Data Privacy: How Flock Protects Your Information

Your Data Belongs to Your Church, Not Us

Flock handles some of the most sensitive information in your church — prayer requests about struggling marriages, health crises, financial hardships, and personal burdens that people share because they trust their community. We take that responsibility seriously.

Here is how we protect your information and what rights you have over your data.

Multi-Tenant Data Isolation

One of the most important security features in Flock is multi-tenant data isolation. In plain terms, this means each church's data is completely separate from every other church's data.

How it works:

Every piece of data in Flock — prayers, attendance records, member profiles, chat messages — is tagged with your organization's unique identifier. Our database uses a technology called Row-Level Security (RLS) that enforces isolation at the database level itself. This is not just a software rule that could be accidentally bypassed — it is enforced by the database engine.

What this means for you:

Church A cannot see Church B's data. Period.
A bug in one organization's experience cannot expose another organization's information.
Even Flock's own engineers cannot accidentally mix data between churches when working on the system.

Think of it like separate filing cabinets with their own locks, rather than one shared cabinet with dividers. Each church has its own locked cabinet.

Encryption

Data in Transit

All data sent between your phone and Flock's servers is encrypted using HTTPS (TLS). This means that if someone intercepted the network traffic, they would see scrambled data, not your prayers or messages.

This is the same encryption technology used by banks, hospitals, and government systems. It is industry standard for protecting sensitive information.

Authentication

Flock uses Firebase Authentication — the same authentication system used by millions of apps worldwide — to handle sign-in securely. Your password (if you use email/password sign-in) is never stored in plain text. It is hashed and salted using industry best practices.

If you use Google sign-in, authentication is handled entirely by Google's infrastructure, and Flock never sees or stores your Google password.

Privacy Controls for Members

Prayer Privacy Levels

Every prayer request includes a privacy choice:

Public — Visible to all group members
Private — Visible only to group leaders

Private prayers are filtered at the database level. Regular group members cannot see private prayers in their feed, cannot search for them, and do not receive notifications about them. This is enforced by the technology, not just by the app's interface.

For more on prayer privacy, see How to Keep Prayer Requests Private.

Profile Visibility

Each member controls what personal information other group members can see. You can choose to show or hide your phone number, email address, and other profile details. This means you decide what your group knows about you.

Group leaders can always see contact information for members in their group — this is necessary for their pastoral care responsibilities.

Notification Preferences

You control what notifications you receive. If you do not want alerts for certain types of activity, you can turn them off in your settings.

What Data Flock Collects

Flock collects only the information needed to provide the service:

Information you provide:

Name and email address (for your account)
Profile photo (optional)
Phone number and birthday (optional)
Prayer requests (the text you write)
Chat messages (what you type)
Attendance records (which events you attended)

Information generated by the service:

Attendance trends and statistics
Prayer sentiment analysis (AI-generated scores used by pastoral staff)
Group health scores
At-risk member flags

Information we do NOT collect:

Financial data (we do not handle donations or giving)
Location tracking (we do not track where you are)
Social media data (we do not connect to your social accounts)
Data from other apps on your phone

We Do Not Sell Your Data

This is simple and absolute: Flock does not sell your data to anyone, for any reason, ever. Your prayers, attendance records, chat messages, and personal information are not used for advertising, marketing to third parties, or any purpose other than providing the Flock service to your church.

Your data exists for one reason: to help your church care for its people.

Data Deletion

Deleting Your Account

If you want to remove your account and all associated data from Flock, you can request account deletion. This removes:

Your profile and personal information
Your prayer requests
Your chat messages
Your attendance history
Your membership in all groups

Account deletion is permanent. Once your data is removed, it cannot be recovered.

Deleting Organization Data

If a church decides to leave Flock entirely, the organization admin can request full deletion of all organizational data. This removes every member account, prayer, event, attendance record, and piece of content associated with that church.

How to Request Deletion

Contact Flock support with your deletion request. We will verify your identity and process the request. Organization-wide deletion requests must come from the organization admin.

Data Ownership

Your church's data belongs to your church. Flock provides the platform, but we do not claim ownership of the content your members create. Your prayers, messages, attendance records, and organizational data are yours.

If you ever decide to leave Flock, your data can be exported or deleted — it does not stay locked in our system against your will.

Compliance and Best Practices

While Flock is not formally certified under specific compliance frameworks (like SOC 2 or HIPAA), we follow the security best practices that those frameworks recommend:

Encryption in transit (HTTPS/TLS)
Secure authentication (Firebase Auth)
Database-level access control (Row-Level Security)
Multi-tenant isolation (no data mixing between organizations)
Principle of least privilege (each role sees only what it needs)
Regular security reviews of our codebase and infrastructure

For data deletion requests that align with GDPR principles (right to erasure), we honor those requests regardless of where the requesting person lives. Everyone deserves control over their personal data.

Questions About Privacy

If you have questions about how your data is handled, what information Flock stores, or how to exercise your privacy rights, contact our support team. We are happy to explain anything in more detail.

Privacy is not a feature we tacked on — it is built into the foundation of how Flock works. We believe that trust between a church and its members is sacred, and the technology that supports that community should honor that trust completely.