Privacy Policy

Last updated: May 14, 2026 · Effective: May 14, 2026

Plain-language summary: Ministering is a private, single-ward tool used by one Latter-day Saint bishopric leader. It stores ward-member administrative data in a private database. It connects to that leader's own Google Calendar and Gmail draft folder, with their explicit consent, so it can create calendar events and prepare email drafts for human review. It never sells data, never advertises, never auto-sends a message, and is not affiliated with The Church of Jesus Christ of Latter-day Saints.

1. Who runs this app

Ministering is operated as a private project by an individual ward administrator. It is not multi-tenant SaaS. The app is used by one ward bishopric to reduce the manual paperwork of their callings. Questions about this policy can be sent to contact@ministering.to.

2. What data Ministering handles

2.1 Ward administrative records

The app stores information that a bishopric ordinarily needs to do their work:

This information is stored in a private database on infrastructure controlled by the operator. It is not exported, sold, shared with advertisers, or made publicly browsable.

2.2 Google account data

Ministering uses Google OAuth in two stages so that no scope is requested until it is actually used. The leader sees a separate consent screen each time a new scope is added, and may revoke any of them at any time.

Stage 1 — Sign-in (identity only). When the leader chooses "Continue with Google" on the sign-in page, the app requests the three OpenID Connect identity scopes:

Sign-in does not request, store, or keep a Google "refresh token." It only confirms identity and ends.

Stage 2 — Feature consent (only when a feature needs it). If a leader later activates a feature that requires deeper Google access, the app shows a second Google consent screen for that specific scope. The leader may decline; the rest of the app continues to work without that feature. The two feature scopes the app may request are:

When a Stage 2 scope is granted, the corresponding OAuth refresh token is encrypted at rest (Fernet / AES-128-CBC with HMAC-SHA256) before being stored privately on the operator's server, and can be revoked at any time from the leader's Google Account → Connections page.

2.3 What the app does NOT collect

3. How data is used

The data above is used only for the following operational purposes:

4. How data is shared

Ministering does not sell or rent data. The app talks to a small number of services solely to perform the functions above:

5. Limited Use of Google data

Ministering's use of data obtained through Google OAuth scopes complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

6. Retention and deletion

Records stay only as long as needed for the bishopric to do their work. A leader can ask the operator to delete their Google connection, their reminder configuration, or all ward data the app holds, by emailing contact@ministering.to. Google scopes can also be revoked unilaterally by the leader at myaccount.google.com/permissions; the app will simply stop performing the Google-side functions if revoked.

7. Security

The app's server runs over HTTPS. The OAuth refresh token and ward database live on the operator's hosting account. Administrative pages of the app are protected by HTTP Basic authentication so casual visitors cannot browse them. No system is perfect — if you believe a security issue exists, please email contact@ministering.to.

8. Children

Ministering is not directed at children, and ward youth do not log in to it. When information about youth members appears in the app (for example, in a youth-activity reminder), that information is visible only to the adult bishopric leader using the tool and is handled under the same rules above.

9. Changes to this policy

If this policy changes meaningfully, the date at the top will be updated and the leader using the app will be notified by email. Continued use of the app after the effective date constitutes acceptance of the updated policy.

10. Contact

Questions, deletion requests, or security reports: contact@ministering.to.