Xerish SPC — Legal Documents

Privacy Policy

How Xerish collects, uses, and protects your information. Required for Apple App Store, Google Play, and CCPA compliance.

Effective Date: March 27, 2026

Contents

1. Overview
2. Information We Collect
3. How We Use Your Information
4. How We Share Your Information
5. Your Privacy Rights
6. Data Retention
7. Data Security
8. Children's Privacy
9. Third-Party Links and Services
10. Changes to This Policy
11. Contact

1. Overview

Xerish SPC ("Xerish," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Xerish mobile application, website, and related services (collectively, the "Platform"). By using the Platform, you consent to the practices described herein.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration: Name, email address, password, profile photo, and account type (donor or organization).
Profile Information: Display name, bio, mission statement, giving theme, website, and interest categories.
Financial Information: Payment details submitted for wallet funding. Xerish does not store full card numbers — payment information is processed and stored by Stripe, Inc.
Organization Information: Legal name, EIN, address, phone, contact information, and mission description.
Communications: Messages sent through the Platform, support requests, and correspondence.
User Content: Posts, photos, comments, prayer requests, and other content you submit.

2.2 Information Collected Automatically

Device Information: Device type, operating system, app version, and unique device identifiers.
Usage Data: Pages viewed, features used, tap patterns, session duration, and in-app navigation.
Push Notification Tokens: Used solely to deliver notifications you have opted to receive.
Log Data: IP address, access times, error logs, and referring URLs.

2.3 Information from Third Parties

Stripe: Transaction records, payment confirmation data, and dispute information.
Expo: Push notification delivery data.

3. How We Use Your Information

We use collected information to:

Create and manage your account;
Process donations and manage Wallet transactions;
Personalize your feed and giving recommendations;
Display your giving profile, impact metrics, and achievements;
Send transactional notifications (donation confirmations, achievements, streak reminders);
Send service communications (policy updates, security alerts, account notices);
Send marketing communications if you have opted in;
Operate social features (follows, likes, prayers, comments, messages);
Generate analytics for organizations regarding campaigns and donor engagement;
Comply with legal obligations and enforce our agreements;
Prevent fraud, abuse, and unauthorized use;
Improve and develop the Platform.

4. How We Share Your Information

4.1 With Organizations You Support

When you donate to an organization, that organization receives the donation amount, date, and — unless Private Giving is enabled — your display name. Organizations with 501(c)(3) status are required by law to maintain donor records regardless of your privacy preference for public display.

4.2 Private Giving

When Private Giving is enabled, your name appears as "Anonymous Donor" on public feeds, leaderboards, and donor lists. However, recipient organizations will retain access to your identity for legal and tax record purposes as required by law. Private Giving does not guarantee anonymity from recipient organizations.

4.3 Service Providers

We share information with trusted service providers who assist in operating the Platform:

Stripe, Inc. — Payment processing and financial transaction management;
Supabase — Database hosting and authentication services;
Resend — Transactional email delivery;
Expo — Mobile framework and push notification delivery;
Vercel — Web hosting and deployment, including cookieless aggregate analytics that do not track individual users.
Anthropic — AI text generation for the Stewardship Insights surfaces; Anthropic is configured for zero retention on Xerish requests.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to comply with a legal obligation, protect safety, or detect and prevent fraud.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of Xerish assets, your information may be transferred. We will notify users of any change in ownership or control.

4.6 No Sale of Personal Data

Xerish does not sell, rent, or trade your personal information to third parties for their own marketing purposes.

5. Your Privacy Rights

5.1 Access and Correction

You may access and update your account information at any time through account settings. Request a copy of your personal data by contacting privacy@xerish.com.

5.2 Deletion

Request account and data deletion at support@xerish.com. We may retain certain information as required by law (e.g., transaction records for financial compliance).

5.3 California Privacy Rights (CCPA)

California residents have the right to: (a) know what personal information we collect and how it is used; (b) request deletion of personal information; (c) opt out of sale of personal information (Xerish does not sell personal information); and (d) non-discrimination for exercising privacy rights. Contact privacy@xerish.com to exercise these rights.

5.4 Opt-Out of Communications

Opt out of marketing communications via the unsubscribe link in any email or in app notification settings. Transactional and account-related communications may not be opted out of while your account is active.

6. Data Retention

Personal information is retained while your account is active or as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Transaction records are retained for a minimum of seven (7) years per financial recordkeeping requirements. Non-required data is deleted within 90 days of account deletion.

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage through Supabase, row-level security policies, and restricted access controls. No method of electronic storage is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

The Platform is not directed to individuals under 18. We do not knowingly collect personal information from minors. If we discover we have collected data from a minor without parental consent, we will delete it promptly. Contact privacy@xerish.com to report such cases.

9. Third-Party Links and Services

The Platform may contain links to third-party websites. Xerish is not responsible for the privacy practices of third parties. Review the privacy policies of any third-party service you access through the Platform.

10. Changes to This Policy

We may update this Privacy Policy with notice posted on the Platform or by email. Continued use after notification constitutes acceptance of the updated policy.

11. Contact

Privacy requests: privacy@xerish.com
General support: support@xerish.com
Legal matters: legal@xerish.com

Questions about this document? Contact us at legal@xerish.com or support@xerish.com. We will respond within 2 business days.