Your privacy matters

This policy explains how Shama collects, uses, and protects your information.

Last updated: March 6, 2026

Information We Collect

We collect information you provide when creating an account (name, email address, church name, billing details) and information generated through use of the platform (sermon notes, member records, calendar events, and AI conversation history). We also collect standard usage data such as browser type, IP address, pages visited, and feature interactions to help us improve the service.

How We Use Your Information

We use your information to operate and improve the Shama platform, process payments, send service notifications and product updates, respond to support requests, and protect against fraud or abuse. We use anonymized, aggregated usage data to improve features and user experience. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Third-Party Services

Shama uses trusted third-party providers to deliver the service: Clerk for authentication, Stripe for payment processing, Google for calendar integration (when authorized by you), and cloud infrastructure providers for hosting. Each provider is subject to its own privacy policy and data processing agreement. We share only the minimum data necessary for each service to function.

Cookies & Tracking

We use cookies and similar technologies to maintain your session, remember preferences, and analyze usage patterns. Authentication cookies are essential for the service to function. You may configure your browser to decline non-essential cookies, though this may affect certain features. We do not use cookies for cross-site advertising or behavioral tracking.

Data Storage & Security

Your data is stored on servers located in the United States. We use encryption in transit (TLS) and at rest for sensitive data, access controls limiting who can view your information, and ongoing security monitoring. While we implement industry-standard safeguards, no system is completely immune to breach. In the event of a security incident affecting your data, we will notify you as required by applicable law.

Data Retention

We retain account and ministry data for as long as your subscription is active. After account cancellation, we retain data for up to 90 days to allow for reactivation or export, after which it is deleted from our systems. Billing records are retained for the period required by applicable tax and financial regulations (typically 7 years). Anonymized usage analytics may be retained indefinitely.

Your Rights

Depending on your location, you may have the right to access, correct, or delete your personal data; withdraw consent for optional data processing; receive a copy of your data in a portable format; or object to certain types of processing. California residents (CCPA) may request disclosure of data collected and opt out of sale (we do not sell data). To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Children's Privacy

Shama is intended for adult church administrators and ministry staff. We do not knowingly collect personal information from individuals under 13 years of age. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

Changes to This Policy

We may update this privacy policy from time to time. We will notify active subscribers of material changes by email at least 14 days before they take effect. Continued use of the service after that period constitutes acceptance of the updated policy. The current version will always be available at aishama.com/privacy.

Contact Us

For privacy questions, data requests, or concerns, contact us at [email protected]. For urgent security issues, please use the contact form at aishama.com/contact.