Privacy Policy
Mantle helps churches turn sermons into content. This policy explains what data we collect, what we do with it, and what control you have over it.
1. Who we are
Mantle is operated by [Your Legal Entity — once your LLC is formed, replace this with the LLC name and registered address]. You can reach us at [email protected].
2. What we collect
Account information
- Your name and email address
- A bcrypt hash of your password (we never store the password itself)
- Your church's name, denomination, voice description, and any pastor writing samples you provide
- Your role within your church (admin, staff, viewer)
- The last time you logged in
Sermon content
- Audio or video files you upload (deleted from our servers shortly after transcription completes)
- Sermon transcripts produced by automated transcription
- The generated deliverables (summaries, social posts, small group guides, devotionals, etc.)
- Sermon embeddings (numeric vectors used for in-app search across your past sermons)
Payment information
If you subscribe, your payment details are collected and stored by Stripe. We never see or store your card number, CVV, or full bank account information. We store only the Stripe customer and subscription identifiers needed to bill you.
Operational data
- Server logs (IP addresses, requested URLs, timestamps) for security and debugging
- Job records (which sermons you generated, when, and their status)
- Stripe webhook events we have processed
What we do NOT collect
- Analytics tracking, ad networks, social media pixels, or third-party trackers of any kind
- Personal data about anyone other than the people you invite to your church account
- Cookies beyond the single session cookie used to keep you logged in (see our Cookie Policy)
3. How we use your data
We use it only to provide the service:
- Run your sermon through transcription and AI generation
- Send the resulting deliverables back to you
- Authenticate you when you log in
- Bill you if you subscribe
- Send you transactional emails (verification, password reset, teammate invitations)
- Respond to support requests if you contact us
We do not use your sermons or any of your data to train AI models. We do not sell your data. We do not share it with anyone outside the third-party service providers listed below.
4. Third-party services we use
To run Mantle we send some of your data to these services. Each is a contracted vendor, not a sale of data.
| Service | What they receive | Why |
|---|---|---|
| Anthropic (Claude API) | Sermon transcript, analysis prompt, pastor writing samples | To generate the deliverables. Anthropic does not train on API data by default. |
| OpenAI (Whisper + Embeddings) | Sermon audio file, sermon analysis text | To transcribe the audio and to embed sermon analyses for in-app search. OpenAI does not train on API data by default. |
| Stripe | Email, name, church name, payment information | To process subscriptions if you subscribe. |
| SMTP provider (currently Postmark) | Recipient email address, message body | To deliver transactional emails (verification, password reset, invites). |
| Cloudflare | IP addresses, request metadata | For TLS, DDoS protection, and content delivery. |
| Hetzner Online GmbH | Everything we store (encrypted at rest) | To host our servers. Mantle's primary infrastructure is in [your Hetzner region — Ashburn, VA, USA]. |
5. How long we keep your data
- Audio uploads: deleted from our servers within hours of successful transcription. We never keep the audio file long-term.
- Account, sermons, transcripts, and generated deliverables: kept for as long as your account is active. If you delete your account, this data is removed within 30 days, except where we are legally required to retain it (e.g., for accounting records).
- Server logs: kept for up to 30 days for debugging and security investigations, then rotated out.
- Backup copies: may persist in encrypted backups for up to 90 days after deletion before being overwritten.
6. Your rights
Regardless of where you live, you can:
- Access the data we hold about you — most of it is visible inside the app already
- Correct any inaccurate information by editing it in the app
- Export your sermons and deliverables (each sermon has a Download button that produces a complete zip)
- Delete your account by emailing [email protected]. Self-service deletion is on our roadmap.
If you are in the European Economic Area, the United Kingdom, California, or another jurisdiction with comprehensive data protection law, you have additional rights including the right to object to processing, the right to data portability, and the right to lodge a complaint with your local supervisory authority.
7. Children
Mantle is built for church staff and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us so we can delete it.
8. Security
Standard practices we follow:
- Passwords are hashed with bcrypt (cost factor 12) — we never store them in cleartext
- All web traffic is encrypted in transit via TLS
- Database passwords and API keys are stored as environment variables, not in source code
- Session cookies are signed, HttpOnly, and SameSite=Lax
- Production access is restricted to SSH key authentication only (no passwords)
No system is perfectly secure. If you believe you've found a security vulnerability, please email us at [email protected].
9. International data transfers
Your data is processed primarily in the United States. By using Mantle, you consent to the transfer of your data to the United States and to the third-party processors listed above, which may operate in other countries.
10. Changes to this policy
If we make material changes, we will notify you by email at the address on your account at least 14 days before the change takes effect. Less significant changes (clarifications, typo fixes) we will publish here without separate notice.
11. Contact
Questions about this policy or about your data: [email protected].