Skip to main content

Privacy Policy

Last updated: May 13, 2026

Lambelujah is a children's-worship project. We try to handle your data the way we'd want a Sunday-school teacher handling our own kids' info — sparingly, honestly, and only when it actually serves you. This page is the plain-language version of the privacy commitments we keep on the back end.

Who we are

Lambelujah is a brand of Love Jesus Software, LLC, a Florida-registered limited liability company at 2715 Parkview Dr, Fort Myers, FL 33901. Lambelujah is a DBA registration in process with the Florida Division of Corporations. When this page says "we," we mean Love Jesus Software, LLC operating the lambelujah.com website and channel.

How to reach us about your data

For privacy questions, data-rights requests, or anything sensitive, please use our contact form on the home page. We removed the public email address that used to live here because it kept being scraped by spam senders — the contact form lands in the same inbox without exposing the address to bots. We aim to respond within 30 days.

What we collect (and why)

There are exactly three places we collect anything about you. We don't run analytics tracking — no Google Analytics, no Meta Pixel, no third-party tracking pixels.

1. The contact form (contacts_chirho table)

When you write to us, we save: the name and email you entered, the message itself, your IP address, your browser's user-agent string, the country we get from Cloudflare's request metadata, the submission timestamp, and which page you submitted from. That information is used to read your note, write back to you, and keep records in case you follow up later.

2. Email subscribers (email_subscribers_chirho table)

When you opt in to "new song" emails, we save: your email address, your language preference, your IP and user-agent at the moment you signed up, the consent version you agreed to, the timestamp you subscribed, and a unique unsubscribe token. Subscription is opt-in only — the consent checkbox is unchecked by default per GDPR Article 7, so we only get your data when you actively tick the box and submit the form. Every email contains a one-click unsubscribe link that uses that token to remove you instantly.

3. Standard server logs

Like virtually every web server, we keep short request logs (IP, user-agent, request path, timestamp). We use them to debug problems and to recognize abuse patterns (bots hammering a form, etc.). We don't sell or share these logs.

Cookies and similar things

  • OAuth-state cookie (yt_oauth_state_chirho) — a short-lived, HttpOnly cookie that's only set during admin OAuth flows for CSRF protection. Visitors to the public site never see it.
  • Cloudflare Turnstile — we use Cloudflare's anti-bot challenge on the contact form and email signup so the inbox doesn't drown in spam. Cloudflare's privacy policy applies to that piece.
  • YouTube embeds — every video on the site uses www.youtube-nocookie.com (YouTube's privacy-enhanced mode). No tracking cookies are set unless your child clicks Play. Once Play is clicked, YouTube's own privacy policy applies to that interaction.
  • Pinterest connection (pin_user_session_chirho) — HttpOnly session cookie set only when you explicitly click "Connect Pinterest" from a "Save to Pinterest" button or the Sunday School Builder wizard. We store the Pinterest access + refresh tokens you grant us in our Cloudflare D1 database, keyed by this cookie, and use them only to perform actions you initiate (saving a pin, creating a board you asked for). We never auto-post, follow accounts, send messages, or read your feed. You can disconnect any time using the "disconnect" link in any Save-to-Pinterest dialog — that deletes the database row and clears the cookie. If you never click "Connect Pinterest," none of this happens. Pinterest's privacy policy applies to actions on Pinterest's side.

Because we don't run analytics or advertising trackers, there's no GDPR/ePrivacy cookie banner — there's nothing tracking-related to consent to. The strictly-necessary OAuth cookie above doesn't require consent under ePrivacy.

Children's privacy (COPPA)

The site is appropriate for children ages 2–10, but it does not collect personal data directly from children. The contact form and email signup are written for parents, teachers, grandparents, and adult Sunday-school leaders — they're the ones we expect to fill out a form. We do not knowingly collect personal information from children under 13. If you're a parent who believes your child has submitted information to us, please write through the contact form and we'll delete it the same day.

Your rights (GDPR, CCPA, PIPEDA)

Wherever you live, you can ask us to:

  • Access the data we have about you.
  • Correct anything that's wrong.
  • Delete your data ("right to erasure" / "right to be forgotten").
  • Restrict or object to our processing of it.
  • Port a copy of your data to another service.
  • Withdraw consent — every email has one-click unsubscribe; the contact form lets you ask us to delete contact-form entries at any time.

We act on these requests within 30 days. Please use the contact form so we can verify you're the data subject before deleting anything.

How long we keep things

  • Contact-form entries — kept for 5 years for support continuity, then deleted. (If a parent emails about a song their kid loves, we want to find that note a couple of years later when we re-record the song.)
  • Email subscribers — kept until you unsubscribe. After unsubscribe, we keep the record (in unsubscribed state) for 2 years for compliance audit, then anonymize.
  • Server logs — rotated on the standard Cloudflare retention window.

Third parties that touch your data

  • Cloudflare — hosts the site at the edge, terminates TLS, runs the Turnstile anti-bot challenge, and stores the database (D1). They are a processor.
  • 2SMTP — sends our transactional email (signup confirmation, "new song" notifications, contact-form auto-replies). They only see what we hand them — your email address and the message body — and can't read anything else in our database.
  • YouTube — hosts the video content. When you click Play on an embedded video, YouTube's privacy policy applies to that play session.
  • Pinterest — only if you click "Connect Pinterest" from a Save button or the Sunday School Builder. We use Pinterest's official OAuth 2.0 flow (scopes: boards:read, boards:write, pins:read, pins:write, user_accounts:read) to perform actions you explicitly initiate. We store the access + refresh tokens you grant us in our Cloudflare D1 database for as long as your session is active (cleared on disconnect or after 60 days of inactivity). Pinterest's privacy policy governs everything that happens on Pinterest's side.

Where we send data

The site is hosted in Cloudflare's global edge network, so requests are served from the closest Cloudflare data center to you. Data may be processed in any region Cloudflare operates in. Where you're in a region with international-transfer rules (UK, EU, etc.), the standard contractual clauses with Cloudflare cover that transfer.

Security

We use HTTPS everywhere, HttpOnly cookies for the one OAuth-state cookie we do set, Turnstile on every public form to keep bots out, and parameterized database queries to prevent injection. We don't store passwords because we don't have user accounts on the public site.

Changes to this policy

When this policy materially changes (anything that affects what we collect, why, or who we share it with), current email subscribers will get an email and the date at the top of this page will update. Cosmetic edits (typo fixes, link cleanup) don't trigger a notification.

Above all: we steward your trust like we'd want our own family's stewarded — sparingly, honestly, and only when it actually serves you. Hallelujah.

See also: Terms of Service.