PRIVACY POLICY

Last updated September 30, 2023

1. What Personal Information is Collected?

You can visit www.hourglass-app.com without providing any personal information.

Registered users must provide a valid, working email address to which they have access. This address is collected by Hourglass at the time the congregation is registered.

Registered users who are operating on behalf of the congregation with the necessary access privileges in Hourglass may enter additional personal information, including but not limited to a physical address, an email address, telephone numbers, gender, and date of birth, on behalf of other individuals in the congregation. The congregation and its authorized representatives own and manage this personal information. Where required, the congregation will obtain the consent of the individuals prior to collecting their personal information. Hourglass does not directly collect this information from end users; it is collected and entered by a representative of the congregation.

Publishers can withdraw consent by informing their congregation. Registered, authorized users can delete the personal information stored in Hourglass for individuals who have withdrawn consent. Registered, authorized users can remove all data pertaining to their congregation by using the Delete Congregation feature. The data that are collected about a user can be viewed at any time by an authorized user via the congregation export.

2. How Personal Information is Used

When it comes to the personal information that is entered by congregation representatives, Hourglass primarily acts as a storage and retrieval system, so that this information can be viewed and updated. If you accept an invitation to use Hourglass, and opt to use an email address to log in with a web browser, your email address may be used to send reminders or other communications initiated by the congregation.

At the request of a registered user, this information may be used as part of providing support for the Hourglass service or verifying the authenticity of support requests.

3. What Personal Information is Disclosed?

Personal information is not disclosed to third parties except as required by law. Data may be transferred between congregations if a publisher moves and both the initiating and receiving congregations agree to transfer the publisher's records.

4. What Other Information is Collected?

Technical information about the requests you make of Hourglass may be collected and utilized to improve our services. These data also are not disclosed to third parties except as required by law.

5. Payment Information

Hourglass does not accept payments for the services it provides. Therefore, no payment information is ever collected, stored, or processed by Hourglass. When they are being accepted, voluntary donations can be sent via PayPal, Stripe, or Bitcoin and are processed outside of Hourglass.

6. Security

All interactions with our application (hosted at app.hourglass-app.com) are protected with SSL/TLS. We implement reasonable precautions to secure the systems hosting the service. This includes all logins and interactions with any data stored by the system. Data are also encrypted at rest. Optionally, End-to-End Encryption can be enabled, providing additional security.

7. Legal Regulations (including GDPR)

Laws regarding privacy and personal information exist in many countries. Many such regulations distinguish between those who obtain and are responsible for the collection of personal information, and services which store it. For example, the EU GDPR describes data controllers and data processors. Hourglass acts solely as a data processor.

Hourglass endeavors to comply with such regulations through mechanisms such as:

  • The ability to permanently delete data, either about a single individual, or all data entered by the congregation.
  • Use of providers who have certified compliance with such regulations. Hourglass utilizes Amazon Web Services (AWS). You can read details about AWS GDPR compliance via Standard Contractual Clauses in the AWS GDPR DPA.
  • Optionally, End-to-End Encryption can be enabled, which provides a level of security and privacy beyond that mandated by such regulations. When enabled, no personal data is stored anywhere (only data encrypted with the congregation's key are stored).
8. Cookies

No third-party cookies are used. Cookies with a lifetime not longer than your browser session are used to secure your communication with Hourglass. Cookies are only used as a form of authentication, not for tracking purposes of any kind.

9. Changes to this Policy

We reserve the right to change this policy at any time, without notice. We will however make reasonable attempts to inform registered users of substantial changes.

10. Contact Information

Please contact info@hourglass-app.com for questions or concerns regarding this Privacy Policy.