Privacy Policy

Last updated: July 3, 2026

1. Who We Are

M2819 is a product of Cortext IO LLC, located at 188 Highland Park Drive, Birmingham, AL 35242. M2819 provides an event management platform for churches and ministries. This policy describes how we collect, use, protect, and retain personal information. For most event data, the church or ministry running the event is the data controller and M2819 is the processor; questions about a specific event's data should go to the organization hosting it.

2. Information We Collect

Account data: name, email address, and organization details for administrators and team members.

Registration data: names, contact details, dates of birth, dietary restrictions, and event-specific details for registrants and their family members, collected on behalf of the organization hosting the event.

Sensitive data: medical information, allergies, emergency contacts, and travel document numbers (e.g., passports) when an event requires them. These fields are encrypted at the application level before storage (see Section 5).

Children's data: collected only through a parent or guardian acting as the registrant, and minimized to name, age/grade, and dietary/medical information necessary for event safety (see Section 6).

Payment data:M2819 does not accept or process payments from event registrants. Registrant payments, where an event requires them, are handled directly between the registrant and the hosting organization and are outside M2819's systems. M2819 processes only subscription payments from the organizations that subscribe to our platform. These subscription payments are processed by Stripe; we never store payment card numbers and retain only subscription payment status and ledger records.

3. How We Use Information

We use personal information to operate events (registration, volunteer coordination, meal planning, travel logistics), to send event-related communications on behalf of organizations (email, and SMS only with opt-in consent), to secure and audit the platform, to process organization subscriptions, and to provide support. We do not sell personal information.

4. Service Providers (Subprocessors)

We rely on the following providers to operate the platform, each receiving only the data needed for its function: Google Cloud Platform (hosting, storage, databases), Firebase (authentication), Stripe (subscription payment processing), MailerSend (email delivery), Twilio (SMS delivery, opt-in only), Google Gemini (AI meal planning — dietary and allergen data), Duffel (flight search and booking), and Cloudflare (DNS, content delivery, DDoS protection).

5. How We Protect Information

Data is encrypted in transit (TLS 1.2+) and at rest. Sensitive fields — medical information, allergies, emergency contacts, and travel document numbers — are additionally encrypted at the application level with AES-256-GCM using per-organization derived keys, so one organization's key cannot decrypt another's data. Access is role-based, personal information is masked in system logs, and writes to sensitive records are audit-logged.

6. Children's Privacy (COPPA)

Children never interact with M2819 directly. Information about children under 13 is provided by a parent or guardian during registration, and organizations using the platform confirm they have parental consent. We collect only what event safety requires: name, age/grade, and dietary/medical information. We do not collect children's social media handles or publish children's photos without explicit parental consent.

7. Data Retention

Event and registration data is retained for the life of the hosting organization's account and deleted upon verified request. Security audit records are retained for up to 7 years. Uploaded files are stored in organization-scoped storage and accessed via time-limited links.

8. Your Rights and Choices

You may request access to, correction of, or deletion of your personal information. For data collected by an organization through its event, we will refer or coordinate your request with that organization.

9. Cookies and Analytics

M2819 does not use cookies or similar client-side tracking technologies. Sign-in and session management rely on secure tokens rather than cookies. We use internal, non-cookie-based tracking to operate, secure, and improve the platform. We do not use third-party analytics tooling. If we introduce cookies or third-party analytics in the future, we will update this section and notify account owners of material changes.

10. Changes to This Policy

We reserve the right to change this privacy policy at any time. We may update this policy from time to time, and any changes become effective when posted. We will notify account owners of material changes and update the “Last updated” date above.

11. Contact

Privacy questions or requests? Email [email protected] or use our contact form.

See also our Terms of Service.