MID TN INSIGHTS LLC (“Provider,” “we,” “us,” or “our”) is a Tennessee limited liability company that develops and operates web-based software services for organizations including churches, faith-based nonprofits, and small businesses in industries such as construction and contracting. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our Services. It applies to our websites, software applications, and any related services (collectively, the “Services”).
By using the Services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of the Services and contact us to have your account closed.
This Privacy Policy is incorporated by reference into the MID TN INSIGHTS LLC Software License and Service Agreement (“LSA”). Capitalized terms not defined herein have the meanings given in the LSA.
1. Scope and Roles
1.1 Provider as Data Processor
When you use our Services as a subscriber organization (“Customer”), you submit data about your members, donors, volunteers, and staff (“End Users”). In that context, you are the data controller and we act as a data processor — we process that data solely on your behalf and according to your instructions as set out in our Software License and Service Agreement (“LSA”).
1.2 Provider as Data Controller
We act as a data controller for information we collect directly from you during account registration, billing, and support interactions, as well as data collected through our own websites (e.g., cookies, analytics).
1.3 Sensitive Data
Depending on the Service and how Customer uses it, data processed through the Services may include sensitive categories of personal information. Examples include, but are not limited to: religious affiliation, pastoral care and health-related notes, financial giving and contribution records, information about minors, and — for business-oriented Services — employee records, client contact information, project financials, and subcontractor data. We treat all such data with heightened care and do not use it for any purpose other than providing the Services to the Customer who submitted it.
2. Information We Collect
2.1 Account and Registration Information
When you create an account, we collect:
- Organization name, type, and address
- Administrator name, email address, and phone number
- Billing contact information and payment method details (processed by our payment processor; we do not store full card numbers)
- Login credentials (passwords are hashed and never stored in plaintext)
2.2 Customer Data (Submitted by Subscriber Organizations)
Through your use of the Services, you may submit personal information about your organizational members, constituents, employees, or clients, including:
- Names, contact information, and household data
- Attendance and participation records
- Financial giving history and donation records
- Pastoral care notes, prayer requests, or other sensitive organizational records
- Information about minors enrolled in programs administered by Customer
- Employee, subcontractor, or client records (for business-oriented Services)
- Project, job site, or contract-related information
- Any other data you choose to enter into the platform
We process this data only as directed by you and do not use it for our own marketing, analytics, or any purpose beyond operating the Services.
2.3 Usage and Technical Data
We automatically collect certain technical data when you access the Services, including:
- IP address, browser type, device type, and operating system
- Pages visited, features used, and session duration
- Error logs and performance diagnostics
This data is used solely for service operation, security monitoring, and product improvement. It is not sold or used for behavioral advertising.
2.4 Cookies and Similar Technologies
We use cookies and similar technologies to maintain user sessions, remember preferences, and understand aggregate usage patterns. We do not use third-party advertising cookies. You may control cookie settings through your browser; disabling certain cookies may affect functionality. A complete list of cookies in use is available upon request.
3. How We Use Information
We use the information we collect for the following purposes:
- Providing, maintaining, and improving the Services
- Processing transactions and managing subscriptions
- Sending transactional communications such as invoices, receipts, and service notices
- Responding to support requests and account inquiries
- Detecting, investigating, and preventing fraud, abuse, and security incidents
- Complying with legal obligations
- Internal analytics and product development (using aggregated, de-identified data only)
We do not use personal data for targeted advertising, and we do not sell personal data to any third party.
4. Information Sharing and Disclosure
4.1 Service Providers
We share information with third-party vendors who help us operate the Services, including:
- Cloud infrastructure and database hosting providers
- Payment processors (who handle billing and, where enabled, donation processing)
- Transactional email and SMS delivery providers
- Application monitoring and error tracking services
All service providers are contractually required to process data only as directed by us, maintain appropriate security measures, and not use data for their own purposes.
4.2 Legal Requirements
We may disclose information if required by law, court order, or government authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Provider, our Customers, or others. We will notify affected Customers of such requests to the extent permitted by law.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of substantially all of our assets, Customer Data may be transferred to the successor entity, subject to the same protections described in this Policy and in the LSA. We will provide advance notice of any such transfer.
4.4 With Your Consent
We may share information for other purposes with your explicit consent.
4.5 No Sale of Data
We do not sell, rent, or trade personal information to any third party for their own marketing or commercial purposes, under any circumstances.
5. Data Retention
We retain Customer Data for as long as the associated account remains active. Following termination or expiration of a subscription, we retain Customer Data for thirty (30) days to allow export, after which it is deleted from production systems in the ordinary course of business. Backups may persist for a limited additional period before being overwritten.
Account and billing records are retained for a minimum of seven (7) years to comply with applicable accounting and tax requirements.
Usage and technical logs are retained for up to twelve (12) months for security and diagnostic purposes.
6. Data Security
We implement industry-standard technical and organizational measures to protect personal information, including:
- Encryption of data in transit (TLS) and at rest
- Access controls limiting data access to authorized personnel on a need-to-know basis
- Regular security reviews and vulnerability assessments
- Secure development practices and code review processes
In the event of a confirmed security breach affecting Customer Data, we will notify the affected Customer without undue delay and in any event within seventy-two (72) hours of confirmation. Notification will include, to the extent known: the nature of the breach, categories of data involved, and steps being taken to address it.
No security system is infallible. Customers are responsible for maintaining the confidentiality of account credentials and promptly notifying us of any suspected unauthorized access.
7. Minors
Our Services are not directed to individuals under the age of 13, and we do not knowingly collect personal information directly from children under 13. Subscriber organizations that use our Services in any capacity involving data about children under 13 are responsible for obtaining any required parental or guardian consents and complying with the Children's Online Privacy Protection Act (COPPA) and any applicable state law. If we become aware that we have inadvertently collected personal information from a child under 13 without appropriate consent, we will take steps to delete it promptly.
8. Your Rights and Choices
8.1 Account Holders
As an account holder, you may at any time:
- Access and update your account information through the account settings
- Request a copy of data associated with your account
- Request deletion of your account and associated data, subject to our retention obligations
- Opt out of non-essential communications
8.2 End Users (Members and Constituents)
Individuals whose data has been entered into the Services by a subscriber organization should direct access, correction, or deletion requests to that organization. We will cooperate with Customer to fulfill verified requests from End Users. Where Customer instructs us to modify or delete specific End User records, we will do so promptly.
8.3 State Privacy Rights
Depending on your state of residence, you may have additional rights under applicable state privacy law, including the right to know what personal information we hold, the right to correct inaccurate information, and the right to opt out of certain processing activities. To exercise any such right, contact us at the address below. We will respond within forty-five (45) days and will not discriminate against you for exercising your rights.
9. Third-Party Services and Links
The Services integrate with or may contain links to third-party services (such as payment processors, accounting platforms, or messaging providers). This Privacy Policy does not cover the practices of third parties. We encourage you to review the privacy policies of any third-party services you use in connection with our platform. We are not responsible for the privacy practices of third parties.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date above and provide notice to active Customers via email or in-app notification at least thirty (30) days before material changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the revised Policy. If you do not agree, you may cancel your subscription before the effective date.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
MID TN INSIGHTS LLC
Email: legal@midtninsights.com
Website: midtninsights.com
This Privacy Policy applies to all Services offered by MID TN INSIGHTS LLC and is incorporated by reference into the MID TN INSIGHTS LLC Software License and Service Agreement.