Privacy Notice for Our Secure Church Website Platform
Effective Date: February 20, 2026
This Policy explains how Yashev LLC (“Yashev,” “we,” “us,” “our”) collects and processes information in connection with the Yashev platform and related services (the “Service”). If a church, ministry, or organization uses Yashev to upload or manage its own member, donor, visitor, volunteer, or website data (“Customer Data”), that organization typically acts as the data controller, and Yashev acts as a service provider / processor for that Customer Data. Customers are responsible for their own legal notices and consents. This Policy is intended to be comprehensive, defensive, and compliant with applicable U.S. privacy laws; it does not expand any statutory rights beyond what the law requires.
This Privacy Policy (“Policy”) describes how Yashev LLC (“Yashev,” “Company,” “we,” “us,” or “our”) collects, processes, stores, discloses, transfers, retains, and protects information in connection with the Yashev software-as-a-service platform and related websites, applications, APIs, communications, and services (collectively, the “Service”).
This Policy is intended to comply with applicable United States federal and state privacy laws, including (where applicable) the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Texas Data Privacy and Security Act (TDPSA), the Utah Consumer Privacy Act (UCPA), and other state privacy frameworks, as well as the Children’s Online Privacy Protection Act (COPPA), and industry security practices (including PCI DSS where applicable).
This Policy does not create contractual promises beyond those required by applicable law and does not expand or create statutory privacy rights. Nothing herein shall be construed as creating a fiduciary obligation, joint controllership, partnership, or agency relationship beyond what applicable law expressly requires.
We may update this Policy at any time. Changes are effective upon posting with an updated effective date, unless applicable law requires additional notice. Your continued use of the Service after changes are posted constitutes your acknowledgment of the updated Policy, to the extent permitted by law.
This Policy applies to Personal Information processed through the Service and Yashev-controlled properties (including our marketing site and support channels), subject to the “Controller vs. Processor” role distinctions below.
This Policy does not apply to third-party websites, applications, or services linked from the Service (including app stores, payment processors, or third-party integrations). Their practices are governed by their own policies, and you should review them carefully.
When Customers use the Service to manage website content, visitor contact submissions, event registrations, prayer submissions, team/staff information, ministry pages, communications, and similar church website operations, Yashev generally acts as a service provider / processor processing Customer Data on the Customer’s behalf.
In that context, the Customer is generally the controller (or “business” under CCPA/CPRA) and is solely responsible for:
Yashev processes Customer Data only as necessary to provide, secure, maintain, and improve the Service; to comply with law; and as otherwise permitted by contract and applicable law.
Yashev acts as a controller for Company Data, such as marketing site interactions, administrator and billing contact information, and support communications.
Depending on how you interact with the Service, we may collect the following categories:
| Category | Examples | Typical Source |
|---|---|---|
| Identifiers | Name, email address, phone number, username, IP address, account identifiers | Directly from users; automatically from devices |
| Commercial / Billing | Subscription plan, invoices, billing history, transaction metadata | Directly from Customers; payment processors |
| Financial (Limited) | Payment method metadata (tokenized), last-4 digits (if provided by processor), billing status | Payment processors (we do not store full card numbers) |
| Internet / Network Activity | Log data, browser type, device info, referrers, clickstream within Service, diagnostics | Automatically from Service usage |
| Approximate Location | Approximate location derived from IP address (not precise geolocation) | Automatically from network data |
| Organizational / Ministry Data | Church name, staff roles, event details, communications metadata | Customers / authorized users |
| Sensitive Data | Religious affiliation and participation; prayer submissions; ministry-related notes (as configured by Customer) | Customers / authorized users |
We do not knowingly collect Personal Information from children under thirteen (13) for our marketing site. However, Customers may use the Service for church website operations that involve minors (e.g., event registrations or ministry participation forms). Customers are responsible for any required parental notices and consents, unless applicable law requires otherwise.
Some data processed through the Service may constitute “Sensitive Personal Information” or “Sensitive Data” under applicable laws. This may include religious affiliation, religious participation, and other faith-based ministry data processed at Customer direction.
Yashev processes Sensitive Data:
We process Personal Information for legitimate business purposes, including:
We do not sell Personal Information as defined under CCPA/CPRA. We do not “share” Personal Information for cross-context behavioral advertising.
We may disclose Personal Information to the following categories of recipients, strictly as needed:
We require service providers to use Personal Information only for the specified purpose, implement reasonable safeguards, and restrict onward disclosure where applicable.
We may use cookies, local storage, pixels, and similar technologies for: (a) essential Service functionality, (b) security, (c) preferences, (d) analytics and performance.
You can control cookies through your browser settings. Disabling certain cookies may limit functionality. We honor “Do Not Track” signals only to the extent required by applicable law, because the Service may not uniformly recognize such signals across environments.
We retain Personal Information only as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law. Retention may also be extended for legitimate needs such as dispute resolution, enforcement of agreements, audits, and compliance obligations.
| Data Type | Typical Retention | Notes |
|---|---|---|
| Account & Customer Data | Duration of Customer relationship + 30–90 days | May vary by contract, customer settings, or legal holds |
| Financial Records | At least seven (7) years | Tax, accounting, and audit requirements |
| Security Logs | Up to 24 months | Used for detection, investigation, and prevention |
| Backups | Rolling schedule; automatically purged | Backups may persist temporarily after deletion requests |
| Legal Hold | As required | Preserved for disputes or lawful requests |
We implement reasonable administrative, technical, and physical safeguards designed to protect Personal Information from unauthorized access, use, alteration, or disclosure. Measures may include (as appropriate): encryption in transit (TLS 1.2+), encryption at rest where applicable, access controls, least-privilege practices, audit logging, monitoring, vulnerability management, and disaster recovery planning.
No method of transmission or storage is 100% secure. Accordingly, we do not guarantee absolute security. Users are responsible for maintaining the confidentiality of credentials, using strong passwords, and promptly reporting suspected compromise.
If we confirm a security incident involving Customer Data, we will notify the affected Customer without unreasonable delay and as required by applicable law. Customers are generally responsible for assessing and fulfilling any obligations to notify individuals, regulators, or other parties, unless applicable law requires otherwise.
Depending on your state of residence and applicable law, you may have rights such as:
Submitting a request: email privacy@yashev.com. We may request additional information to verify your identity and authority. We will respond within legally required timeframes, subject to statutory extensions and exceptions.
Customer Data requests: If your request relates to Customer Data processed on behalf of a church or organization, we may direct you to that Customer. In many cases, the Customer must handle the request as the controller/business, and Yashev will assist as required by contract or law.
The marketing site is not directed to children under 13. The Service may be used by Customers to manage church website operations involving minors. Customers are solely responsible for providing any required notices and obtaining any required parental consents for minors’ data in Customer Data, unless applicable law provides otherwise.
Yashev does not engage in automated decision-making or profiling that produces legal or similarly significant effects as contemplated by certain state privacy laws.
The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States, where privacy laws may differ. By using the Service, you acknowledge and consent to such processing to the extent permitted by law.
The Service may allow Customers to enable third-party integrations or link to third-party sites. Yashev is not responsible for third-party privacy practices or content. You should review third-party policies before using third-party services.
We may disclose Personal Information to comply with applicable law, legal process, governmental requests, subpoenas, or court orders, or to protect the rights, property, and safety of Yashev, our Customers, users, or others. Where permitted and appropriate, we may attempt to notify the relevant Customer or user before disclosure.
This Policy does not create additional rights beyond those provided by applicable law and does not waive or limit any legal defenses available to Yashev. Any inconsistencies between this Policy and applicable law shall be interpreted in a manner consistent with applicable law, and the remainder shall remain in effect.
For questions about this Policy or to submit a privacy request, contact: privacy@yashev.com
This Privacy Policy is provided for general informational purposes and does not constitute legal advice. It does not create a fiduciary relationship and does not expand statutory privacy rights or obligations beyond what applicable law requires. Yashev reserves all rights, privileges, and defenses available under law and contract.