How we handle your data.

This site is run by Shalom Seventh-day Adventist Church / The Church of Peace. We're a small congregation in the Bronx. We collect the minimum data we need to keep the site working and to know what's helping the community. No tracking pixels. No analytics vendors. No data sold or shared.

What we collect

• Email address — only if you sign in (admins, clerks). We use it to send you a magic-link login. It's stored in our database and never shared.
• Hashed IP address — for traffic analytics. We hash your IP with a one-way SHA-256 function and our app key, so the original IP is never stored. We see "this hashed visitor came back twice" but never "12.34.56.78 visited."
• Session cookie — a standard encrypted cookie that keeps you signed in if you're an admin. Expires after 30 days of inactivity.
• Page view path + timestamp — which pages get visited, when. Anonymized via the hashed IP above.
• Browser + device info — your User-Agent string (e.g. "iPhone, Safari"). We bucket it as device-class only ("mobile" / "desktop"). We don't fingerprint.
• Country — derived from Cloudflare's `CF-IPCountry` header when available. We see "visitor from US" but not city/region.
• Form submissions — if you submit a feedback ticket or contact form, we keep what you wrote and your name/email if you provided them.

What we don't collect

• No Google Analytics. No Meta pixel. No third-party trackers of any kind.
• No precise location.
• No payment info — donations go through Adventist Giving on their own platform.
• No video/audio recording. No microphone or camera access.

How long we keep it

• Page-view telemetry — 90 days, then auto-deleted by a daily cron job.
• Audit log — 40 days for admin sign-in / publish / edit events.
• Feedback tickets — kept until closed, then 14 days.
• Database backups — last 14 nightly dumps, plus one off-site snapshot.
• Email accounts — kept while you're an admin / clerk; deleted on request.

Cookies we set

• church-of-peace-session — your encrypted login session (admins only). HttpOnly, Secure, SameSite=Lax.
• XSRF-TOKEN — security token for form submissions. Standard Laravel.
• cop_telemetry_session — random token (not tied to identity) to count "this is a returning visitor." Resets after 30 days.

These are functional cookies needed for the site to work and stay secure. We don't set marketing or analytics cookies.

Your rights

You can ask us to:

• Tell you what data we have on you (we'll send a copy).
• Delete it (we'll wipe your account, page-view records, and form submissions).
• Correct anything that's wrong.

Email contact@thechurchofpeace.org for any of those. We aim to respond within 7 days.

Children

The site isn't directed at children under 13. If a child signs up by mistake, email us and we'll delete the record.

Changes

If we change this policy, we'll update the date at the top. For material changes (new data we collect, new third-party recipient), we'll post a banner on the home page for 30 days.

Contact

Shalom Seventh-day Adventist Church
3323 White Plains Rd, Bronx, NY 10467
contact@thechurchofpeace.org