Privacy Policy
Effective date: July 15, 2026
Bead ("Bead," "we," "us," or "our") provides software that helps religious education programs manage registration, family records, class scheduling, attendance, announcements, messaging, and optional payments, through our website, web application, and mobile apps (together, the "Service").
This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. We wrote it to be readable — if anything is unclear, contact us at the address at the bottom and we will explain.
Three principles guide everything below:
- We do not sell your data. Not to advertisers, not to data brokers, not to anyone.
- Your program's records belong to your program. Congregations and organizations that use Bead control the information they and their families enter.
- We collect only what the Service needs to work.
1. Who this policy covers
Bead is used by three kinds of people:
- Administrators who run a program for an organization (such as a congregation);
- Teachers and staff who are given access by an administrator;
- Parents and guardians who register their children and stay connected with the program.
When an organization uses Bead to manage its program, that organization decides what information to collect from its families and how it is used. For that program data, the organization acts as the data controller and Bead processes the data on the organization's behalf and under its instructions. For account data and the operation of the Service itself, Bead is the controller.
2. Information we collect
Information you provide
- Account information. Your name, email address, and sign-in credentials. If you sign in with a passkey or magic link, we store the technical data needed to make that work. Passwords are stored only in hashed form; we never see or store passkey biometrics — those never leave your device.
- Profile and contact details. Phone number, preferred language, notification preferences, and an optional profile photo.
- Registration and family records. When a parent or administrator fills out a registration or maintains family records, this can include household details, student names and dates of birth, emergency contacts, authorized pickup people, allergy and medical notes, and answers to any custom fields the organization has added.
- Program records. Class rosters, schedules, attendance records, announcements, and messages sent through the Service.
- Payment information. If an organization collects fees online, payments are processed by Stripe, our payment processor. Card numbers and full payment credentials go directly to Stripe and are never stored on Bead's servers. We receive and store limited transaction details (such as amount, status, date, and the last four digits and brand of a card) so organizations and families can see their payment history.
- Support communications. Anything you send us when you ask for help.
Information collected automatically
- Device and usage data. IP address, browser or device type, operating system, app version, pages viewed, and timestamps. We use this to keep the Service secure and working.
- Push notification tokens. If you enable push notifications in the mobile app, we store the device token needed to deliver them.
- Cookies. We use cookies that are necessary for the Service to function — keeping you signed in and remembering your language preference. We do not use advertising or cross-site tracking cookies.
3. Children's information
Bead exists to serve programs for children, so we treat children's information with particular care.
- Accounts are for adults. Bead accounts may only be created by people 18 or older (or the age of majority where they live). Children do not create accounts and we do not knowingly collect information directly from children.
- Children's records are entered by adults. Information about students — names, birthdates, allergies, emergency contacts, pickup authorizations — is provided by parents, guardians, or program administrators, and is visible only to the child's own parents or guardians and to program staff the organization has authorized.
- Parents stay in control. Parents and guardians can review and update their children's information at any time, and can ask their organization or us to correct or delete it.
If you believe a child's information has been submitted to Bead without appropriate authorization, contact us and we will address it promptly.
4. How we use information
We use the information described above to:
- Provide the Service: registrations, rosters, attendance, schedules, records, and reports;
- Deliver announcements, messages, and reminders through the channels each household chooses — push notification, email, or text message where enabled;
- Process payments through Stripe when an organization collects fees online;
- Keep accounts secure, prevent abuse, and enforce roles and permissions so people only see what they should;
- Respond to support requests;
- Maintain, debug, and improve the Service;
- Comply with legal obligations.
We do not use your information for advertising, and we do not sell or rent it to anyone. We do not use the contents of your program's records — family details, medical notes, messages — to train artificial-intelligence models.
5. How information is shared
- Within your program. Information is visible inside an organization according to the roles and permissions its administrators configure. For example, a teacher can see the roster and relevant safety notes for their own class, and parents see their own family's records.
- Service providers. We use a small number of vendors to run Bead — cloud hosting and database infrastructure, file storage, email delivery, push notification delivery (Apple and Google), and payment processing (Stripe). Each receives only the information needed to perform its function and may not use it for anything else. Stripe's handling of payment data is described in its own privacy policy at stripe.com/privacy.
- Legal requirements. We may disclose information if required by law, subpoena, or other legal process, or when necessary to protect the rights, safety, or property of Bead, our users, or the public — including the safety of a child.
- Business changes. If Bead's operation is ever transferred to a successor (for example, a merger or a transfer of stewardship of the project), your information may be transferred with it, subject to this policy. We would notify you before your information becomes subject to a different privacy policy.
There is no category called "everyone else." We never share program data with third parties for their own marketing or any other purpose.
6. Data retention
We keep information for as long as it is needed to provide the Service:
- Account information is kept while your account is active.
- Program records are kept while the organization's account is active, so programs can maintain year-over-year records.
- When an organization deletes records or closes its account, or a user deletes their account, we delete the associated data within a reasonable period, except where we must retain certain records to comply with legal, tax, or accounting requirements (for example, payment transaction records), or to resolve disputes.
- Backups are purged on a rolling schedule after deletion.
7. Security
We work to protect your information with measures appropriate to its sensitivity, including encryption in transit, encrypted storage, hashed credentials, role-based access controls within each organization, and restricted internal access. No system is perfectly secure, but if we learn of a breach affecting your personal information, we will notify affected users and organizations as required by law — and as a matter of basic respect.
8. Your rights and choices
Wherever you live, we extend the same basic rights:
- Access and portability. You can ask for a copy of the personal information we hold about you.
- Correction. You can update your account details in the app at any time, and parents can update their family's records directly.
- Deletion. You can delete your account, and you can ask us or your organization to delete personal information. Some requests about program records are decided by your organization as the controller of that data; we will support and route such requests.
- Notification choices. You can choose how you receive non-essential notifications — push, email, or text where enabled — or turn them off in your settings. Certain service messages (like a password reset) cannot be disabled.
Depending on where you live, you may have additional statutory rights (for example under the GDPR in Europe or state privacy laws in the United States), including the right to object to processing and the right to lodge a complaint with a supervisory authority. To exercise any right, contact us at the address below. We will respond within the time required by applicable law, and we will never discriminate against you for exercising your rights.
9. International users
Bead is operated from the United States, and information is processed and stored there. If you use the Service from another country, you understand that your information will be transferred to and processed in the United States, where privacy laws may differ from those in your country. Where required, we rely on appropriate safeguards for such transfers.
10. Changes to this policy
If we make material changes to this policy, we will post the updated version here, update the effective date, and notify users through the Service or by email before the changes take effect. Continued use of the Service after changes take effect means you accept the updated policy.
11. Contact
Questions, requests, or concerns about privacy can be sent to:
Bead — carl@carlflood.com
We read everything and respond personally.