Privacy Policy

Overview

This Privacy Policy explains how the MCGI MFA Assistant collects, uses, shares, stores, moderates, and deletes personal information across our website and mobile applications (iOS and Android), including in-app messaging. By using our services, you acknowledge the practices described in this policy.

Data we collect

• Account and profile data: name, email, phone, church/location profile, and authentication identifiers.
• User-submitted service data: PDOS applications, seafarer registration details, inquiry details, support requests, AI chat content, and in-app message content.
• Messaging data: message threads, participants, message bodies, replies, reactions, read status, edit and deletion timestamps, reports, block records, and moderation review details.
• Technical and security data: device/platform details, app version, IP address, user agent, and session metadata.
• Notification data: push notification device tokens and delivery status metadata.
• Consent and legal records: consent timestamps, consent source, and policy versions accepted.

How we use data

• To provide account access, sign-in, profile management, and service functionality.
• To process PDOS, seafarer, inquiry, and support workflows.
• To deliver in-app messages, show message history, sync read status, send message notifications, and help users manage conversations.
• To operate security controls, fraud prevention, and abuse/rate-limit protections.
• To review reports, enforce our Terms of Service, moderate harmful or unauthorized content, and protect users and the MCGI community.
• To send transactional communications and service updates.
• To improve reliability, usability, and performance of web and mobile app experiences.

In-app messaging and user content

Messages you send may be visible to the other participants in the conversation and to authorized administrators or moderators when needed to provide support, investigate reports, enforce policies, comply with legal obligations, or protect users. Message metadata, such as participants, timestamps, read status, reactions, and edits, is processed to operate the messaging feature.

Users may report messages, threads, or accounts and may block other users where the feature is available. Reports can include the reported content, reporter details, reported user details, reasons, optional notes, and moderation decisions. Blocking information is used to restrict unwanted contact and may be retained while needed for safety and abuse prevention.

AI assistant and third-party AI processing

The app includes an AI chat assistant and an optional AI voice chat. To generate responses, we share your input with Google through the Google Gemini AI service (Google LLC). Depending on configuration, alternative AI providers listed under "Third-party processors and integrations" below may be used to provide the same feature.

What we collect and share for this feature:

• Text chat: the messages you type to the assistant.
• Voice chat (optional): your microphone audio while a voice session is active, and the text transcript generated from it.
• Associated technical data needed to route the request, such as a session identifier and authentication token.

How we collect it: only when you actively use the AI assistant or start a voice session, and only after you have given explicit in-app consent to AI data sharing. You can withdraw this consent at any time in the app under Settings → AI data sharing, which disables the AI features.

How we use it: your input is sent to our servers and to the AI provider solely to generate the assistant's response. Voice transcripts may be saved to your account so you can review the conversation. We do not sell this data or use it for advertising.

Who we share it with: Google (Google Gemini), which processes the data to produce a response under its own privacy policy (policies.google.com/privacy) and the Google APIs Terms of Service, which provide protections for this data. We do not share this AI chat input with any other third party beyond the AI providers needed to operate the feature.

Legal bases and user rights

We process data based on your consent, our legitimate interests in operating secure services, and legal obligations where applicable.

Your rights may include:

• Access to your personal data.
• Correction of inaccurate or outdated data.
• Deletion of your account and personal data, subject to legal retention obligations.
• Export of your account data in machine-readable form.
• Withdrawal of consent where processing relies on consent.
• Opting out of non-essential notifications through device or app settings, where available.

Account and data deletion

If you created an account, you can request account deletion through in-app controls, through authenticated API deletion endpoints, or via our public deletion page at https://mfa-mcgi.org/account/deletion.

Deleting an account removes or anonymizes associated personal data unless retention is required by law, dispute handling, fraud prevention, safety, moderation, or security obligations. Some messages may remain visible to other conversation participants with your account identity removed or minimized when needed to preserve conversation integrity, records of reports, or the safety of other users.

Data security

We use reasonable administrative, technical, and physical safeguards to protect your information. No system is completely secure, but we continuously monitor and improve our protections.

Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, and then delete or anonymize it. Messaging records, reports, block records, and moderation notes may be retained for as long as needed to operate conversations, respond to user reports, prevent abuse, resolve disputes, comply with app marketplace requirements, and satisfy legal, regulatory, security, or audit obligations.

Third-party processors and integrations

• MCGI Hub and Google services for authentication flows.
• Apple services for Sign in with Apple and app platform functionality where enabled.
• SMTP2GO for email/SMS delivery.
• Apple Push Notification service, Google/Android push notification services, and Expo push services for mobile notifications.
• OpenAI, Anthropic, and Google Gemini services for AI-assisted chat features when enabled.
• OpenStreetMap Nominatim services for geocoding and map-related location lookups.
• Hosting, infrastructure, and security providers required to operate the platform.

Mobile app stores and platform providers

When you install or use our mobile applications through the Apple App Store or Google Play, Apple, Google, and related platform providers may independently collect and process information under their own privacy policies, including app installation, crash, diagnostics, store account, device, and purchase-related information. We use platform services only as needed to distribute, secure, update, and operate the app.

Children and minors

Our services are not directed to children under the age required by applicable law without parent or guardian involvement. If you believe a minor provided personal data improperly, contact us so we can review and act.

International data handling

Because our members and service providers may be located in different countries, data may be processed outside your jurisdiction using safeguards appropriate to the applicable privacy framework.

Changes to this policy

We may update this policy from time to time. Updated versions will be posted on this page with a new effective date and version. Material changes may also be highlighted in-app or on the website.

Contact

For privacy questions, data rights requests, or deletion concerns, contact us at privacy@mfa.mcgi.org or submit a request through the inquiry form.