logo

Privacy Policy

Last Updated: April 11, 2026

Servus Bonus is a volunteer scheduling platform built for communities — churches, schools, non-profits, and neighborhood organizations — where trust between administrators and volunteers is essential. We designed this platform to support that trust, and we apply that same principle to how we handle your data.

This Privacy Policy explains what information we collect, how we use it, and what rights you have over it. We've written it to be readable, not just legally defensible. If something is unclear, please email us at support@servusbonus.com.

Our Commitments to You

Before the details, here is what we believe:

  • We only collect what we need. We don't ask for information that isn't necessary to run the Service.
  • We do not sell your data. Not now, not ever. Your information is not a product.
  • Your organization controls volunteer data. If an administrator added you to the platform, they — not us — are responsible for that data. We process it only on their behalf.
  • You can ask us to delete your data. Anytime. We will act on that request within 30 days.
  • We do not send marketing emails. The only emails you receive from us are about your schedule, your account, and the operation of the Service.

1. Who This Policy Covers

This Privacy Policy applies to everyone who uses Servus Bonus: organization administrators (owners), and volunteers who are invited to or added to the platform.

The Service is intended for users located in the United States. By using the Service, you agree to the collection and use of information as described here.

2. Information We Collect

2.1 Personal Information

When you register or are added to the Service by an organization administrator, we collect:

  • Name and email address — to identify you and communicate with you about your schedule
  • Phone number and address — if provided; used for organization coordination purposes
  • Username — for login and relay email purposes; cannot be changed once set
  • Password — stored in hashed form using a one-way algorithm; we cannot read it
  • Profile photo — optional; only you and your organization's administrators can see it
  • Timezone — used to display dates and times correctly for your location
  • Billing information — for paid subscriptions, payment details are collected and processed directly by Stripe. We never store your full credit card number.

2.2 Usage and Technical Information

When you use the Service, we automatically collect limited technical information to keep things running:

  • Log data — IP address, browser type, pages visited, and time of access. Retained for a maximum of 90 days, then automatically purged.
  • Device information — the type of device and browser you used to access the Service
  • Session cookies — used to keep you logged in. We do not use cookies for advertising or cross-site tracking.
  • Push notification tokens — if you enable push notifications (Pro and Premium plans), we store a device token to deliver schedule alerts. This token is deleted when you disable notifications or close your account.

2.3 Volunteer Scheduling Information

For volunteers added to the platform by an organization:

  • Availability and block dates — dates you have marked as unavailable
  • Task and event assignments — what you are scheduled to do and when
  • Group memberships — organizational groups or teams you belong to
  • Substitution history — requests you have made or accepted to swap schedule slots

2.4 Our Role as Data Processor

When an organization adds volunteer data to the Service, a legal distinction applies: the organization is the data controller — the party that decides why and how that personal data is used. Servus Bonus is the data processor — we handle that data only as the organization instructs and as described in this policy.

Organizations are responsible for having a proper basis to collect volunteer data and for obtaining any necessary consents before adding volunteers to the platform.

If you are a volunteer who was added by an organization administrator and you have questions about your data, your first point of contact should be that administrator.

3. How We Use Your Information

3.1 To Run the Service

  • Create and manage user accounts
  • Generate and distribute volunteer schedules
  • Process subscription payments
  • Enable communication between administrators and volunteers (schedule notifications, substitution requests, reminders)
  • Provide push notifications when enabled

3.2 To Improve the Service

  • Identify and fix technical problems (using anonymized error data)
  • Understand how features are being used so we can make them better
  • Develop new capabilities based on how organizations and volunteers use the platform

3.3 To Communicate with You

All emails from the Service are operational — related to your schedule, your account, or important changes to the platform. We do not send newsletters, promotions, or advertising. If you receive an email from us, it's because your schedule changed, your account needs attention, or the platform itself changed in a way that affects you.

Because these messages are how the platform keeps you coordinated with your team, they cannot be disabled while your account is active. We keep them focused and to the point.

3.4 Automated Schedule Generation

The Service includes an automated scheduling engine that assigns volunteers to time slots based on event settings, task requirements, volunteer availability, block dates, and group memberships. This engine is designed to produce fair, balanced schedules — distributing assignments evenly over time so that no volunteer is over-scheduled or left out.

No automated assignment is final. Organization administrators have full authority to review, adjust, or override any assignment at any time before a schedule is published. Volunteers may flag conflicts or request substitutions through the platform. The scheduling engine is a tool to assist administrators, not a decision-maker that operates without human review.

3.5 Security and Legal Compliance

  • Detect and prevent fraud, abuse, and unauthorized access
  • Comply with applicable legal requirements
  • Respond to lawful government or law enforcement requests

3.6 Future Features

As the Service grows, we may introduce additional features — such as in-app messaging, a mobile application, or enhanced scheduling tools. If any new feature requires collecting new types of information or materially changes how we use existing information, we will update this Privacy Policy and notify you before those changes take effect.

4. Who Can See Your Information

4.1 Within Your Organization

Understanding who can see what is important in a volunteer coordination context. Here is how visibility works within the platform:

Organization administrators can see:

  • All volunteer profiles within their organization, including name, email address, phone number, and profile photo
  • Each volunteer's assigned tasks, event participation, schedule history, and substitution request history
  • Group memberships and block dates for every volunteer in the organization
  • Billing and subscription information for the organization's account

Volunteers can see:

  • Their own profile, schedule, assignments, and block dates in full
  • Published schedules for events they participate in, including the names and assigned tasks of other volunteers on the same schedule — so they know who they're serving alongside
  • Volunteers do not see each other's contact information (email, phone, address), personal profiles, or block dates

This design is intentional: we give administrators the access they need to coordinate their teams, while protecting the personal details of individual volunteers from unnecessary exposure.

4.2 With Our Service Providers

We share data with a small number of carefully chosen third-party providers who help us operate the Service:

  • Stripe (stripe.com) — Processes subscription payments. Stripe handles your billing information directly under their own privacy policy. We do not see or store your full card number.
  • Google Analytics (analytics.google.com) — Collects anonymized usage data to help us understand how the platform is used. IP addresses are anonymized before transmission. You can opt out at any time using the Google Analytics Opt-out Browser Add-on or by enabling a Global Privacy Control (GPC) signal in your browser.
  • Sentry (sentry.io) — Monitors application errors. Sentry receives technical diagnostic information (error messages, stack traces) only. It does not receive personally identifiable information.

That is the complete list. We do not use a CRM, email marketing platform, advertising network, or any other data-sharing service. We will update this list if we add new providers, and we will notify users of any material changes.

4.3 For Legal or Safety Reasons

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Respond to a lawful request from government or law enforcement authorities
  • Protect the rights, property, or safety of the Service, our users, or the public
  • In the event of a merger, acquisition, or sale of assets — in which case you will be notified before your data becomes subject to a different privacy policy

5. Data Storage and Retention

5.1 Where Your Data Lives

All data is stored and processed in the United States, using infrastructure provided by Amazon Web Services (AWS).

5.2 How Long We Keep It

Data Category How Long We Keep It
Account and profile information While your account is active, plus 30 days after deletion
Schedule and volunteer assignment records While your account is active, plus 30 days after deletion
Log data (IP addresses, access records) 90 days, then automatically purged
Billing records 7 years from the transaction date (required by tax law)
Error monitoring data (Sentry) 90 days
Push notification tokens Until you disable notifications or close your account

We keep billing records longer because tax and financial regulations require it — not because we want to. Everything else comes down when your account does.

If an administrator removes a volunteer, we retain that data briefly to allow for recovery in case the removal was accidental. After that window, it is deleted permanently.

5.3 Closing Your Account

You can delete your account at any time through your account settings. When you do, we will remove your personal information within 30 days, except for billing records that we are legally required to keep.

6. Your Rights and Choices

6.1 What You Can Request

Regardless of where you live, you can ask us to:

  • Show you what we have — we'll tell you what personal information we hold about you
  • Fix something incorrect — we'll correct inaccurate or incomplete information
  • Delete your data — we'll remove your personal information within 30 days of your request
  • Give you your data — we can provide your information in a portable format

To make any of these requests, email us at support@servusbonus.com or contact your organization administrator.

6.2 Volunteers Added by Organizations

If an organization administrator created your account, some of your information is under that organization's control. In those cases, your best first step is to contact your administrator. We will always cooperate with legitimate individual rights requests, but the organization may need to be involved in fulfilling them.

6.3 Emails from the Service

We do not send marketing or promotional messages. Every email from the Service is operational — a schedule notification, a substitution request, a reminder, or a notice about your account. Because the platform depends on these messages to keep volunteers informed and schedules functioning, they cannot be disabled while your account is active.

We keep them relevant and infrequent. If you feel you are receiving messages that don't belong in that category, contact us and we will look into it.

6.4 Cookies

The Service uses cookies to maintain your login session and support core functionality. You can configure your browser to block or alert you to cookies, but doing so may affect how the Service works.

We do not use cookies for advertising, behavioral tracking, or cross-site data collection.

6.5 Do Not Track

The Service does not respond to "Do Not Track" (DNT) browser signals. We do not track users across third-party websites, which is the concern DNT was designed to address.

7. Security

We take the security of volunteer and organizational data seriously. Here is what we do to protect it:

  • Passwords are never stored in readable form. We use a one-way hashing algorithm, which means even we cannot see your password.
  • All data in transit is encrypted. Every connection between your browser and our servers uses HTTPS/TLS — the same standard used by banks and healthcare providers.
  • Your organization's data is isolated from other organizations. At the application level, every data query is scoped to your organization. Administrators can only access data that belongs to their organization.
  • Volunteers see only their own information. Contact details and personal profiles are not visible between volunteers.
  • Error monitoring excludes personal data. Sentry, our error monitoring tool, receives technical diagnostics only — no names, emails, or volunteer records.
  • We keep our software current. We regularly apply security patches and dependency updates to the platform.

No internet-based service can guarantee absolute security, and we won't pretend otherwise. But we hold ourselves to a high standard, and if something goes wrong, we will tell you.

7.1 If There Is a Breach

If a security breach compromises your personal information, we will notify affected users and applicable state authorities within thirty (30) days of discovering the breach, as required by Washington state law (RCW 19.255.010) and other applicable state notification laws.

7.2 Your Part

Please keep your password secure and do not share your account with others. If you think your account has been compromised, contact us immediately at support@servusbonus.com.

8. Children's Privacy

The Service is not intended for anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child's information has been added to the Service, please contact us at support@servusbonus.com and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy when our practices change, when legal requirements change, or when we introduce new features. When we make material changes, we will post the updated policy on the Service and, where appropriate, send you a notice by email.

You can always see when this policy was last updated at the top of this page. Continuing to use the Service after a policy change means you accept the updated policy.

10. Contact Us

If you have questions about this policy, want to exercise your rights, or just want to understand something better, we are reachable at:

Servus Bonus Kirkland, WA Email: support@servusbonus.com

We read every message.

11. US State Privacy Rights

11.1 California (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to Know — request disclosure of the categories and specific pieces of personal information we have collected, the sources, our business purpose, and the third parties we share it with
  • Right to Delete — request deletion of personal information we have collected
  • Right to Correct — request correction of inaccurate personal information
  • Right to Opt-Out of Sale or Sharing — we do not sell personal information and do not share it for cross-context behavioral advertising
  • Right to Non-Discrimination — we will not treat you differently for exercising any of these rights

Categories of personal information collected: Identifiers (name, email, phone number, IP address); commercial information (subscription plan, billing history); internet or electronic network activity (usage logs); professional or organizational information (role, schedule assignments).

Disclosed to service providers: Identifiers and commercial information (Stripe, for payment); internet activity (Google Analytics, for usage analysis; Sentry, for error monitoring).

We honor Global Privacy Control (GPC) signals. We do not sell personal information and have no plans to do so. To exercise your rights, contact us at support@servusbonus.com. We will respond to verifiable requests within forty-five (45) days.

11.2 Other US States

Residents of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and other states with comprehensive privacy laws have similar rights to access, correct, delete, and opt out of certain processing of their personal information. To exercise these rights, contact us at support@servusbonus.com.

Where we rely on your consent to process your personal information, you may withdraw that consent at any time by contacting us at support@servusbonus.com.