Privacy Policy

The short version

Mission Broadcast is built for families, not data-mining. We collect what we need to deliver the service — letters, photos, subscriber lists, payment info via Stripe, sign-in via Google — and we don't sell, rent, or trade any of it.

We use a few well-known third-party providers to deliver the service (email, payments, hosting). We list them all by name below. They're contractually limited to handling your data only on our behalf.

You can request access to, correction of, deletion of, or export of your data at any time. We honor those requests on a clear timeline. The rest of this document is the specifics.

1. What we collect

From you, the account holder

• Your name and email address, captured when you sign in via Google.
• Account preferences: which missionary you're managing, plan tier, settings on the missionary's public site.
• Payment info: handled and stored by Stripe. We receive only what's necessary to confirm a charge (Stripe customer ID, last 4 digits of card, expiry, country) — never your full card number or CVV.
• Communications with us: support emails, feedback widget submissions.

From your missionary's site

• Letter content (text, HTML, attached photos, files) sent to letters@<your-domain> or composed in the admin console.
• Location data: map pin coordinates (entered manually, geocoded from a typed address, or set by email command).
• Site configuration: bio, photo, mission start/end dates, customization settings.

From subscribers

• Email address and (optional) name, captured when they subscribe (via the site form or by emailing subscribe@<your-domain>).
• Subscribe / unsubscribe timestamps and the source of each action.
• Email-delivery events from our outbound provider (delivered / opened / bounced / unsubscribed). We use these for deliverability hygiene; we do not build behavioral profiles.

Automatically, when anyone visits the site

• Standard request metadata: IP address, browser user-agent, referring URL, request timestamp. Used for security, abuse prevention, and basic operational logging.
• Session cookies (described in Cookies & tracking below).

2. How we use it

We use your information to:

• Operate the service — deliver letters, render the public archive, draw the map, etc.
• Process payments and manage subscriptions through Stripe.
• Send transactional emails: welcome messages, payment receipts, expiry warnings, support replies.
• Maintain deliverability — bounce processing, unsubscribe tracking, spam-complaint handling.
• Protect the service from abuse, fraud, and security incidents.
• Improve the service: aggregate usage statistics, debugging logs, support-quality review. We do not analyze individual letter content for product improvement.
• Comply with legal obligations.

We do not use your data, your subscribers' data, or your letter content to train AI models, sell advertising, or feed third-party analytics platforms.

3. Who we share with

We share data with the following service providers, only for the purposes listed. Each is contractually bound to handle data only on our behalf and to maintain reasonable security.

Sub-processors

• Stripe, Inc. (United States) — payment processing. Receives the information needed to charge you, issue refunds, and run subscription billing. Stripe Privacy Policy.
• Brevo SAS (France) — transactional and broadcast email delivery. Receives subscriber email addresses, names, and message content to send letters and notifications. Brevo Privacy Policy.
• Twilio SendGrid, Inc. (United States) — inbound email parsing (the letters@ and command-address routing). Receives inbound email content and sender addresses. SendGrid Privacy Policy.
• Google LLC (Firebase) — authentication, hosting, storage, and database. Stores account records, missionary documents, letter content, photos, and subscriber lists at rest. Firebase Privacy Information.
• OpenStreetMap Foundation (Nominatim service) — address geocoding for map pin locations. Receives address queries (city / neighborhood / postal address); receives no personal identifiers.
• Porkbun, LLC (United States) — domain registration for managed-custom-domain customers. Receives the legal registrant information you provide at checkout for any domain we register on your behalf.

Other recipients

• Service-related recipients you direct. Subscribers themselves receive the letters and photos you send; people you bcc / cc on inbound mail receive what you send them.
• Legal authorities, where required by valid legal process, court order, or to protect rights, safety, or the integrity of the Service.
• Successors in interest. If we are acquired, merge with another entity, or sell substantially all of our assets, your information may transfer to the successor — subject to a privacy policy at least as protective as this one. We'll notify you in advance of any such transfer.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. (See the California Privacy Notice for the technical CCPA/CPRA-specific definitions of "sell" and "share.")

4. Cookies & tracking

We use a minimal set of cookies, all first-party, and no third-party tracking pixels or advertising cookies.

• Authentication. When you sign in via Google OAuth, Firebase Auth sets a session cookie so you stay signed in. Without it, you'd have to sign in on every page load.
• Archive pre-auth. When a subscriber clicks a magic link from a broadcast email, we set a short-lived cookie that lets them browse the archive without signing in. The session expires after one year of inactivity.

That's the complete list. We do not use Google Analytics, Meta Pixel, or any other tracking-pixel system on this Service.

5. How long we keep data

• Letters, photos, attachments, subscriber lists, and map pins — retained for the duration of the missionary's active paid subscription. When the paid subscription ends (mission completion, voluntary cancellation, lapsed payment, or paused-credit expiration), the archive enters a 30-day export window and is then permanently deleted, unless an Archive Keepalive subscription is active. See the Terms of Service for the full policy.
• Account record — retained while your account is active. After closure, we retain a minimal record (your email, account ID, closure date) for up to 7 years for fraud-prevention, tax, and audit purposes.
• Payment records — retained per Stripe's policies and tax requirements (typically 7 years).
• Operational logs — request logs are retained for up to 90 days, then deleted or anonymized.
• Email-delivery events — bounce / open / unsubscribe events are retained as long as the underlying subscriber record exists.
• Forgotten subscribers — when a subscriber uses the forget-me flow, we delete their record and add their hashed email to a tombstone list to prevent re-subscription. The tombstone is retained indefinitely; it contains no personal information beyond the hash.

6. Your rights & choices

Depending on your location, you may have some or all of the following rights:

• Access. Request a copy of the personal information we hold about you.
• Correction. Ask us to fix inaccurate information.
• Deletion. Ask us to delete your personal information. Subscribers can use the forget-me flow; account holders can close their account from the Billing page.
• Portability / export. Account holders can export the full archive (letters + photos + subscriber list + manifest) from the Billing page for free.
• Opt-out. Subscribers can unsubscribe from any broadcast email via the one-click link in the footer, by emailing unsubscribe@<the-missionary's-domain>, or via the forget-me flow.
• Withdraw consent. Where we rely on consent, you can withdraw it at any time. Withdrawal doesn't affect processing that already happened.
• Lodge a complaint. If you're in a jurisdiction with a data-protection authority, you can complain to them. We'd prefer you contact us first so we can fix it.

To exercise any of these rights, email privacy@missionbroadcast.com. We'll respond within 30 days; complex requests may take up to 60 days, in which case we'll tell you so up-front.

7. Security

We take reasonable technical and organizational measures to protect your information:

• All traffic to and from missionbroadcast.com is encrypted in transit via TLS.
• Data at rest in Firebase is encrypted using Google's infrastructure-default encryption.
• Authentication uses Google OAuth — we don't store passwords ourselves.
• Cloud Functions secrets (API keys for Stripe / Brevo / SendGrid) are stored in Google Secret Manager, not in source code.
• Operator access is limited to authorized personnel and audited.

No security system is perfect. If we become aware of a breach that affects your data, we'll notify you and any required authorities without undue delay, in accordance with applicable law.

8. Children's privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13 to operate accounts.

We're aware that subscribers to a missionary's mailing list may include readers under 13 (e.g., the missionary's younger siblings). When a parent or guardian subscribes a minor, we treat that subscription as authorized; the minor's email address is processed for the purpose of receiving letters. If you believe we have collected information from a child under 13 without proper authorization, contact privacy@missionbroadcast.com and we will delete it.

9. International users

Mission Broadcast is operated from the United States. Data is stored on Google Firebase infrastructure (primary region: us-central1).

If you access the Service from outside the United States — including from the European Economic Area, the United Kingdom, or Switzerland — you understand that your information will be transferred to and processed in the United States. We rely on the European Commission's standard contractual clauses (where applicable) and the relevant data-protection adequacy frameworks for any such transfers.

EU/UK/EEA residents have additional rights under GDPR (including the rights listed in Your rights & choices). To exercise them or to contact our data-protection point of contact, email privacy@missionbroadcast.com.

10. California residents

If you reside in California, additional disclosures and rights apply under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Those are gathered in a dedicated California Privacy Notice.

11. Changes to this policy

We may update this policy from time to time. When we do, we'll post the updated version at missionbroadcast.com/privacy and update the "Last updated" date above. For material changes, we'll email account holders at least 30 days before the new policy takes effect.

12. Contact

For all privacy-related questions, requests, and complaints:

privacy@missionbroadcast.com

Mailing address: DocGuy, LLC — [INSERT BUSINESS ADDRESS].