ProductHow It WorksFeaturesPrivacyPricingFAQ
Sign InStart TendWell

Legal

TendWell legal terms, privacy, and church-data responsibilities

One clear place for the rules and boundaries that matter before a church enters real pastoral-care information: terms of use, privacy, data processing, security, exports, cookies, children and youth, retention, and important limits.

Last updated: May 26, 2026 · Legal version: 2026-05-26

Legal terms in effect

Clear boundaries for churches entering real care data.

Product terms, not church legal advice

These terms govern TendWell use, but they do not replace your church’s own legal, safeguarding, reporting, or confidentiality obligations.

Not a crisis system

TendWell is not an emergency, medical, therapy, legal, abuse-reporting, or mandatory-reporting system.

Terms of Use

TendWell organizes church care work. By creating an account, accepting an invitation, or using TendWell, users agree to use it responsibly and only with proper church authorization.

  • TendWell helps authorized church users organize people, households, visits, prayer requests, visitor follow-up, care tasks, reports, exports, and related workflows.
  • Users must provide accurate account information, keep credentials private, use individual accounts rather than shared logins, and promptly report unauthorized access.
  • Owners and admins are responsible for inviting only trusted users, assigning appropriate roles, removing unneeded access, revoking stale invitations, and reviewing sensitive activity.
  • Users may not use TendWell for unlawful, abusive, harassing, deceptive, invasive, exploitative, spam, malware, scraping, probing, reverse engineering, or access-control bypass activity.
  • TendWell may suspend or terminate access when needed to protect churches, users, data, the service, or legal obligations. Churches should export needed data before cancellation where possible.

Church Responsibility

The church controls what it chooses to enter, who may see it, and how it is governed outside the app.

  • The church remains responsible for pastoral judgment, confidentiality, consent, reporting duties, retention, deletion, exports, offboarding, staff/volunteer policies, and compliance with laws that apply to its ministry.
  • The church must decide what information it is permitted to enter about members, visitors, households, children, youth, volunteers, staff, and other people.
  • The church should use public/shared fields only for wording that is safe to share and private fields for restricted pastoral context.
  • The church should train users before entering sensitive real data, especially around public prayer wording, private pastoral context, role access, exports, and deletion.
  • TendWell does not replace denominational policy, church governance, legal advice, professional counseling, medical care, or mandated-reporting procedures.

Important Limits

TendWell is useful software, not a crisis system or professional advice system.

  • TendWell is not an emergency, crisis-response, suicide-prevention, abuse-reporting, mandatory-reporting, medical-record, therapy, counseling-record, or legal-record system.
  • If someone may be in danger, users must use appropriate emergency, civil, pastoral, safeguarding, and mandated-reporting channels outside TendWell.
  • Users should not enter payment card numbers, Social Security numbers, medical-record numbers, explicit abuse evidence, or unrelated sensitive identifiers unless TendWell later provides a specific approved workflow.
  • Reports, reminders, dashboards, and exports are workflow aids. They may contain errors or omissions and should be reviewed by responsible church leaders.
  • No internet service can guarantee perfect uptime, perfect security, or perfect record availability. Churches should maintain their own governance and backup expectations.

Privacy Policy

TendWell stores sensitive church and pastoral-care information only to provide, protect, support, and improve the service.

  • TendWell may store account information, church workspace information, users, roles, invitations, people, households, contact details, care notes, visit records, follow-up tasks, prayer requests, visitor submissions, reports, exports, audit events, operational logs, error reports, and support communications.
  • TendWell uses information to authenticate users, maintain church workspaces, enforce organization boundaries, show dashboards, create requested exports, support workflows, audit sensitive actions, prevent abuse, diagnose errors, and respond to support or legal requests.
  • TendWell does not sell church data, use pastoral-care records for advertising profiles, or train AI models on church data unless a future feature and policy expressly say so with appropriate church controls.
  • TendWell may use trusted providers for hosting, database, authentication, monitoring, email, backup, security, support, payment, and operations. Provider categories and material provider changes should stay documented for church review.
  • Privacy rights vary by location. Depending on applicable law, users or churches may have rights to access, correct, delete, export, or restrict certain information after authority is verified.

Data Processing

Churches control the records they enter; TendWell processes those records to operate the service.

  • Church data includes information submitted to a TendWell workspace, including account records, organization settings, people, households, care notes, prayer requests, visitor records, tasks, reports, exports, audit events, and support communications.
  • TendWell processes church data according to product workflows, account settings, user actions, security controls, support requests, legal obligations, and these legal terms.
  • TendWell should not use church data for unrelated advertising, resale, or model training without a separate explicit product and legal basis.
  • TendWell may use subprocessors and infrastructure providers where needed to host, secure, monitor, support, back up, and operate the service.
  • If TendWell offers a signed data processing addendum or written order form, that written document controls any conflicting data-processing terms for that church.

Security and Access

TendWell is built around organization-scoped access, role boundaries, and careful handling of exports and private fields.

  • TendWell uses organization-scoped data, role-based permissions, row-level security, assigned-helper boundaries, audit events, MFA support for sensitive actions, security headers, rate limits, and monitoring safeguards.
  • Public prayer-list exports are intended to use public-safe fields and exclude private pastoral context, private care notes, and internal details.
  • Export audit records should record safe metadata such as export type, format, and row counts without storing raw private export contents in audit metadata.
  • Users must protect accounts, use strong passwords, enable MFA where appropriate, remove unused access, and report suspected unauthorized access promptly.
  • Security concerns should be sent to security@pastoros.com with only the information needed to understand the issue. Do not access, alter, download, or share data that does not belong to you.

Exports, Retention, and Deletion

Downloaded files leave TendWell's protection and must be governed by the church.

  • When users export CSV, Markdown, ICS, JSON, or other files, those files leave TendWell's application boundary. The church and user are responsible for reviewing, storing, sharing, encrypting, and deleting exported files appropriately.
  • Owners or admins may export supported organization data where the product provides it. Full workspace closure, backup deletion, and exceptional deletion requests may require support.
  • Record deletion, member deactivation, invitation revocation, and export flows may be available in the app, but churches should decide when to archive, delete, or retain pastoral records.
  • Backups, logs, and audit records may remain for a limited period where needed for security, reliability, legal, or operational reasons.
  • TendWell provides church data exports, encrypted recovery package workflows, checksum manifests, and verification tools for authorized owners and admins.
  • Churches should store downloaded exports and recovery packages according to their own confidentiality, retention, access, and offboarding policies.
  • Before making TendWell a primary long-term care record, the church should confirm who may create recovery packages, where those files are stored, who keeps passwords, and how records are retained or removed.

Cookies and Tracking

TendWell should keep tracking minimal for a trust-sensitive church product.

  • TendWell may use necessary cookies or similar technologies for authentication, sessions, security, abuse prevention, preferences, and ordinary app operation.
  • TendWell should not use advertising cookies or cross-site marketing pixels without updating these terms and adding any required notice, consent, or opt-out mechanism.
  • Operational logging and error reporting should avoid intentional capture of private pastoral content.
  • Browser settings may block or delete cookies, but blocking necessary cookies may prevent sign-in, security checks, or app features from working.
  • If analytics are added later, the product should name the tool, explain the purpose, and keep the implementation aligned with this legal page.

Children and Youth

TendWell is for authorized adult church users, while church records may sometimes involve children or youth.

  • TendWell is not directed to children and should not be used by children as account holders.
  • Churches may enter limited information about children or youth only when they are authorized to do so for legitimate church care, attendance, household, visitor, or follow-up purposes.
  • Churches remain responsible for parental notice, consent, safeguarding, youth-ministry policies, reporting duties, and record handling that may apply.
  • Users should avoid unnecessary sensitive detail about children or youth and should keep private context restricted to appropriate roles.
  • Any child/youth-specific workflow should receive separate church and legal review before it is offered.

Billing, Availability, and Liability

Paid plans should be clear, and the service should not overpromise uptime or legal protection.

  • Public plan prices and the 40-day trial are shown on the pricing page. TendWell does not require a long-term contract for the public plans described there.
  • Cancel anytime. Monthly plans remain available through the paid month, and yearly plans remain available through the paid year already purchased.
  • Any subscription checkout or order form defines taxes, renewals, refund terms, plan limits, payment processing, and support expectations before payment.
  • TendWell aims to provide reliable service, but uninterrupted availability is not guaranteed.
  • TendWell is provided as a practical software tool and does not warrant that records, reports, workflows, reminders, or exports will be error-free or suitable for every church situation.
  • To the fullest extent permitted by law, TendWell disclaims implied warranties and is not responsible for indirect, incidental, consequential, special, punitive, or lost-data damages arising from use of the service.
  • Material changes to these terms will be posted here with an updated date.

Questions and requests

Privacy, account, deletion, export, and legal questions can be sent to legal@pastoros.com.

Security reports

Security concerns should be sent to security@pastoros.com. Include only what is needed to understand the issue.