Privacy Policy

Last Updated: [September, 2025] | Effective Date: [October, 2025]

SomaMe ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including the Asori church management application.

SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?

1.1 Account Creator Information

When you sign up for Asori online, as part of the signup process, payment processing, and member data collection, we collect personal information including:

• Personal Data: Name, email address, phone number
• Occupational Data: Role/position in your organization, job title
• Organizational Data: Church/ministry name, address, tax ID (if applicable)
• Residential Data: Mailing address for billing and correspondence
• Payment Information: Bank account details, billing address (processed securely by third-party payment processors)

This information allows us to:

• Provide a better user experience
• Process payments and manage subscriptions
• Protect your account from unauthorized access
• Learn about your browser and operating system to optimize performance

1.2 IP Address and Device Information

When you browse our platform, we automatically receive your computer's internet protocol (IP) address to help us protect your account from unauthorized IP addresses and provide location-based services.

1.3 Email Marketing

With your permission, we may send you (the creator of the account on Asori, NOT your members) emails about:

• New features and product updates
• Service announcements
• Tips for better using Asori
• Security alerts

You can opt out of marketing emails at any time while still receiving essential service notifications.

SECTION 2 – CONSENT (YOUR INFORMATION)

2.1 How do you get my consent?

When you provide us with personal information to complete a transaction, verify your payment method, or set up your account, we imply that you consent to our collecting it and using it for that specific reason only.

2.2 Secondary Uses

If we need to use your personal information for a secondary reason (like marketing), we will either:

• Ask you directly for your expressed consent, or
• Provide you with an opportunity to decline

2.3 Default Content Sharing

The Asori app includes default features that share content on general feeds. This content is not sent directly to members but is made available where members can access it voluntarily.

SECTION 3 – CONSENT – YOUR CHURCH MEMBER'S DATA

3.1 Types of Member Data Collected

When you capture data of your members into Asori, you may collect:

• Personal Data: Name, date of birth, gender, marital status, profile photo
• Contact Information: Phone number, email address, physical address
• Occupational Data: Employer, job title, profession
• Church Data: Membership status, attendance records, ministry involvement, spiritual gifts, baptism date, membership date
• Residential Data: Home address, emergency contact information
• Family Data: Spouse, children, next of kin
• Financial Data: Donation history, pledge commitments (payment card details are NOT stored)

3.2 Our Role with Member Data

We act solely as a data processor. By storing this information, you consent to our:

• Storing and protecting it on your behalf
• Providing you access to analyze and manage it
• Backing up the data for recovery purposes
• Processing it only as instructed by you

3.3 Member Consent via Mobile App

When an app user joins or follows a church on the Asori mobile app, the following specific user data is shared with that church:

• Phone number
• Email address
• First name and last name
• Profile picture
• Gender

This data sharing is explicitly consented to by the user when they choose to follow your church. This enables your church to serve the user with information and updates.

3.4 Member Data Removal

When an app user decides to unfollow a church on the mobile app, their data is automatically removed from that church's database.

3.5 Your Responsibilities

As the church administrator, you are responsible for:

• Obtaining proper consent from members before collecting their data
• Informing members about what data you collect and how you use it
• Complying with local data protection laws (GDPR, CCPA, etc.)
• Providing members access to view, correct, or delete their data
• Using member data only for legitimate church purposes

SECTION 4 – HOW DO I WITHDRAW CONSENT?

4.1 Your Account

If you change your mind about us storing your information, you may withdraw consent at any time by:

• Contacting us at privacy@somame.com
<
• Deleting your account instantly from the system settings

Deletion of your account will be considered as withdrawal of your consent.

4.2 Member Data

Church members can withdraw consent by:

• Contacting their church administrator directly
• Unfollowing the church in the mobile app (which removes their data)
• Contacting us at privacy@somame.com if they cannot reach their church

SECTION 5 – DATA DISCLOSURE

5.1 Church Member Data

Since we do not own your church data, we cannot and will not disclose your church member information to anyone, including law enforcement, without your explicit authorization. You bear full responsibility for disclosing your church data if requested by law.

5.2 Account Creator Data

We will disclose your identity (the creator of the Asori account) only if:

• Required by law or legal process
• Necessary to protect our rights or property
• Necessary to protect the safety of users or the public
• You provide explicit authorization

5.3 Service Providers

We may share data with trusted third-party service providers who assist us with:

• Hosting and infrastructure (Firebase/Google Cloud)
• Payment processing
• Email delivery
• Analytics and monitoring

These providers are bound by strict confidentiality agreements and can only use your data to provide their services.

SECTION 6 – HOSTING & INFRASTRUCTURE

Our software is hosted on Firebase (Google Cloud Platform). They provide us with a secure online infrastructure platform that allows us to store and give you access to your data in real-time over the internet.

Your data is stored through Asori's databases with the following security measures:

• Secure servers behind firewalls
• Encryption in transit using TLS/SSL
• Encryption at rest
• Regular security audits
• Automated backup systems
• Access controls and monitoring

SECTION 7 – PAYMENT PROCESSING

If you choose a direct payment gateway for subscriptions or donations:

• Asori does NOT store complete credit card data
• Payment information is encrypted through secure payment gateways
• We store only: donation amounts, payment dates, and transaction references
• This information is linked to member records for reporting purposes only

All payment gateways we integrate with adhere to PCI-DSS standards as managed by the PCI Security Standards Council (Visa, MasterCard, American Express, Discover).

SECTION 8 – THIRD-PARTY SERVICES

Our third-party service providers (payment processors, email services, etc.) have their own privacy policies. We recommend reviewing them to understand how they handle your information.

When you use third-party services through Asori:

• You may be subject to their terms and privacy policies
• Your information may be subject to laws in their jurisdiction
• We are not responsible for their privacy practices

Once you leave Asori's platform or are redirected to a third-party website, you are no longer governed by this Privacy Policy.

SECTION 9 – DATA SECURITY

To protect your personal information and church member data, we implement:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Secure socket layer technology (SSL)
• Regular security audits and vulnerability assessments
• Access controls with role-based permissions
• Two-factor authentication options
• Automated security monitoring
• Secure data backup and recovery procedures
• Employee training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

SECTION 10 – COOKIES

Asori currently uses minimal cookies only for:

• Session management (keeping you logged in)
• Security purposes
• Remembering user preferences

We do not use cookies for tracking or advertising purposes.

SECTION 11 – YOUR RIGHTS AND CHOICES

Under data protection laws (GDPR, CCPA, etc.), you have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your account and data ("right to be forgotten")
• Portability: Receive your data in CSV, JSON, or other machine-readable formats
• Opt-Out: Unsubscribe from marketing communications
• Restriction: Limit how we process your data
• Object: Object to certain types of processing

To exercise these rights, contact us at privacy@somame.com

SECTION 12 – CHILDREN'S PRIVACY & AGE OF CONSENT

By using Asori, you represent that you are at least 18 years of age. Our services are not directed to individuals under 13 years of age.

If your church collects data from minors (under 16 years old in EU, under 13 in US):

• You must obtain explicit parental/guardian consent
• You must comply with COPPA (US) and GDPR Article 8 (EU) requirements
• You are responsible for verifying parental consent

If we become aware that a child has provided personal information without proper consent, we will delete it promptly.

SECTION 13 – INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield Framework (where applicable)
• Adequate data protection certifications

SECTION 14 – DATA RETENTION

We retain personal information for as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

Upon account deletion:

• We will remove or anonymize your data within 90 days
• Some data may be retained longer as required by law (e.g., tax records for 7 years)
• Backup copies may persist for up to 90 additional days

SECTION 15 – DATA BREACH NOTIFICATION

In the event of a data breach that may compromise your personal information:

• We will notify affected users within 72 hours of discovering the breach
• We will notify relevant supervisory authorities as required by law
• We will provide information about the breach, affected data, and remediation steps
• We maintain a Data Breach Register as required by GDPR

SECTION 16 – CHANGES TO THIS POLICY

We may update this Privacy Policy periodically to reflect:

• Changes in our practices
• Changes in applicable laws
• New features or services

We will notify you of material changes via:

• Email to your registered address
• Prominent notice on our website
• In-app notification

Changes take effect immediately upon posting. Your continued use constitutes acceptance.

SECTION 17 – GDPR COMPLIANCE

We comply with the General Data Protection Regulation (GDPR) effective May 25, 2018. This includes:

• Lawful, Fair, and Transparent Processing: We process data legally, fairly, and with full transparency
• Purpose Limitation: We collect data only for specified, legitimate purposes
• Data Minimization: We collect only necessary data
• Accuracy: We maintain accurate and up-to-date records
• Storage Limitation: We retain data only as long as necessary
• Integrity and Confidentiality: We protect data with appropriate security
• Accountability: We demonstrate compliance with all principles

17.1 Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for:

• Monitoring GDPR compliance
• Advising on data protection obligations
• Serving as point of contact for supervisory authorities
• Conducting Data Protection Impact Assessments

Contact our DPO at: dpo@somame.com

SECTION 18 – CONTACT US

For questions about this Privacy Policy or our data practices:

• Privacy Email: privacy@somame.com
• Data Protection Officer: dpo@somame.com
• Support: Contact Support
• Mail: [Physical Address - To Be Added]

SECTION 19 – COMPLIANCE & LEGAL FRAMEWORK

This policy is designed to comply with:

• General Data Protection Regulation (GDPR) – EU
• California Consumer Privacy Act (CCPA) – US
• Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
• Children's Online Privacy Protection Act (COPPA) – US
• Apple App Store Review Guidelines
• Google Play Store Developer Policy
• Other applicable data protection laws

Summary: We take your privacy seriously. We don't own your church data – you do. We're here to help you manage it securely and compliantly. If you have any questions or concerns, please don't hesitate to reach out to us.