Privacy Policy

Effective Date: September 01, 2025

Company: Maximize Your Design, LLC ("Company", "we", "us", "our")

Contact: [email protected]

This Privacy Policy explains how we collect, use, share, and protect information when you use our DISC assessment platform, admin dashboards, and related services (the "Services").

1) Information We Collect

A. Account & Organization Data

Church/organization name, logo, branding, campuses, billing contact, plan details.

Admin/Staff user info: name, email, role, authentication logs.

B. Participant/Assessment Data

Name, email, campus, answers to assessment questions, DISC scores, styles (natural/adaptive), gifts/tags, generated reports.

C. Communications & Support

Email content, support tickets, audit logs, webhook configuration.

D. Technical Data

Device/browser, IP address, pages viewed, timestamps, referral URLs, cookies and similar technologies.

E. Payment/Billing (if applicable)

Limited billing metadata from our payment processor. We do not store full payment card numbers.

2) How We Use Information

  • Provide and improve the Services (assessment scoring, report generation, delivery).
  • Operate tenant features (campus filters, exports, admin dashboards).
  • Authenticate users; prevent fraud and misuse; enforce terms; audit access.
  • Deliver transactional emails (invites, confirmations, report links).
  • Analyze usage (e.g., completion rates) to improve reliability and UX.
  • Comply with law and respond to lawful requests.

3) Legal Bases (EEA/UK Only)

  • Contract performance (providing the Services to your church/organization).
  • Legitimate interests (security, product improvement).
  • Consent (where required, e.g., certain cookies/communications).
  • Legal obligations.

4) How We Share Information

We do not sell personal data. We disclose information to:

  • Service Providers / Sub-processors (hosting, database, email/SMS, error monitoring, analytics) under contract and only as necessary to provide the Services.
  • Organization Admins (your church/tenant admins can access participant data within their tenant).
  • Legal/Compliance when required by law or to protect rights, safety, and security.
  • Business Transfers (merger, acquisition) subject to this Policy's protections.

We use third-party processors to operate the Services, including managed PostgreSQL hosting (Neon), email delivery (Postmark), web application hosting (Vercel), and optional church-management system integrations (e.g., Planning Center Online, Rock RMS, Church Community Builder/Pushpay, Breeze, MinistryPlatform, Elvanto/Tithe.ly—only if you connect your account). We maintain a current list of our subprocessors at /subprocessors.

5) Data Retention

We retain data for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Tenants can request deletion/export subject to legal/regulatory limits.

6) International Transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards (e.g., SCCs) for cross-border transfers.

7) Security

We use administrative, technical, and physical safeguards (encryption in transit, access controls, audit logs). No method is 100% secure; report concerns to [email protected].

8) Your Privacy Rights

  • EEA/UK/Swiss: access, rectification, erasure, restriction, portability, objection, and complaints to your local authority.
  • California (CPRA): rights to know, delete, correct, and limit use of sensitive data; no "sale" in the adtech sense. We do not profile for cross-context behavioral advertising. Submit requests to [email protected]. We will verify your identity and respond within statutory timelines.

9) Children's Privacy

The Services are not directed to children under 13 (or under 16 in certain jurisdictions). Do not submit children's data without appropriate consent and lawful basis.

10) Organizational Roles

For most processing, your church/organization is the Controller, and we act as a Processor. For our own platform operations (security, logs, billing), we may act as an Independent Controller. See our Data Processing Addendum (DPA) for details.

11) Cookies & Similar Technologies

We use strictly necessary cookies (auth/session), functional preferences, and limited analytics. Manage preferences in your browser; some features may not work without essential cookies.

12) Changes

We may update this Policy. We'll post updates with a new "Effective Date" and, where required, notify Admins.

Contact

Maximize Your Design, LLC - [email protected]