Privacy Policy

This policy describes how the Church Expense Reimbursement application (“the App”) handles personal information. The App is operated internally by Bridgeway Church and is not offered to the general public.

1. Information We Collect

• Account information from Google Sign-In: your name, email address, and profile picture.
• Expense records that you submit: receipt photographs, amounts, dates, categories, descriptions, and notes.
• Workflow metadata: submission and approval timestamps, approver identities, and status history.
• Device information: basic session data used to keep you signed in.

2. How We Use It

• Authenticate you and authorize your role within the App.
• Process reimbursement requests through the church’s approval workflow.
• Extract structured details (amount, date, category) from receipt photographs via Google Gemini, to speed up submission.
• When a finance administrator approves and marks a submission as “Bill Pay Setup,” send the related expense data and receipt images to the church’s QuickBooks Online company for bookkeeping.
• Notify you of approval status via email and in-app messages.

3. Third-Party Processors

Your data is transmitted to the following services as needed:

• Google Sign-In — authenticates your identity.
• Google Gemini API — receives receipt images for one-time OCR analysis. Images are not used for model training.
• Firebase Storage (Google) — stores receipt images referenced by the App.
• Vercel — hosts the application and operates serverless functions.
• PostgreSQL (Neon / managed database) — stores expense records and user data.
• QuickBooks Online (Intuit) — receives approved expense data and receipt images when pushed by a finance administrator. Access tokens are encrypted at rest using AES-256-GCM.
• Brevo — delivers transactional email notifications.

4. Who Can See Your Data

Your own expense records are visible to you. Finance administrators (designated members of the church’s finance group) can see all submissions and the receipt images attached to them, because reviewing and approving reimbursements is part of their role. No other parties inside or outside the church have access.

5. Data Retention

Expense records, receipt images, and audit history are retained for as long as the church’s bookkeeping policy requires. You may request deletion of your account and associated personal data by contacting the church administration; records that must be retained for accounting or legal reasons will be preserved in anonymized form.

6. Security

QuickBooks access tokens are encrypted at rest. Receipt images are served over tokenized URLs. Access to the administrator tools requires membership in the finance permission group. All traffic between your browser and the App is served over HTTPS.

7. Your Choices

You can stop using the App at any time. You can revoke Google’s access to your account through your Google account security settings. Requests to access, correct, or delete your personal data should be directed to the church administration.

8. Changes

This policy may change. The “Last updated” date above reflects the current version.

9. Contact

Questions about this policy can be directed to the church administration.