Privacy
Pastors told us they use PulpitSpark in private. This is what we do — and don't do — with that. Effective April 17, 2026A pastor's sermon prep is personal. You're wrestling with a passage, not performing. The last thing you want is for that process — or the fact that you used help to think it through — to end up somewhere it shouldn't.
So before we talk about data: we built this assuming you'd rather nobody knew you used it. That shaped the whole design. No public profiles. No "sermons by [your name]" leaderboard. No analytics SDK watching your mouse. We collect the minimum we need to run the service — and nothing more.
What you write here stays between you and the text.
What we collect
- Your email address — so you can log back in. That's it. No church name, no title, no demographic questions.
- A salted hash of your password — so we can verify your login without ever storing or being able to read the password itself.
- Your subscription status — active, canceled, paid through. This comes from Stripe when you subscribe.
- The threads you generate — stored in your account so you can pull them up later. Visible only to you when logged in. Not indexed, not shared.
What we don't collect
- We don't store or associate IP addresses with your account activity. Web infrastructure sees them transiently (that's how the internet works), but nothing ties them to who you are or what you generated.
- No user-agent fingerprinting, no browser tracking, no third-party analytics (Google Analytics, Mixpanel, anything).
- No page-view tracking of what you click inside the workspace.
- No demographic or church-specific data. We don't know your denomination, your congregation size, or your city. We never ask.
Who sees your data
Three parties touch parts of it, all operationally necessary:
- Stripe handles your payment. They see your email and billing details. We never see your card number.
- The AI provider we use to generate threads sees only the text needed to generate the result — your chosen passage, topic, and voice — not your account identity. They don't receive your name, your email, or a flag that says "this user is a pastor." Our contract with them also prohibits training on your prompts.
- Our server logs exist for debugging (error traces, slow requests, security audits) and are not used to profile or analyze individual behavior. They rotate out after 30 days.
What we will never do: sell your email, publish your threads, share your subscription status with anyone, or tell a third party that you use this service. If we ever need to change that, we'll ask first — we won't change the rules on you in a policy update.
Cookies
We set one cookie: a session cookie that keeps you logged in. It's HttpOnly, Secure, SameSite-strict, and expires when you sign out. No tracking cookies, no ad cookies, no third-party cookies.
How long we keep things
As long as your account exists. If you cancel and close the account, your threads and email are deleted within 30 days. Stripe keeps payment records per their own retention policy (typically 7 years for tax compliance) — we can't override that.
Your rights
Email [email protected] and ask for:
- A copy of everything we have on you
- Your account fully deleted
- Specific threads removed
- Corrections to your email
We'll do it within 7 days. We won't ask why.
Changes to this policy
If we need to change anything substantive — new data collected, new third party involved, change to retention — we'll email existing subscribers before it takes effect. You'll have time to cancel if you disagree with the change.
Contact
Questions, concerns, or something this page doesn't answer: [email protected].