Privacy Policy

Reference Document

Privacy Policy

Be Well Church Ministry · Private Membership Association · Effective June 2026 · Applies to evokemagic.org and community.evokemagic.org

This Privacy Policy describes how Be Well Church Ministry and its Private Membership Association (collectively "the Ministry," "Evoke," "we," or "us") collect, use, and protect information in connection with our websites and member platform. We have written this to be direct and plain. If something is unclear, contact us at [email protected].

The short version is at the top. The full version follows in numbered sections.

You choose what we know

We collect only what you provide. Your legal name is not required. You may use any name you choose for your member account. We do not verify identity against external records.

Payment data is never stored here

Billing information is processed entirely by our payment processors. Card numbers, bank details, and payment credentials are never transmitted to or stored on Ministry servers at any point.

Your data stays inside the PMA

Member information is held within the private domain of the association. We do not sell, license, or share your data with third parties for commercial purposes. Ever.

No advertising. No tracking.

We do not run advertising on our platforms. We do not use advertising cookies or tracking pixels. We do not share data with ad networks or data brokers.

You are in control

You may access, correct, or request deletion of your personal data at any time. Contact [email protected]. We will respond within seven days.

PMA protections apply

Member records are held within the private domain of the association. They are not subject to the public disclosure requirements that govern commercial businesses or 501(c)(3) organizations.

Section 1

Who This Policy Applies To

This policy applies to all visitors to evokemagic.org (our public site), all registered members of community.evokemagic.org (our member platform), and anyone who contacts the Ministry by any means. It applies regardless of where you are located. Where specific laws — such as the California Consumer Privacy Act — grant additional rights, those are addressed in the relevant sections below.

Section 2

What Information We Collect

We collect only what is necessary to administer your membership and deliver the services you have requested. The table below describes each category, what it includes, and whether it is stored on Ministry servers.

Category What it includes Stored by us
Account information

The name (any name you choose — your legal name is not required), email address, and password you provide when creating your account. We do not require or verify your legal name. You may use a chosen name, a spiritual name, initials, or any identifier you are comfortable with.

Yes — on our servers
Profile information

Information you voluntarily add to your member profile: bio, archetype selection, personal intention, interests, and journey markers. You control what appears here. You may leave any field blank. Public profile fields are visible to other members; private fields are visible only to you.

Yes — on our servers
Participation data

Records of your activity within the platform: forum posts, practice log entries, points earned, tokens acquired and redeemed, badges earned, membership level, and community interactions. This data is used to administer the rewards system and membership levels.

Yes — on our servers
Communications

Messages you send to the Ministry via email or the support system. Private messages between members sent through the platform. We retain communications for account administration and dispute resolution purposes.

Yes — on our servers
Transaction records

Records of token acquisitions and Apothecary orders: date, amount in tokens, items, and delivery address where applicable. No payment card data or bank information is included in these records. Payment processing is handled entirely by third-party processors — see Section 7.

Yes — transaction records only
Technical data

IP address, browser type, device type, and pages visited — collected automatically when you visit our websites. Used in aggregate to understand how the platform is used and to maintain security. Not used to identify you individually.

Yes — aggregate and anonymized
Payment data

Card numbers, bank account details, billing addresses, and any other payment credentials. None of this information is transmitted to or stored on Ministry servers at any point. It is entered directly into and processed by our payment processors under their own security standards.

No — never stored here
Citizen science data

Self-report instrument responses submitted through the citizen science programme, if you choose to participate. Collected under separate informed consent. Anonymized immediately upon submission. Never associated with your member identity in any external report or analysis.

Anonymized only
Section 3

What We Do Not Collect

The following is a direct statement of what we do not collect, store, or hold.

  • Your legal name. We do not ask for it. We do not require it. The name on your account is whatever you choose to provide. We make no effort to verify it against any external record.
  • Government-issued identification. We do not collect, request, or store passport numbers, driver's license numbers, Social Security numbers, or any other government-issued identifier.
  • Payment credentials. Credit card numbers, debit card numbers, bank account details, and billing addresses are entered directly into our payment processors and never pass through or reside on Ministry servers.
  • Sensitive health or medical records. We do not create or maintain medical records. Information you voluntarily share in community spaces or practice logs is your own — it is not classified, analyzed, or treated as a health record.
  • Data for advertising. We collect no data for the purpose of targeting advertisements. We run no advertising and use no advertising networks.
  • Location data beyond what you volunteer. We do not use GPS data or precise location tracking. If you provide a shipping address for an Apothecary order, that address is stored only for fulfillment and retention purposes — it is not used to track your location.
  • Biometric data. We do not collect fingerprints, facial recognition data, voice prints, or any other biometric identifiers.
Section 4

How We Use Information

We use the information we collect for the following purposes only:

  • Administering your membership. Creating and maintaining your account, tracking your membership level, processing token transactions, and delivering Apothecary orders.
  • Operating the rewards system. Calculating and crediting points and tokens based on your participation activity, tracking streaks and milestones, and displaying your balance.
  • Communicating with you. Sending transactional emails related to your account and orders, newsletters you have subscribed to, and responses to your inquiries.
  • Operating and improving the platform. Understanding aggregate usage patterns, identifying technical issues, maintaining security, and developing new features.
  • Citizen science research. If you participate, anonymizing and aggregating your self-report data for research purposes under your separate informed consent.
  • Legal and compliance purposes. Maintaining records required by accounting standards, responding to valid legal process directed to the Ministry, and enforcing our Membership Covenant.

We do not use your information for any purpose not listed above without your explicit consent.

Section 5

PMA Framework and Your Data

Evoke operates as a Private Membership Association. This has specific implications for how your data is handled that are worth stating plainly.

The core principle

Your member records exist in the private domain

Member information held by the Ministry is not subject to the public disclosure requirements that apply to commercial businesses, publicly traded companies, or standard nonprofits filing Form 990. The Ministry's internal records are private association records protected by the First Amendment right of association and the religious liberty protections applicable to Be Well Church Ministry's 508(c)(1)(a) status.

This means: a data broker cannot purchase your information from us. A commercial advertiser cannot access it. A government agency does not have automatic access to it. Your records exist in a protected private space — not because we are hiding anything, but because that is precisely what the PMA structure is designed to provide.

What the PMA framework does not protect against: A valid court order or other compelled legal process directed specifically to the Ministry with proper jurisdiction may require disclosure of specific records. In that event, we would notify the affected member to the extent permitted by law before complying. We would comply only with the specific request and produce no more than is required.

Your name and identity: Because we do not require your legal name, the association between your member account and your legal identity exists only if you chose to provide that information. If you used a chosen name and a dedicated email address, the Ministry's records contain no information that could be linked to your legal identity by a third party.

Section 6

Who We Share Information With

We do not sell, rent, or license your personal information to any third party. We share information only in the following limited circumstances:

  • Payment processors. We transmit the minimum information necessary for payment processing. See Section 7.
  • Email delivery providers. We use Brevo (formerly Sendinblue) to deliver email communications. Your email address and name are shared with Brevo solely for the purpose of sending you messages you have consented to receive. Brevo does not use this data for its own commercial purposes under our agreement.
  • Hosting and infrastructure providers. Our platform runs on servers operated by Bluehost and Cloudways (DigitalOcean). These providers store the data on our platform under their own security standards. They operate as data processors under our direction and do not have independent rights to use your data.
  • Legal process. As described in Section 5, we may be compelled to produce specific records in response to valid legal process directed to the Ministry.
  • With your consent. If you explicitly consent to any other sharing — for example, if we pursue an institutional research partnership and you provide separate consent for your anonymized data to be shared — we will do so only under that specific consent.

Under no circumstances do we share your data with advertising networks, data brokers, social media platforms for advertising purposes, or any entity for commercial use of your personal information.

Section 7

Payment Processing

The key fact

Your payment credentials never touch our servers

When you complete a transaction — whether acquiring tokens through a charitable contribution or purchasing through the Apothecary — payment is processed by PayPal or another payment processor operating independently of the Ministry's platform. You enter your payment details directly into the payment processor's interface. Those details are encrypted by the processor before transmission and are never sent to, stored on, or accessible from Ministry servers at any point in the process.

What the Ministry does receive from the payment processor is a transaction confirmation: the amount, the date, and a reference number. This is the only payment-related information stored in Ministry records. It contains no card number, no bank account number, no CVV, no billing address.

The payment processors we use — including PayPal — operate under their own privacy policies and security standards. Their handling of your payment data is governed by their policies, not ours. We encourage you to review their privacy policies for information about how they handle payment data.

Section 8

Cookies and Tracking

Essential cookies. Both our public and member sites use essential cookies to maintain your session, keep you logged in, and remember basic preferences. These cookies are necessary for the platform to function. You cannot opt out of essential cookies while using the platform.

No advertising cookies. We do not use advertising cookies, tracking pixels, or any technology that tracks your behavior across other websites for advertising purposes.

Analytics. We may use basic, privacy-respecting analytics to understand aggregate traffic patterns on our public site — how many visitors, which pages are most read, general geography. Any analytics we use are configured to anonymize IP addresses and not to track individual visitors across sessions. We do not use Google Analytics on the member platform.

Third-party embeds. If we embed third-party content — such as a video player — on our pages, that third party may set its own cookies. We limit third-party embeds and review them for privacy implications before use.

Your choices. Your browser allows you to control and delete cookies. Deleting session cookies will log you out of the member platform. Deleting analytics cookies will not affect your access to content.

Section 9

How Long We Keep Information

Active members. We retain your account information, profile, participation data, and transaction records for the duration of your active membership.

After membership ends. Following termination of membership — whether voluntary or by the Ministry — we retain records for a period of three years for accounting and legal compliance purposes, then delete them. Communications and support records are retained for two years after the last interaction.

Deletion requests. You may request deletion of your personal data at any time by contacting [email protected]. We will delete what we are legally permitted to delete promptly and inform you of anything we are required to retain and for how long. Transaction records necessary for accounting compliance may be retained for up to seven years regardless of a deletion request.

Anonymized data. Anonymized, aggregate data — including any de-identified citizen science contributions — may be retained indefinitely as it cannot be linked to any individual.

Section 10

Security

We take reasonable technical and organizational measures to protect the information we hold. These include: SSL/TLS encryption for all data in transit; encrypted passwords stored using industry-standard hashing; server-level security through our hosting providers; Wordfence security monitoring on both platforms; regular backups with offsite storage; and restricted administrative access.

No system is perfectly secure. We cannot guarantee that unauthorized access, breach, or data loss will never occur. If a breach occurs that affects your personal data, we will notify you promptly — within 72 hours of becoming aware — with information about what was affected and what we are doing about it.

Your responsibility. You are responsible for maintaining the security of your account credentials. Use a strong, unique password. Do not share your login with others. Contact [email protected] immediately if you believe your account has been compromised.

Section 11

Your Rights

Regardless of where you are located, we extend the following rights to all members and users. To exercise any of these rights, contact [email protected]. We will respond within seven days.

Right to access

You may request a copy of the personal data we hold about you. We will provide it in a readable format within seven days of your request.

Right to correction

You may correct inaccurate information in your account at any time through your account settings, or by contacting us directly.

Right to deletion

You may request deletion of your personal data. We will delete what we are legally permitted to delete and explain what we must retain and why.

Right to portability

You may request your account data in a structured, machine-readable format to transfer to another service.

Right to object

You may object to any processing of your data that is not strictly necessary for your membership or required by law. We will honor that objection or explain why we cannot.

Right to withdraw consent

Where processing is based on your consent — such as newsletter subscriptions or citizen science participation — you may withdraw consent at any time without affecting your membership.

Right to opt out of communications

You may opt out of non-transactional communications (newsletters, community digests) at any time via the unsubscribe link in any email or through your account settings. Transactional emails related to your account activity cannot be disabled while your membership is active.

Section 12

Minors

Membership is open only to individuals who are 21 years of age or older. We do not knowingly collect personal information from anyone under the age of 21. If we become aware that a member is under 21, we will terminate that membership and delete associated data promptly. If you believe a minor has created an account, please contact [email protected].

Section 13

California Residents

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). In addition to the rights described in Section 11, California residents may:

  • Request disclosure of the specific pieces of personal information we have collected about you in the past 12 months.
  • Request disclosure of the categories of personal information collected, the purposes for which it was collected, and the categories of third parties with whom it was shared.
  • Opt out of the sale or sharing of personal information. We do not sell or share personal information, so this right is not practically applicable, but it exists.
  • Not be discriminated against for exercising any CCPA rights.

To submit a CCPA request, contact [email protected] with the subject line "CCPA Request." We will verify your identity and respond within 45 days as required by law.

Section 14

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will update the effective date at the top of this document and notify active members by email with reasonable advance notice before the changes take effect.

Continued use of the platform after the effective date of an updated policy constitutes acceptance of the updated terms. If you do not accept an update, you may terminate your membership in accordance with Section 12.1 of the Membership Covenant.

We will not make changes that materially reduce your privacy protections without explicit notice and, where required, renewed consent.

Section 15

Contact

For any question, request, or concern relating to this Privacy Policy or the handling of your personal data, contact us at:

Be Well Church Ministry
Privacy inquiries: [email protected]
Response time: within seven business days
For CCPA requests, include "CCPA Request" in the subject line.
For data deletion requests, include "Data Deletion" in the subject line.

Share this: