Privacy Policy

Last updated: April 2026

This Privacy Policy describes how the PCO Scheduling Assistant ("Service," "we," "us") collects, uses, stores, and protects information when you use our web dashboard, AI scheduling assistant, and SMS notification services.

Our Role

We act as a data processor (GDPR) and service provider (CCPA) on behalf of your church or organization (the "Organization"), which is the data controller. We process personal data only as instructed by the Organization and as described in this policy.

Information We Collect

From Organization Administrators (Web Dashboard)

Name, email address, and profile photo (from Planning Center OAuth sign-in)
Planning Center organization membership and permissions

From Planning Center (via authorized API access)

Volunteer names, Planning Center person IDs, and team/position assignments
Service scheduling data (plans, dates, confirmation status)
Blockout dates and availability information

We access Planning Center data using each administrator's own OAuth credentials. Planning Center enforces that administrator's permission level — we cannot access data beyond what each user is authorized to see in Planning Center.

Data Created Within the Service

Scheduling preferences (frequency, position preferences, notes)
Volunteer priority rankings (tiers 1–4 per position)
Volunteer pairing rules (schedule together/apart)

From SMS Volunteers

Phone numbers and associated volunteer names
Scheduling-related messages sent to and from the service

Conversation History

When administrators use the AI scheduling assistant, conversation messages (including the assistant's tool calls and results) are stored to maintain context across sessions. These conversations may contain volunteer names, scheduling details, and position information as part of the scheduling workflow.

How We Use Your Information

Information collected is used solely to provide the scheduling service:

Assist administrators with volunteer scheduling decisions via the AI assistant
Send scheduling notifications, reminders, and confirmations via SMS
Display scheduling dashboards, reports, and preference management tools
Process volunteer responses (confirmations, declines, swap requests)
Manage subscription billing

We do not use Planning Center data, volunteer information, or conversation history to train AI models.

AI Processing

The Service uses an AI assistant (powered by Anthropic's Claude API) to help administrators manage volunteer scheduling. When you use the AI assistant:

Your messages and relevant scheduling data (volunteer names, positions, availability) are sent to Anthropic's API to generate responses
Conversation history from the current session is included for context
Anthropic processes this data under their commercial API terms, which prohibit using API inputs and outputs for model training
We do not send data to the AI assistant beyond what is necessary for the scheduling task at hand

Sub-Processors

We share data with the following third-party service providers solely to operate the Service:

Provider	Purpose	Data Shared
Planning Center Online	Church management platform (data source)	Scheduling actions via API on behalf of administrators
Anthropic (Claude API)	AI scheduling assistant	Conversation messages, volunteer names/positions/availability during active sessions
Twilio	SMS message delivery	Volunteer phone numbers and message content
Stripe	Subscription billing	Organization billing details (no volunteer data)

We do not sell, trade, or share personal information with third parties for marketing or advertising purposes.

Data Retention

Conversation history: Automatically deleted after 90 days
SMS contact records: Retained until removed by a church administrator or the volunteer opts out
Scheduling preferences and rankings: Retained until removed by a church administrator
Decline processing logs: Retained for operational integrity; deleted when the Organization's account is removed
OAuth tokens: Encrypted at rest; revoked upon logout or account deletion

When an Organization's account is deleted, all associated data (users, preferences, conversations, contacts, rankings) is permanently deleted.

Data Security

OAuth tokens are encrypted at rest using AES-based encryption (Fernet)
All data is scoped to the Organization — strict multi-tenant isolation prevents cross-organization data access
Administrator permissions are enforced at both the application and Planning Center API level
All connections use HTTPS/TLS encryption in transit

Children's Data

The Service processes volunteer scheduling data as provided by the Organization through Planning Center. We do not knowingly collect data from children under 13. If the Organization's Planning Center data includes minors who serve as volunteers, the Organization is responsible for obtaining appropriate parental or guardian consent as required by applicable law (including COPPA). Organizations should use Planning Center's built-in safeguards to manage which individuals are included in volunteer scheduling.

Your Rights

Depending on your jurisdiction, you may have the right to:

Access: Request a copy of personal data we hold about you
Deletion: Request deletion of your personal data
Correction: Request correction of inaccurate data
Portability: Request your data in a portable format
Opt-out of SMS: Reply STOP to any SMS message

To exercise these rights, contact your church administrator, who can manage your data within the Service or contact us on your behalf. For direct inquiries, email the address listed below.

Contact

For privacy-related questions or data requests, contact your church administrator or email us at privacy@pcoscheduling.com.