Privacy Policy

Deshepad ("we", "our", "us") is operated by Logos Generation. We are committed to protecting the privacy and security of your personal data and the data of your church members.

This privacy policy explains what data we collect, how we use it, how we protect it, and what rights you have. It applies to all users of the Deshepad platform, including church administrators, leaders, and the member data they manage.

We collect only the information necessary to provide our church member management services:

• Account information — your name, email address, and encrypted password
• Church information — church name, subdomain, logo, branding colors, timezone
• Member data — names, contact details, attendance records, follow-up notes, welfare requests, and other data entered by church administrators
• Profile photos — uploaded voluntarily by administrators or members themselves via self-service links
• Usage data — login times, pages visited, and features used (for product improvement only)

Every church on Deshepad is a separate "tenant" with complete data isolation. This is the foundation of our security architecture.

We use PostgreSQL Row-Level Security (RLS) to enforce isolation at the database level. Every query is automatically filtered by tenant ID — this means even a bug in our application code cannot accidentally expose one church's data to another.

We use your data solely to provide, maintain, and improve the Deshepad platform. Specifically:

• To provide the core services — member management, attendance tracking, follow-up coordination, welfare tracking, and email communication
• To send emails you initiate — check-in messages, birthday wishes, mass emails, and notifications (via Zoho SMTP)
• To store files you upload — profile photos and Excel imports (via AWS S3)
• To improve the product — aggregated, anonymized usage patterns help us build better features

We use a small number of trusted third-party services to operate the platform. Each has been selected for their security standards:

• DigitalOcean — application hosting and managed Redis cache
• Neon — serverless PostgreSQL database with encryption at rest
• AWS S3 + CloudFront — file storage and content delivery
• Zoho Mail — SMTP email delivery for emails you initiate

We implement multiple layers of security to protect your data:

• Encryption in transit — all connections use TLS (HTTPS)
• Encryption at rest — database and file storage are encrypted
• Password hashing — all passwords are hashed using bcrypt with salt rounds
• JWT authentication — short-lived access tokens (15 min) with secure refresh token rotation
• Role-based access control — granular permissions ensure users only see what they should
• Row-Level Security — database-level tenant isolation prevents cross-church data access

You have full control over your data. As a church owner or administrator, you can:

• Access — view all member data through the dashboard at any time
• Export — download your entire member list, attendance records, follow-up data, and welfare records as Excel files
• Correct — edit any member information through the platform
• Delete — remove individual members or request complete account deletion
• Portability — export all your data in standard formats (XLSX) for use in other systems

We use minimal browser storage to keep you logged in and remember your preferences:

• Authentication tokens — stored in localStorage to maintain your session
• User preferences — theme and display settings

We may update this privacy policy from time to time. When we do, we'll update the "Last updated" date at the top of this page and notify account owners via email for significant changes.

We encourage you to review this policy periodically. Continued use of the platform after changes constitutes acceptance of the updated policy.