Data Processing Addendum
These are Rewind's current terms, provided in good faith. They are general terms, not legal advice to you, and may be updated — material changes will require re-acceptance. Version dpa.v1.
This Data Processing Addendum (“DPA”) governs how Rewind processes personal data about a Church's congregants and members on the Church's behalf. It supplements the Privacy Policy (which speaks to individuals) and is accepted by a Church administrator when the Church is set up.
Roles
For personal data about the Church's congregants and members, the Church is the controller and Rewind is the processor. We process that data only on the Church's documented instructions — which, for the standard product, are the features the Church enables — and for no independent purpose.
What we process
- Sign-in identity (Google profile or email) of the Church's users.
- The questions users ask and the AI's answers.
- Devotional progress (which days a user marks complete).
- Bookmarks and saved items.
- Problem reports a user submits, including their identity.
Sermon Content itself (audio, transcripts, and AI derivatives) is governed by the Content License Grant, not this DPA.
Purpose limitation and isolation
We use congregant data only to operate the product for the Church. Each Church is a separate tenant, and data is isolated at the database level by row-level security so one Church cannot see another's data. Errors are reported to our monitoring provider with credentials and identifying tokens scrubbed.
Subprocessors
We use the following subprocessors to provide the service. Each processes only what is needed for its function:
- Anthropic — generating AI overviews, devotionals, guides, and answers.
- OpenAI — text embeddings for search/retrieval.
- Deepgram — speech-to-text transcription of sermon audio.
- api.bible — Bible passage text.
- Google — sign-in (OAuth) identity.
- YouTube (Google) — embedded sermon-video playback; when a congregant plays a video, YouTube receives their IP address and playback interaction data from the browser.
- Sentry — error monitoring (scrubbed).
- Render — application and database hosting.
- Cloudflare R2 — storage of generated media (e.g. shareable clips).
We will give the Church a reasonable way to learn of changes to this list before a new subprocessor begins processing congregant data.
Security
We maintain technical and organizational measures appropriate to the data, including tenant isolation via row-level security, encryption in transit, least-privilege database roles, and scrubbed error reporting. Access to congregant data is limited to what the product requires.
Data-subject rights
We support the Church in responding to congregant requests to access or delete their data. A user may delete their own account from settings; on deletion their conversations, devotional progress, bookmarks, and preferences are hard-deleted, and problem reports are retained for the Church's quality history but permanently unlinked from the user's identity.
Breach notification
If we become aware of a personal-data breach affecting the Church's congregant data, we will notify the Church without undue delay and provide the information the Church reasonably needs to meet its own obligations.
Return and deletion on termination
On termination, or at the Church's request, we will delete or return the Church's congregant data, subject to routine backups that age out and to records we must retain by law.
Version dpa.v1 · Last updated 2026-07-01.