Privacy policy
Effective: July 14, 2026
WayHouse, Inc. (“WayHouse,” “we,” “us”) builds a church-management workspace at wayhouseonline.com. This policy explains what we collect, why, and how it’s handled. It’s written in plain language on purpose — if something here is unclear, tell us and we’ll fix the wording.
Who controls what
A church using WayHouse is the data controller for its own congregation’s information — members, prayer requests, attendance, giving records, and communications. WayHouse acts as a data processor: we store and process that information on the church’s behalf and under its instructions. If you’re a member of a church wondering what’s held about you, your church is the right first stop — see “If you’re a congregation member” below.
What we collect
Account data — when a church admin or staff member signs up, we collect name, email, and authentication information needed to run the account.
Congregation data — whatever a church chooses to enter or upload: member profiles (names, emails, phone numbers, birthdays, household groupings), prayer requests, attendance, sermon content, broadcast history, and — once giving is available — donation records. This data belongs to the church; we don’t use it for our own marketing or resell it.
Usage and log data — standard operational data generated by using the service (IP address, device/browser information, timestamps, error logs), used for security, debugging, and keeping the product reliable.
Cookies — we use cookies required to keep you signed in and to maintain your session (via Supabase Auth). We do not run third-party advertising trackers or analytics scripts on WayHouse today.
How we use it
To operate your workspace, send the transactional and broadcast emails a church authorizes, protect against abuse and spam, and maintain and improve the product. We do not sell personal data, and we do not use congregation data to train AI models.
Sub-processors
We rely on a small set of infrastructure providers to run the service. Each receives only what it needs to do its job:
- Supabase — database, authentication, and file storage. Congregation data is hosted in Supabase-managed Postgres, isolated per tenant with row-level security.
- Vercel — application hosting and delivery.
- Resend — sends transactional email (account, password reset) and email broadcasts a church chooses to send.
- Stripe — bills paid subscription plans; will also process giving, as the church’s payment processor, once that feature is live.
- Cloudflare (Turnstile) — bot protection on public forms, such as our contact form.
Where data is hosted
Congregation and account data is hosted with Supabase, on managed Postgres infrastructure. We don’t publish a specific hosting region here; if your church has a data-residency requirement, contact us and we’ll tell you what we can confirm.
Retention and deletion
Congregation data is retained for as long as a church keeps it in its workspace. When a church deletes a record, or closes its account, we delete the underlying data (subject to what our sub-processors need to briefly retain for backups and operational continuity). Churches can export their data — members, gifts, and history — at any time from their workspace, or by asking us.
If you’re a congregation member
If you attend a church that uses WayHouse and want to know what information is held about you, correct it, or have it removed, please contact your church directly first — they control their own records and can act on your request immediately. We assist churches with these requests whenever they reach out to us.
Security
Data is encrypted in transit. Every church’s data is isolated from every other church’s at the database level, using Postgres row-level security — one tenant cannot read another tenant’s records. Internal access follows the principle of least privilege. We don’t claim a specific compliance certification (such as SOC 2 or HIPAA) at this time.
Children’s information
WayHouse is a tool for church administration, not a service directed at children. Because congregation records can include minors — for example, a child’s name in a household grouping — churches may store this information as part of managing their own members. We don’t market to children and don’t knowingly collect information directly from them.
Changes to this policy
We may update this policy as the product changes. We’ll update the effective date above when we do, and we’ll flag material changes to churches on the platform or by email.
Questions about this policy? hello@wayhouseonline.com.