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and the Florida Digital Bill of Rights, residents of those states have the right to access, correct (except Utah and Iowa, which do not provide a correction right), delete, and obtain a portable copy of their personal data, and to opt out of the sale of personal data, targeted advertising, and (in Virginia, Colorado, Connecticut, and Florida) certain forms of profiling. Residents of Virginia, Colorado, Connecticut, and Florida may appeal a decision we make on a privacy request using the process described in Section 10.1. Colorado and Connecticut residents may submit opt-out preference signals (such as Global Privacy Control); we honor those signals where technically feasible, although our Service does not currently engage in the practices they would opt out of.

10.4 How to Exercise Your Rights

You can submit a privacy request in one of two ways:

Visit /privacy/request for instructions, or
Email privacy@greetyr.com with the subject line "Privacy Request."

To protect your information we will need to verify your identity, generally by confirming control of the email address associated with the account or, for visitors, by matching information you previously provided through the greeter. We do not charge a fee for verified requests, except where permitted by law for repeated or manifestly unfounded requests. We accept requests from authorized agents who provide written authorization from the consumer and (where applicable) proof of identity.

Note for visitors: if your request relates to conversations with a digital greeter on a church's website, that church is the controller of your data. We will forward your request to the church or coordinate with them to fulfill it.

11. Cookies & Similar Technologies

We use a small number of cookies and browser-storage keys, all of which are strictly necessary to operate the Service or to remember your preferences:

Supabase authentication cookies (sb-*): keep you signed in to the dashboard
greetyr_session_id (sessionStorage): identifies a single visitor session in the widget
greetyr_returning_[churchId] (localStorage): remembers that a visitor has interacted with a particular church's greeter before
greetyr_user_interacted, greetyr_nudge_dismissed, greetyr_nudged_paths (sessionStorage): control widget nudge behavior
greetyr_onboarding: short-lived cookie used during the onboarding flow
admin_session_token: used only by Greetyr-internal admin tools

We do not use advertising cookies and we do not embed third-party analytics tracking pixels on our marketing website or in the embedded widget. You can control cookies through your browser settings; disabling strictly-necessary cookies will affect the Service's functionality.

12. Marketing Communications

If you subscribe to the Greetyr Journal newsletter, we collect your email address, the source of the subscription (for example, the website footer), and the page you subscribed from. In line with the CAN-SPAM Act, every commercial email we send includes:

A clear identification of Greetyr as the sender
A truthful subject line
A one-click unsubscribe link
Our physical mailing address: 5900 Balcones Drive, STE 100, Austin, TX 78731, USA

Transactional emails (account confirmations, billing receipts, escalations, security alerts) are part of the Service and are not subject to the marketing unsubscribe.

13. Children's Privacy

The Service is not directed to children. In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. Consistent with the Texas Securing Children Online through Parental Empowerment (SCOPE) Act and similar laws, we also do not knowingly create accounts for, sell or share the personal data of, or engage in targeted advertising to, individuals under 18.

Prayer requests and visitor chat are intended for adults. Each church that deploys a digital greeter is responsible for how that greeter is presented on its website and for any interactions with members of its congregation.

If you are a parent or guardian and believe a child has provided personal information through the Service, please contact us at privacy@greetyr.com and we will delete it.

14. International Data Transfers

The Service is hosted in the United States, and the service providers listed in Section 7 process personal information in the United States and other countries. If you access the Service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

15. Third-Party Links

The Service may link to third-party websites or services that we do not operate and that have their own privacy practices. We are not responsible for those practices and we encourage you to read the privacy policies of any third-party site you visit.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where feasible, notify account owners by email or by an in-app banner at least 30 days before the changes take effect. Your continued use of the Service after a change becomes effective constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Privacy: privacy@greetyr.com
General support: support@greetyr.com
Mailing address: Greetyr, 5900 Balcones Drive, STE 100, Austin, TX 78731, USA