Privacy Policy
01Introduction
This Privacy Policy explains how Coptic Investment Group LLC ("CIG," "we," "us," or "our"), a Pennsylvania limited liability company, collects, uses, shares, and protects information when you visit our websites or use our products, including CIG One, Coptic Events, CIG Construction, and the CIG Investor Portal (collectively, the "Services").
By using our Services, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Services.
02Information We Collect
Information You Provide
- Account information: name, email, phone number, profile photo, church or organization affiliation
- Investment-related information (CIG One): identification documents for KYC, accreditation status, payment details, signed legal agreements
- Event & community data (Coptic Events): RSVPs, prayer requests, donation history, league participation, photos uploaded
- Member directory details (Coptic Events): date of birth, emergency contact, and home address you add to your profile. Your home address is specially protected — by default it is visible only to you and your parish priest; the priest may grant specific church administrators access, and every time an administrator views an address the access is logged to an audit trail the priest can review.
- Managed child records (Coptic Events): a parent or guardian may create a record for their child under 13 — see Section 9 (Children's Privacy) for exactly what that includes and how it is protected
- Connections data (Coptic Events, adults only): if you opt in to the 18+ members-connections feature, your stated preferences, an anonymized profile, and up to three photos. Your identity is hidden from other participants until you and a match mutually agree to reveal it; photos are shared only at that point, via expiring links. Participation is optional, opt-in, age-restricted to 18+, and subject to clergy/moderation review. Deleting your account removes this data.
- Project & quote inquiries (CIG Construction): contact details, project scope, address, budget range
- Messages you send through contact forms, in-app chat, or support channels
Information Collected Automatically
- Device & usage data: IP address, browser type, operating system, device identifiers, pages viewed, referral source, timestamps
- Cookies & similar technologies (see Section 5)
Information from Third Parties
- Authentication providers (e.g., Apple, Google sign-in)
- Service providers used to verify identity or accreditation
03How We Use Information
We use the information we collect to:
- Provide, operate, and improve the Services
- Authenticate users and administer accounts
- Process investment transactions and maintain required investor records
- Process donations and event registrations
- Send administrative messages, security alerts, and updates
- Respond to inquiries and provide customer support
- Detect, prevent, and address fraud, abuse, or technical issues
- Comply with legal obligations including tax, securities, and AML requirements
- With your consent, send marketing or product updates (you can opt out at any time)
06Data Security & Third-Party Processors
We use industry-standard security measures including encryption in transit (TLS), encrypted storage, role-based access controls, and audit logging. CIG One uses Firebase with strict security rules limiting each member to their own data.
The following third-party providers process limited data on our behalf to operate the Services. Each is bound by their own privacy and security commitments:
- Google Firebase — authentication, encrypted database, file storage, and serverless backend functions. Stores your account profile, signed agreements, and uploaded documents.
- Expo Push Notification Service — delivers push notifications to your device when you opt in. We send Expo a push token tied to your device and the message content; we never share your name or email through this channel.
- Sentry — captures crash reports and error logs from the app to help us diagnose technical issues. Reports include the type of error, the screen you were on, and your user ID; they do not include passwords, signatures, KYC documents, or financial values.
Payments. Paid event registrations, church donations, and premium subscriptions in Coptic Events are processed by Stripe (PCI-DSS compliant). Your card details go directly to Stripe and never touch our servers; we receive only a payment confirmation, the amount, and a transaction reference, which we store against your registration or donation record. Donations to a church are routed to that church's own connected Stripe account. Some organizers also record contributions made outside the app (cash, Venmo, Zelle, etc.) — for those we store only the note the organizer enters. See Stripe's Privacy Policy.
No system is perfectly secure. You are responsible for keeping your account credentials confidential and notifying us promptly of any suspected unauthorized access.
07Data Retention
We retain personal information for as long as your account is active and as needed to provide the Services. After account closure, we may retain certain data:
- Investment, tax, and AML records as required by law (typically 5–7 years)
- Donation receipts and giving statements as required for tax reporting
- Anonymized or aggregated data indefinitely for analytics
You may request deletion of your account and personal data at any time (see Section 8).
08Your Rights & Choices
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your information (subject to legal retention requirements)
- Object to or restrict certain processing
- Receive your data in a portable format
- Withdraw consent for marketing communications at any time
To exercise any of these rights, email us at support@copticinvestmentgroup.com. We will respond within 30 days.
Deleting your Coptic Events account: you can delete your account and its data yourself, instantly, from the app (Profile → Delete Account). Step-by-step instructions are at copticinvestmentgroup.com/coptic-events/delete-account.html.
09Children's Privacy
The investment-related Services (CIG One, Investor Portal) are not directed to anyone under 18. The community Services (Coptic Events) may be used by minors only with parental consent and under the supervision of the church administering the account. The members-connections feature is restricted to adults 18+.
Children under 13 do not create accounts. Instead, a parent or guardian may create a managed child record from their own account so their child can appear on Sunday School rosters and be registered for church activities. A managed record contains only what the parent enters: the child's name, date of birth, gender, church, and optional notes (such as allergies or pickup instructions). The child has no login, no profile of their own, and cannot use chat, messaging, or any social feature. The child's emergency contact and address are the parent's own — we never collect them separately from the child.
Managed records are visible only to the child's parent(s) and the administrators of the child's own church. Consent forms (such as trip permission slips) are signed by the parent on the child's behalf, and the signature records the parent as the signer. When a child turns 13, a church administrator or priest may — with the family — invite them to claim their own account; the parent-managed record is then retired and its history preserved.
A parent may edit or delete their child's record at any time from the app, or request deletion by emailing support@copticinvestmentgroup.com. If we learn we have collected personal information from a child under 13 outside this parent-managed process, we will delete it.
10International Users
Our Services are operated from the United States. If you access them from outside the U.S., your information will be transferred to and processed in the U.S., which may have data protection laws that differ from your country.
11Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Material changes will be communicated via email or a prominent notice in the Services. Continued use after changes take effect constitutes acceptance.
12Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Coptic Investment Group LLC
Email: support@copticinvestmentgroup.com
Web: copticinvestmentgroup.com