Privacy Policy

Our customers retain all the rights to the data they store in Planning Center. In legal terms, we are considered a “Service Provider” as defined by the California Consumer Privacy Act (CCPA), or a “Processor” as defined by the General Data Protection Regulation (GDPR).

In short, the data stored in our databases by users of Planning Center is entrusted to us for safekeeping, but it is not our data.

We are legally and contractually obligated to hold certain standards to the data we process. Some of these obligations include:

• to never retain, disclose, or use your church’s data for any purpose other than for providing Planning Center,
• to provide appropriate levels of technical and organizational measures to ensure the security of the data we process,
• and to assist our customers in fulfilling their legal obligations in regard to the data that we process on their behalf.

These bullets are the highlights, not the complete list. More information can be found by reading our Terms of Service, and Privacy Policy.

Our users, such as your church, use Planning Center for processing many different types of data. The specifics of what your church stores in Planning Center will depend on how they have chosen to use Planning Center. However, it will likely include personal information about you, such as your name, contact information, attendance or donation history, medical notes (such as allergies), your social media profiles, or sensitive information such as notes about a counseling session.

We do not have the right to disclose what your church stores in Planning Center. If you have questions about the specifics about what your church stores about you, those questions will need to be directed to the church.

You may have legal rights in regard to how your church uses your personal information. These rights will vary depending on where you live, but generally, you have the right to:

• access, correct, or request deletion of your personal data,
• object to the processing of your personal data,
• file a complaint with an applicable data protection authority, where the processing of personal data is based on your consent,
• you have a right to withdraw consent at any time for future processing

To exercise these rights, contact your church. Planning Center will take all steps necessary to assist your church in satisfying your requests.

We utilize several subprocessors for providing Planning Center. These companies are authorized to use your personal information only for the sole purpose of providing services to us, and are under the same legal and contractual obligations in regards to the security and privacy of our customer’s data as we are to our customers.

An up-to-date list of our subprocessors is available hereView our list of subprocessors.

Your church may choose to make use of our APIs to share your information with other third parties. Please direct questions about your church’s use of other processors to your church.

Planning Center provides APIs and a Model Context Protocol ("MCP") server that allows our customers (such as your church) to connect to third-party applications or software with the Services through the Planning Center platform ("Third-Party Services"). This Privacy Policy does not apply to these Third-Party Services, or any other third-party products, services, or businesses who will provide their own services under their own terms of service and privacy policy. When a customer enables such a connection, the customer authenticates to Planning Center directly. However, Third-Party Services are not owned or controlled by Planning Center and third parties that have been granted access to the Services may have their own policies and practices for collection, use and sharing. Please check the permissions, privacy settings, and notices for these Third-Party Services or contact the provider for any questions.

For example, a church can connect to a Large Language Model ("LLM") so the church user can search through information within the Planning Center platform. However, Third-Party Services may only access or act on data within the scope of that customer's existing Planning Center permissions.

Planning Center does not receive personal information from these Third-Party Services and does not transmit Planning Center data to any Third-Party Services except in response to the customer's own authenticated request. Planning Center acts solely as a processor in responding to authenticated requests and does not control how data is processed by the Third-Party Services once it leaves the Planning Center platform.

We go to great lengths to ensure the security of your data. Not only is this our legal obligation, but we believe it’s our moral obligation as well. Information about our security measures is available hereView information about our security measures.