Security, Privacy, and Data Handling Overview

Security, Privacy, and Data Handling Overview

SoulShine is positioned as a trust-first platform for ministries. The public Security Center emphasizes that ministry data is treated as confidential, protected with strong security controls, and not treated as a product to be sold or monetized.

Core Security Commitments Highlighted by SoulShine

• Data confidentiality - your ministry's information is treated as your ministry's data
• Encryption - the site states data is protected with AES-256 encryption at rest and in transit
• Role-based access - access should be limited to the right people for the right purposes
• Plain-language trust posture - pricing, terms, and security expectations should be understandable by ministry leaders and boards

Good Internal Practices for Customers

• Only upload documents that are needed for ministry operations
• Keep private counseling notes, highly sensitive pastoral records, and unnecessary personal data out of shared training material
• Limit account access to staff who actively manage SoulShine
• Review connected channels and integrations during onboarding and after staffing changes
• Use separate internal processes for emergencies, mandated reporting, and other high-risk situations

Questions Ministry Leaders Often Ask

• Can we tailor the platform to our theology? Yes. Foundational documents and guardrail settings are meant to anchor the assistant to your ministry's teaching and tone.
• Should we put everything into the system? No. Start with the minimum set of current documents needed for safe, useful answers.
• What belongs in a support ticket? Configuration questions, safety concerns, access issues, and specific examples of outputs that need review.

When to Open a Security / Compliance Ticket

Use the Security / Compliance ticket type if your church, nonprofit, or board needs clarification on privacy posture, access expectations, ministry data handling, or a concerning interaction that may involve sensitive information.