Privacy Policy
Last updated · July 13, 2026
Version 2.1 · Effective July 13, 2026
Supersedes: April 22, 2026 (v1.0)
1. Who we are
Extend the Sermon (“ETS,” “we,” “us,” or “our”) is a product of Church Media Company LLC, a Utah limited liability company doing business as Extend the Sermon. We provide AI-powered sermon content generation for churches and ministry organizations. We are the controller of the personal information described in this policy.
Questions? Email us at hello@extendthesermon.com.
This policy is written for churches and their leaders in plain English. Where the law uses formal terms, we say what we actually mean.
2. Information we collect
Account and login
- Email address and password when you create an account.
- Optional church name at sign-up.
- Auth security telemetry, a hashed (not readable) form of your email and IP address, kept to detect abuse and protect logins.
- Strictly-necessary session cookies to keep you logged in. We do not use analytics cookies, advertising cookies, or third-party trackers.
Church profile and brand
- Church name, congregation size band, contact email.
- Denomination.
- Brand assets you upload: logo, custom fonts, and brand colors.
- Voice and tone preferences, and AI aesthetic/brief settings.
Learned voice profile
- As you edit the content we generate, we build a per-church “voice profile,” a summary of your church’s tone plus before/after examples from your own edits, so future content sounds more like you. This is described further in Section 5.
Sermon content and outputs
- The sermon you submit: a YouTube/Vimeo URL, or an audio/video file you upload (stored on Cloudflare R2).
- The transcript we generate, including word-level timestamps.
- The content we generate from it: blog post, devotional, discussion guide, kids-ministry connection, social posts, generated images, video clips, and related quotes and prompts.
Billing
- Subscription plan and status, and identifiers from our payment processor. We never see or store your full card number, payment is handled by Stripe on their hosted checkout.
Getting started and outreach
- Waitlist entries: email, church website, attendance, current platform, and referral info.
- Sample-run data from unauthenticated visitors (people who try ETS before creating an account): email, church name, the sermon URL submitted, verification tokens, and, for security and abuse prevention, IP address and browser user-agent.
- Invite codes (the code, associated church and email, and who redeemed it).
- Contact requests and onboarding drafts you begin but haven’t finished.
- A CAPTCHA challenge (Cloudflare Turnstile) on public forms, which processes your IP to tell humans from bots.
We collect content-processing metadata (job status, timing, token/cost ledger) to run and support the service. We log the content of your sermons only as needed to generate and store your outputs.
3. How we use your information
- To transcribe your sermon and generate and deliver your content.
- To personalize outputs to your church’s brand and voice (see Section 5).
- To send you transactional email (content-ready notices, account and billing messages).
- To process your subscription and payments.
- To operate, secure, support, and improve the service.
- To prevent abuse and comply with legal obligations.
4. Your sermon content is sensitive, and we treat it that way
Sermons are religious speech. Transcripts, your denomination, and a pastor’s recorded voice and likeness can reveal religious beliefs and are tied to identifiable people. We handle this content with care, limit who can access it (see Section 8), and do not sell it.
People in your footage. ETS has no congregant-facing features and does not seek out data about your members. But congregants may appear incidentally in the video you submit. You are responsible for having the rights and permissions needed for the footage you upload and for the people who appear in it.
Children. ETS is for adults. You must be 18 or older to hold an account. We do not knowingly collect any information about children. Content we generate about kids or children’s ministry is written for the adult leaders who run those ministries, it is not collected from or directed to children (COPPA does not apply).
5. How we use AI and your data
We want to be plain about how AI touches your content. There are three tiers.
(i) Your identifiable content, used to serve and personalize you. We use your sermon, transcript, brand kit, and voice preferences to generate your content and to personalize your church’s own outputs. This includes the per-church voice profile we build from your edits (Section 2). This identifiable content is used for your church, not to build a public or shared product.
(ii) De-identified and aggregated data, used to improve ETS. We use de-identified and aggregated signals, such as editing patterns, quality and preference signals (including which generated options you choose to download), and usage metrics, to improve and train ETS’s own core models and features. This data is stripped of information that identifies your church or people before it is used this way. We publicly commit to keep and use this data only in de-identified form and to not attempt to re-identify it. Data we currently store in an identifiable form (for example, quality and preference records tied to your account) is de-identified at the point it is used for model or feature improvement.
(iii) Our commitments.
- We do not sell your personal data.
- Our third-party AI providers (Anthropic, Deepgram, Recraft) process your content only to provide the service under their API/enterprise terms, and do not acquire rights to train their models on it under those terms.
- We do not use your identifiable sermon content to train third-party foundation models.
If we ever want to use identifiable content in a materially new way, we will ask for your consent first.
5A. Marketing use of your content (opt-in only)
With your opt-in consent(Terms Section 8A), we may feature the content ETS generated from your sermons — clips, social posts, graphics, and quotes — together with your church’s name and logo, in our own marketing: our website, social media, email, and ads. This is off by default, declining never affects your service, and you can withdraw at any time.
Because clips and quotes can include people other than you (for example, congregants captured on camera, or individuals named in a testimony), you are responsible — before opting a sermon in — for confirming you have permission from anyone identifiable in that content for it to appear in our marketing. Sermon content can reveal religious beliefs and, in testimonies, other sensitive details about identifiable people; marketing use makes that content public well beyond your congregation, so opt in thoughtfully.
We keep a record of each marketing consent and withdrawal (who, when, what scope, and which document version) as a legal record — see Section 7.
6. Sub-processors (who else touches your data)
We use the following service providers to operate ETS. Each receives only what it needs for its role.
| Provider | What it receives |
|---|---|
| Supabase | All application data and authentication (account, church, content, jobs). |
| Stripe | Your email, an account identifier, and plan/payment info for billing. |
| Deepgram | Your sermon audio, for transcription. |
| Anthropic (Claude) | Your transcript plus voice/brand context, to generate content. |
| Recraft | Sermon quotes, prompts, brand colors, and reference images, to generate images. |
| Cloudflare R2 | Your uploaded media and rendered image files (storage). |
| Cloudflare Turnstile | Your IP address, for CAPTCHA/bot protection on public forms. |
| Resend | Your email, church name, and (for billing notices) amounts, to send transactional email. |
| Vercel | Application hosting and server logs. |
| Railway | Your full video and transcript, for clip generation and media fetching. |
| Inngest | Background-job event payloads, which can include transcript text. |
| Apify | The YouTube URL you submit, for reliable video fetching. |
| Slack (internal operations) | Operational alerts to our own team that can include limited customer data, e.g. church name, and for sample runs a visitor email. Used only for internal monitoring and support, not shared externally. |
We do not permit these providers to use your content for their own purposes beyond providing their service to us. If we ever share de-identified data with a provider, our contract requires them to keep it de-identified and not to attempt to re-identify it.
7. Data retention and deletion
We are giving you the honest current state.
- While your account is active, we retain your account data, sermon content, brand kit, and generated content so the service works.
- We do not currently run automatic time-based deletion. We retain your data until you ask us to delete it. To request deletion, email hello@extendthesermon.com and we will delete your account data and content. We are building self-serve deletion inside the app.
- If you cancel, your content and brand kit are retained (so you can return) until you request deletion.
- Waitlist and sample-run data (including the IP address and user-agent from a sample run) are currently retained until you ask us to remove them. Email us to have them removed.
How long we keep each kind of data (some laws require us to state this per category):
| Data | How long we keep it |
|---|---|
| Account (email, login) | Life of your account, then until you request deletion |
| Church profile, brand kit, voice profile | Life of your account, then until you request deletion |
| Sermon media, transcripts, generated content | Until you delete it, or until you request account deletion |
| Billing records | As long as needed for tax and accounting (typically up to 7 years), per our payment processor |
| Auth security logs (hashed) | Up to 24 months, then purged |
| Waitlist data | Until you ask us to remove it, or until we close the waitlist |
| Sample-run data (incl. IP + user-agent) | Up to 12 months, then purged or de-identified |
| Consent records | Kept as a legal record of your acceptance (retained for the audit trail) |
| Marketing-consent records (Section 5A) | Who, when, scope, and document version of each opt-in and withdrawal — retained even after withdrawal, so we can prove a use was authorized at the time |
We do not keep personal data longer than we reasonably need it for the purpose we collected it.
8. Who can access your content
A small number of authorized Church Media Company personnel can access your content and account when needed to operate the service, provide support, investigate problems, and quality-check output. Access is limited to those who need it. We do not browse your content for any other purpose.
9. Your rights
You can:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data, today, by emailing hello@extendthesermon.com (self-serve deletion is in progress).
- Export a sermon, you can export any individual sermon’s outputs yourself from within the app (self-serve, per sermon). Account-wide export is not yet self-serve; email us and we’ll help.
- Port your data, request a copy in a portable format by email.
- Withdraw marketing consent (Section 5A) at any time in your account settings or by email. We stop new uses and remove your content from marketing channels we control; copies already distributed may persist, and withdrawal is not retroactive to uses made while your consent was active.
To exercise any of these, email hello@extendthesermon.com. We respond within 45 days (we may extend once by another 45 days for a complex request, and we will tell you if we do).
If we deny your request, you can appeal. Reply to our decision or email hello@extendthesermon.com with “Appeal” in the subject. We will review and respond within 45 days. If we still deny it, and your state’s privacy law gives you the right, you may contact your state Attorney General to raise a concern.
Church Media Company LLC is a Utah company. Based on our current size, the comprehensive state privacy laws (including California’s CCPA/CPRA, Colorado’s CPA, Virginia’s VCDPA, Texas’s TDPSA, and Utah’s UCPA) do not currently apply to us, but we honor the access, correction, deletion, export, and appeal rights above for everyone regardless. Residents of those states may have additional statutory rights if those laws later apply to us as we grow. We do not currently offer GDPR/UK-GDPR rights or serve EU/UK data subjects.
10. Security
We protect your data with authentication controls, row-level access restrictions in our database, encrypted storage with our providers, and abuse-detection telemetry. No system is perfectly secure, but we take reasonable measures appropriate to the sensitivity of the content you trust us with.
11. Consent and changes to this policy
By creating an account and checking the agreement box at sign-up, you consent to this Privacy Policy and to the processing it describes.
This is version 2.1, effective July 13, 2026. We may update this policy from time to time. When we make a material change, we will update the version number and effective date above and notify you by email. Your continued use of ETS after an update takes effect constitutes acceptance of the updated policy.
Extend the Sermon is a product of Church Media Company LLC, a Utah company. Questions: hello@extendthesermon.com.