Privacy Policy · Lambelujah
Skip to main content

Privacy Policy

Last updated: May 31, 2026

Lambelujah is a children's-worship project. We try to handle your data the way we'd want a Sunday-school teacher handling our own family's info — sparingly, honestly, and only when it actually serves you. This page is the plain-language version of what we collect, why we collect it, and the choices you have.

Who we are

Lambelujah is a brand of Love Jesus Software, LLC, a Florida-registered limited liability company at 2715 Parkview Dr, Fort Myers, FL 33901. Lambelujah is the public brand name we use for this music and teaching project. When this page says "we," we mean Love Jesus Software, LLC operating the lambelujah.com website and channel.

How to reach us about your data

For privacy questions, data-rights requests, or anything sensitive, please use our contact form on the home page. We removed the public email address that used to live here because it kept being scraped by spam senders — the contact form lands in the same inbox without exposing the address to bots. We aim to respond within 30 days.

What we collect (and why)

We keep collection narrow and tied to an actual feature. The public site does not require an account, and we do not sell personal data. Some pages may use Pinterest ad/conversion measurement when we are measuring a Lambelujah ad campaign; the admin area also has private OAuth tools for YouTube and TikTok publishing.

1. The contact form (contacts_chirho table)

When you write to us, we save: the name and email you entered, the message itself, your IP address, your browser's user-agent string, the country we get from Cloudflare's request metadata, the submission timestamp, and which page you submitted from. That information is used to read your note, write back to you, and keep records in case you follow up later.

2. Email subscribers (email_subscribers_chirho table)

When you opt in to "new song" emails, we save: your email address, your language preference, your IP and user-agent at the moment you signed up, the consent version you agreed to, the timestamp you subscribed, and a unique unsubscribe token. Subscription is opt-in only — the consent checkbox is unchecked by default, so we only get your data when you actively tick the box and submit the form. Every email contains a one-click unsubscribe link that uses that token to remove you instantly.

3. Optional donations (donations_chirho table)

Downloads are free. If you choose to give through Stripe, we save the Stripe checkout session id, payment intent id when provided, amount, currency, status, the resource or page you were on, and the donor name/email if Stripe gives it to us. We use this for receipts, accounting, fraud prevention, and thank-you records. Stripe processes the payment details; Lambelujah does not receive or store card numbers.

4. Pinterest save tools

If you explicitly connect Pinterest from a Save button or the Sunday School Builder, we store the Pinterest username/user id and OAuth tokens needed to create the board or pin you requested. We do not connect Pinterest unless you start that flow.

5. TikTok admin tools

The TikTok app is an internal Lambelujah administration tool for our own publishing workflow, not a public visitor login. When an authorized admin logs in with TikTok, we may store TikTok's open_id, display name, avatar URL, profile link, scopes granted, access token, refresh token, and token expiration times. We use that only to administer Lambelujah videos on the Lambelujah TikTok account after an admin action.

6. Standard server logs and ad attribution

Like virtually every web server, we keep short request logs (IP, user-agent, request path, timestamp). We use them to debug problems and to recognize abuse patterns (bots hammering a form, etc.). When Pinterest ad measurement is enabled, browser events and server-side conversion events may be sent to Pinterest so we can understand whether an ad led to a free download or resource view.

Cookies and similar things

  • OAuth-state cookies (yt_oauth_state_chirho, pin_user_oauth_state_chirho, and tiktok_oauth_state_chirho) — short-lived, HttpOnly cookies used only to protect OAuth login flows from CSRF.
  • Cloudflare Turnstile — we use Cloudflare's anti-bot challenge on the contact form and email signup so the inbox doesn't drown in spam. Cloudflare's privacy policy applies to that piece.
  • YouTube embeds — every video on the site uses www.youtube-nocookie.com (YouTube's privacy-enhanced mode). No tracking cookies are set unless your child clicks Play. Once Play is clicked, YouTube's own privacy policy applies to that interaction.
  • Pinterest connection (pin_user_session_chirho) — HttpOnly session cookie set only when you explicitly click "Connect Pinterest" from a "Save to Pinterest" button or the Sunday School Builder wizard. We store the Pinterest access + refresh tokens you grant us in our Cloudflare D1 database, keyed by this cookie, and use them only to perform actions you initiate (saving a pin, creating a board you asked for). We never auto-post, follow accounts, send messages, or read your feed. You can disconnect any time using the "disconnect" link in any Save-to-Pinterest dialog — that deletes the database row and clears the cookie. If you never click "Connect Pinterest," none of this happens. Pinterest's privacy policy applies to actions on Pinterest's side.
  • TikTok admin login — the TikTok flow sets only a short-lived OAuth state cookie during login. The resulting OAuth token is stored server-side for the authorized Lambelujah admin account, not in browser storage.
  • Stripe Checkout — if you make an optional donation, Stripe may set its own cookies and process payment data under Stripe's privacy policy.
  • Pinterest tag — where enabled, Pinterest may use cookies or similar technologies for ad measurement under Pinterest's privacy policy.

Strictly necessary security and OAuth cookies are used to make requested features work. Where a region requires consent for non-essential ad measurement, we will honor the applicable consent and opt-out rules.

Children's privacy (COPPA)

The songs are made for children and families, but the interactive forms are written for parents, teachers, grandparents, adult Sunday-school leaders, and authorized Lambelujah admins. Children under 13 should not submit the contact form, email signup, donation flow, Pinterest connection, or admin tools. We do not knowingly collect personal information from children under 13. If you're a parent who believes your child has submitted information to us, please write through the contact form and we'll delete it promptly.

Your rights (GDPR, CCPA, PIPEDA)

Wherever you live, you can ask us to:

  • Access the data we have about you.
  • Correct anything that's wrong.
  • Delete your data ("right to erasure" / "right to be forgotten").
  • Restrict or object to our processing of it.
  • Port a copy of your data to another service.
  • Withdraw consent — every email has one-click unsubscribe; the contact form lets you ask us to delete contact-form entries at any time.

We act on these requests within 30 days. Please use the contact form so we can verify you're the data subject before deleting anything.

How long we keep things

  • Contact-form entries — kept for 5 years for support continuity, then deleted. (If a parent emails about a song their kid loves, we want to find that note a couple of years later when we re-record the song.)
  • Email subscribers — kept until you unsubscribe. After unsubscribe, we keep the record (in unsubscribed state) for 2 years for compliance audit, then anonymize.
  • Server logs — kept only as long as reasonably needed for debugging, security, and abuse prevention, alongside Cloudflare's platform-level logs.
  • Pinterest connection tokens — kept until disconnect or until the session is inactive long enough for cleanup.
  • TikTok admin tokens — kept until an authorized admin clears the connection, revokes the app in TikTok, or the token expires and is no longer useful.
  • Donation records — kept as long as reasonably needed for accounting, tax, fraud-prevention, and dispute records.

Third parties that touch your data

  • Cloudflare — hosts the site at the edge, terminates TLS, runs the Turnstile anti-bot challenge, and stores the database (D1). They are a processor.
  • 2SMTP — sends our transactional email (signup confirmation, "new song" notifications, contact-form auto-replies). They only see what we hand them for that email, such as the destination address, subject, and message body.
  • YouTube — hosts the video content. When you click Play on an embedded video, YouTube's privacy policy applies to that play session.
  • Pinterest — only if you click "Connect Pinterest" from a Save button or the Sunday School Builder. We use Pinterest's official OAuth 2.0 flow (scopes: boards:read, boards:write, pins:read, pins:write, user_accounts:read) to perform actions you explicitly initiate. We store the access + refresh tokens you grant us in our Cloudflare D1 database for as long as your session is active (cleared on disconnect or after 60 days of inactivity). Pinterest's privacy policy governs everything that happens on Pinterest's side.
  • TikTok — only for authorized Lambelujah admins using the private TikTok administration flow. We use TikTok's official OAuth flow to connect the Lambelujah TikTok account, read basic profile information for the connected-account label, and support future video publishing actions initiated by an admin. TikTok's privacy policy applies on TikTok's side.
  • Stripe — processes optional donations. Stripe receives the payment information needed to complete the checkout; we receive only checkout/payment metadata needed for our records.

Where we send data

The site is hosted in Cloudflare's global edge network, so requests are served from the closest Cloudflare data center to you. Data may be processed in any region Cloudflare operates in. Where you're in a region with international-transfer rules (UK, EU, etc.), we rely on our providers' published data-processing terms and transfer safeguards where required.

Security

We use HTTPS everywhere, HttpOnly cookies for OAuth state/session values, Turnstile on public forms to keep bots out, admin basic authentication on private admin pages, and parameterized database queries to prevent injection. Public visitors do not have Lambelujah accounts or passwords.

Changes to this policy

When this policy materially changes (anything that affects what we collect, why, or who we share it with), the date at the top of this page will update and we may notify affected users by email when appropriate or legally required. Cosmetic edits (typo fixes, link cleanup) don't trigger a notification.

Above all: we steward your trust like we'd want our own family's stewarded — sparingly, honestly, and only when it actually serves you. Hallelujah.

See also: Terms of Service.