Trust Center
Worthy of the trust your community places in you.
A parish holds sacred information — the names of the sick, children in faith formation, gifts given quietly, a family's first hesitant step back. Nave treats that data the way you do: with confidentiality, care, and respect for the dignity of every person. Here's exactly how.
Privacy by default
No ads, no trackers, no selling or renting of data — ever. One parish's information is never shared with another. We collect what the parish's ministry needs, and nothing more.
Security in depth
Every record is isolated per parish at the database level and gated by row-level security. Data is encrypted in transit and at rest, and access follows least-privilege roles.
Your data is yours
The parish owns everything it enters. Export it whenever you want, and have it permanently deleted on request. We're a steward of your data, not its owner.
Dignity in every language
Every parishioner is met in the language they pray in. Translation serves the community's welcome — it is never used to profile or surveil the people you serve.
Responsible AI
AI translates only the content your parish writes. Your data is never used to train anyone's models, and human-reviewed translations are always honored over the machine.
Care for the vulnerable
Children's information, safe-environment records, and sacramental records carry extra protection and the tightest access — because they hold the trust of the most vulnerable.
Security
How we protect your parish's data
Tenant isolation
Nave is multi-tenant by design, but every parish's data is walled off from every other parish at the database layer. Row-level security policies — not just application code — enforce that a parish can only ever read and write its own records. A request that isn't authorized simply returns nothing.
Authentication & sessions
Sign-in is handled by a dedicated, industry-standard authentication system with confirmed email addresses and secure, server-validated sessions. Being signed in is always distinct from being authorized — both are checked on every protected page.
Least-privilege access
Roles (pastor, staff, finance, ministry leader, member, and more) grant only the access each person needs. The most sensitive areas — finances, safe-environment compliance, the household census — are restricted to the parish office, and Nave staff do not browse parish data.
Encryption & backups
All traffic is encrypted with TLS in transit, and data is encrypted at rest on managed, audited cloud infrastructure with automated backups. We rely on platforms whose own security posture is independently certified (see Infrastructure below).
Ownership
The parish owns its data
It belongs to you
Registrations, prayer intentions, donations, sacramental requests, the directory — everything a parish and its people enter belongs to the parish, governed by the parish's agreement with Nave. We never sell it or use it for advertising.
Export & portability
Your records are yours to take with you. We provide exports of your parish's data on request so you're never locked in — trust is earned by being easy to leave, not hard.
Deletion & retention
We keep data only as long as it serves the parish's ministry. Individuals can ask what we hold, correct it, or have it deleted; parishes can request full deletion of their data when they leave.
Artificial intelligence
How Nave uses AI — and where it stops
Only your content, only to translate it
Nave's AI exists to make a parish's own words available in every language its community speaks. It translates the content you author — Mass times, bulletins, ministry pages — and nothing else. It does not read parishioner messages, confessions of need, or private records to 'learn.'
Your data never trains a model
Translation runs through enterprise providers whose terms prohibit using your data to train their models. Your parish's content is processed to give you a result and is not retained to improve anyone's AI.
Humans stay in charge
Machine translations are clearly a starting point. A parish can review and correct any translation, and a human-edited version is never overwritten by the machine. Languages are turned on only when the parish chooses them.
Compliance
Standards we hold ourselves to
Payments (PCI DSS)
Online giving is processed by Stripe, a certified Level 1 PCI Service Provider. Card and bank details go directly to Stripe and never touch Nave's servers, so the parish's exposure is minimized by design.
Privacy rights
We honor the access, correction, and deletion rights that modern privacy laws (such as the CCPA/CPRA) extend to individuals — for everyone, regardless of where they live. There is no dark pattern to wade through; just email us.
Children & the vulnerable
Parishes minister to minors. We treat children's information as sensitive, keep safe-environment and background-check records tightly restricted, and look to the parish and its diocese for the consent and norms that govern young people's data.
Accessibility
Every page — public site and back office alike — is built mobile-first and we are working toward WCAG 2.1 AA, because a parish's welcome should reach people on any device and of any ability.
Diocesan alignment
Nave is built to fit within a diocese's data-protection norms, not fight them. We're glad to review a diocese's requirements and sign the agreements that chancery data stewardship calls for.
Infrastructure
Who helps us run Nave
We build on a small set of trusted, independently-certified providers and tell you exactly who they are and what each one handles. We add a new one only when it serves the parish, and never sell access to your data.
| Provider | Purpose | What it handles |
|---|---|---|
| Supabase | Database, authentication, and secure storage | All parish & parishioner records |
| Vercel | Application hosting and content delivery | Page requests; no database storage |
| Stripe | Online giving / payment processing | Donor & payment details (card data never reaches Nave) |
| Google Cloud Translation | Machine translation of parish content | Only the content text being translated |
| Anthropic | AI assistance for content & translation | Only the content being processed; not used for training |
| Resend | Transactional email (confirmations, reminders) | Recipient email + message content |
Questions, or something to report?
A real person answers. Write to us about privacy, security, or how your data is handled — and if you're a researcher who's found a vulnerability, we welcome responsible disclosure and will work with you quickly.
Trust Center last updated June 2026. Our Privacy Policy and Terms of Service carry the binding details.