This Privacy Policy explains how Spearmint LLC ("Spearmint", "we", "us", or "our") collects, uses, shares, and protects personal information in connection with Chapel Desk (the "Service"). Spearmint LLC is a Minnesota limited liability company. If you have questions, contact us at [email protected].
Scope and Roles
This Policy applies to: (a) our public websites including chapeldesk.com, and (b) the Service used by our customers. For the public website and our own marketing, Spearmint is the "controller" of your personal information. For content our church customers upload or process in their Chapel Desk sites, Spearmint acts as a "processor" (or "service provider") and processes that information on their instructions as described in our customer agreements.
Information We Collect
- Account and profile information: name, email address, login credentials, organization/church details.
- Content you provide: church website content, forms, media, posts, messages, and configuration data you or your team submit.
- Transactional information: subscription status and billing-related metadata. Payment card data is handled by our payment processor (e.g., Stripe) and not stored by us.
- Communications: support inquiries, feedback, and correspondence.
- Usage and device data: pages viewed, feature usage, device/browser type, approximate location, and referrer. We use privacy-friendly analytics (Plausible) that do not use cookies or collect personal identifiers.
- Cookies and similar technologies: we aim to minimize tracking. Essential cookies may be used for authentication and session security.
How We Use Information
- Provide, operate, and improve the Service and our websites.
- Authenticate users, maintain security, prevent fraud and abuse.
- Provide support, respond to inquiries, and communicate important notices.
- Process payments and manage subscriptions via our payment processor.
- Analyze product usage to enhance features and reliability using privacy-friendly analytics.
- Comply with legal obligations and enforce agreements.
Legal Bases for Processing (EEA/UK Users)
Where GDPR or UK GDPR applies, we rely on these legal bases, as relevant:
- Contract performance: to deliver the Service you requested.
- Legitimate interests: to secure, improve, and market our Service in ways that do not override your rights.
- Legal obligation: to meet regulatory or tax requirements.
- Consent: for optional communications or features where required; you may withdraw consent at any time.
Sharing and Disclosures
We do not sell personal information. We share information only as needed with:
- Service providers/processors that help us operate the Service (for example: payment processing, analytics, hosting/CDN, and email delivery). Today, these include providers such as Stripe (payments), Plausible (privacy-friendly analytics), and Cloudflare (DNS/CDN). We may update providers as our Service evolves.
- Team administrators and authorized users within your organization, according to your settings.
- Legal and compliance purposes: to comply with law, respond to lawful requests, or protect rights, property, and safety.
- Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality and continued protection of your information.
International Transfers
We may process and store information in the United States and other countries. Where required, we use appropriate safeguards for cross-border transfers, such as standard contractual clauses.
Data Retention
We keep personal information only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods depend on the type of data and our contractual and legal requirements.
Security
We employ technical and organizational measures designed to protect personal information, including encryption in transit, access controls, monitoring, and regular backups. No method of transmission or storage is 100% secure; we continuously work to improve our safeguards.
Your Privacy Choices and Rights
You can make the following choices or requests:
- Access, correction, and deletion of your account information.
- Opt out of non-essential communications and certain analytics where applicable.
- For customer content we process on behalf of a church, contact the church directly; we will support them in responding to your request.
EEA/UK Residents
You may have rights under GDPR/UK GDPR, including to access, rectify, erase, restrict, or object to processing, and data portability. You also have the right to lodge a complaint with your data protection authority.
US State Laws (e.g., California, Colorado, Connecticut, Virginia, Minnesota)
Where these laws apply, you may have rights to know/access, correct, delete, and obtain a portable copy of your information, and to opt out of certain processing such as targeted advertising or sharing. We do not sell or share personal information as defined by the California Consumer Privacy Act (as amended by the CPRA). We do not use or disclose Sensitive Personal Information for purposes that require a right to limit under the CPRA. You may submit requests by emailing [email protected].
Cookies and Similar Technologies
We strive to minimize cookies. Essential cookies may be used for authentication and security. We use Plausible Analytics, which does not set cookies and does not collect personal identifiers. You can control cookies through your browser settings.
Children’s Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If we learn we have collected such information, we will take appropriate steps to delete it. Churches using Chapel Desk should ensure their own compliance with applicable youth privacy laws when publishing content.
Email Communications
If you receive marketing emails from us, you can unsubscribe at any time via the link in the email. We may still send you transactional or service-related emails (for example, important notices about your account or the Service).
Third-Party Links
Our websites and customer sites may link to third-party sites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.
Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and adjust the effective date. Material changes will be communicated as appropriate.
Contact Us
Spearmint LLC (Minnesota, USA)
Email: [email protected]
This Privacy Policy is intended to be comprehensive but does not constitute legal advice. Your use of the Service is also governed by our Terms of Service. If you represent a church or organization with a separate agreement, that agreement will control to the extent of any conflict regarding customer content.