Effective Date: April 9, 2026 · Last Updated: April 9, 2026
ShepherdBooks (“we,” “us,” or “our”) is a pastoral tax management platform that helps pastors and clergy track financial transactions, manage receipts, and prepare year-end tax reports. This Privacy Policy describes how we collect, use, store, and protect your personal and financial information when you use our website and services at shepherdbooks.app.
Account Information: When you create an account, we collect your name, email address, church name, and denomination. If you sign in with Google, we receive your name and email from Google.
Financial Data via Plaid: When you connect a bank account through Plaid, we receive transaction data (dates, amounts, merchant names, categories), account information (institution name, account type, last four digits), and account balances. We do not receive your bank login credentials. Plaid handles authentication directly.
User-Provided Data: You may provide receipts (uploaded images), transaction notes, business entity details, housing allowance designations, and tax category assignments.
Automatically Collected Data: We collect basic usage data through our hosting provider (Vercel), including IP address, browser type, and pages visited. We do not use third-party analytics or advertising trackers.
We use your information solely to provide the ShepherdBooks service:
We do not sell, rent, or share your personal or financial data with third parties for marketing or advertising purposes.
We use Plaid Inc. to connect your bank accounts. When you use Plaid Link, you are interacting directly with Plaid’s service. Your bank credentials are provided to Plaid, not to ShepherdBooks. We receive only the transaction and account data described above. Plaid’s use of your data is governed by the Plaid End User Privacy Policy.
Hosting: Our application is hosted on Vercel. Our database is hosted on Supabase (PostgreSQL).
Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (TLS 1.3 is enforced by default).
Encryption at Rest: All data stored in our database is encrypted at rest using AES-256 encryption provided by Supabase.
Authentication: We support email/password login, Google OAuth, and email-based multi-factor authentication (MFA) to protect your account.
Access Controls: All API endpoints enforce authentication. Users can only access their own data. No ShepherdBooks personnel other than the sole operator have access to production systems, and all administrative access requires MFA.
We retain your data for as long as you maintain an active ShepherdBooks account. You may request deletion of your account and all associated data at any time through the Settings page of the application.
Upon account deletion:
We may retain anonymized, aggregated data that cannot identify you for service improvement purposes.
Before connecting a bank account through Plaid, we request your explicit consent for the collection, processing, and storage of your financial data. You may withdraw consent and disconnect your bank accounts at any time.
You have the right to:
ShepherdBooks is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes. The “Last Updated” date at the top of this page indicates when the policy was last revised.
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: charlestark@gmail.com