Aria is in closed beta. We're onboarding churches one at a time to ensure a great experience. Request Access
Aria BETA
Sign In

Privacy Policy

Your church data is sacred. This policy explains what we collect, how we use it, and how we protect it.

Last updated: February 25, 2026

Aria ("we," "us," or "our") is operated by Ryan Pate. This Privacy Policy describes how we collect, use, and share information when you use our worship team management platform at aria.church, including our web application and native mobile apps (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. Organization owners also provide a church/organization name.

Organization Data

Data you and your team enter into Aria, including volunteer profiles, interaction logs, follow-up items, prayer requests, announcements, messages, tasks, and uploaded documents.

AI Conversations

Messages you send to and receive from Aria, our AI assistant. These are stored to provide conversation history and improve your experience within your organization.

Planning Center Data

If you connect Planning Center Online, we access your PCO data (people, schedules, songs, blockouts) using your organization's API credentials. We cache this data temporarily to improve performance.

Usage & Device Information

We collect standard log data including IP addresses, browser type, device type, and pages visited. For push notifications, we store device tokens. We do not use third-party analytics trackers or advertising cookies.

2. How We Use Your Information

  • Provide the Service — power the AI assistant, display volunteer data, manage follow-ups, and deliver notifications
  • AI Processing — send your queries and relevant context to AI providers to generate responses within your organization's scope
  • Push Notifications — deliver real-time alerts for messages, task assignments, announcements, and care reminders
  • Analytics — generate team engagement and care metrics visible only to your organization
  • Security — detect and prevent unauthorized access, abuse, or fraud
  • Support — respond to your questions and troubleshoot issues
  • Improvements — improve the Service based on aggregate, anonymized usage patterns

3. AI & Data Processing

Aria uses third-party AI services to power the chat assistant:

  • Anthropic (Claude) — processes chat messages to generate responses and analyze uploaded images
  • OpenAI — generates text embeddings for semantic search across your documents and interactions

Your data is never used to train AI models.

All AI conversations are scoped to your organization. Data sent to AI providers is processed under their enterprise data processing agreements and is not used for model training. Conversations are never shared between organizations.

4. Data Sharing

We do not sell your data. We share information only with the following service providers who are necessary to operate the Service:

  • Anthropic & OpenAI — AI processing as described above
  • Stripe — payment processing (we never store your credit card number)
  • Railway — cloud infrastructure and database hosting
  • Firebase (Google) — push notification delivery for mobile apps
  • Sentry — error monitoring (no personally identifiable information is sent)

We may also disclose information if required by law or to protect the rights, safety, or property of our users.

5. Data Security

We take the security of your data seriously. Our measures include:

  • All data encrypted in transit via HTTPS/TLS with HSTS enforcement
  • Passwords hashed using PBKDF2 with SHA256
  • Multi-tenant data isolation — each organization's data is completely separated
  • Optional two-factor authentication (TOTP) with backup codes
  • Login rate limiting and automatic lockout after failed attempts
  • Audit logging of all administrative actions
  • Content Security Policy and other protective HTTP headers

For full details, see our Security page.

6. Data Retention

We retain your data for as long as your account or organization is active. Specifically:

  • Account data — retained while your account exists
  • Organization data — retained while the organization is active
  • AI conversations — retained for conversation history; you can start new sessions at any time
  • Audit logs — retained for 2 years for security purposes

When you delete your account or organization, we will delete your data within 30 days, except where retention is required by law or for legitimate security purposes.

7. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correct — update or correct inaccurate information
  • Delete — request deletion of your account and associated data
  • Export — request an export of your data in a portable format
  • Opt out — disable push notifications or manage notification preferences at any time

To exercise any of these rights, contact us at support@aria.church.

8. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@aria.church and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, for significant changes, by sending a notification through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us.

support@aria.church