Pylos Privacy Policy

Effective Date: June 27, 2026

Last Updated: June 27, 2026


1. Who We Are

This Privacy Policy explains how Pylos LLC ("Pylos," "we," "us," or "our"), a Texas limited liability company, collects, uses, shares, and protects information when you use our software-as-a-service platform, our website at getpylos.com, our embeddable widgets, podcast feeds, and related services (collectively, the "Service").

This Privacy Policy works alongside our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.


2. Who This Policy Applies To

This Policy describes our practices for three categories of people:

  • Account Holders — staff at churches and organizations who register and use the Service.
  • Visitors — anyone who visits getpylos.com, browses our public church directory, listens to public podcast feeds, or uses our embeddable widgets.
  • People in Sermon Content — pastors, speakers, and others who appear in uploaded sermons. We don't collect this information directly from these individuals; we receive it from Account Holders who upload it.

If you're an Account Holder, the Service involves processing data about other people (your team, your congregants, individuals in sermons). You're responsible for ensuring you have appropriate rights and consents for that data, as described in our Terms of Service.


3. Information We Collect

3.1. Information You Provide

When you create an account or use the Service, we may collect:

  • Account information — name, email address, profile photo (typically obtained through a third-party authentication provider, or through email-based sign-in such as a magic link), organization role.
  • Organization information — church name, denomination, location, address, service times, building photos, logos, and other profile details you provide.
  • Customer Content — sermon recordings (video and audio), transcripts, clips, photos, and other content you upload.
  • Communications — messages you send us via email, support requests, or in-product messages.
  • Payment information — when you subscribe to a paid plan, billing details are collected and processed by a third-party payment processor. Pylos does not store full payment card numbers.

3.2. Information We Generate

In the course of providing the Service, we generate:

  • Transcripts — generated by third-party speech-to-text providers from sermon audio.
  • AI outputs — including sermon boundary detection, clip suggestions, scripture references, speaker identification, summaries, embeddings, and category labels.
  • Account activity records — including processing minutes used, jobs run, errors, and feature usage.

3.3. Information Collected Automatically

When you use the Service or visit our website, we may automatically collect:

  • Device and browser information — IP address, user agent, browser type, operating system, device identifiers.
  • Usage data — pages visited, features used, timestamps, referring URLs, session duration.
  • Technical logs — server logs, error logs, performance metrics.
  • Cookies and similar technologies — including cookies for authentication and security. See §10 below.

3.4. Information from Third Parties

We may receive information about you from third parties, such as:

  • Authentication providers — when you sign in with a third-party identity provider, we receive basic profile information.
  • Payment processors — confirmation of payment status, billing email, and limited payment-method details.
  • External platforms you connect to your account (for example, video publishing platforms) — connection credentials (such as access tokens and refresh tokens) and information necessary to enable the integration you've requested. These credentials are stored securely and used only to maintain the connection you authorized.

3.5. Face Detection in Clip Generation

When you generate vertical clips through the Service, we use computer vision tools (including pose estimation and face detection) to detect and track the position of speakers in video frames so the clip can be framed appropriately (for example, to keep a pastor centered in a 9:16 mobile video).

This processing happens transiently during clip rendering and outputs only pixel coordinates (the speaker's position in the frame). We do not create persistent biometric identifiers, face templates, facial recognition profiles, or face geometry records. We do not use face data to identify individuals across sermons or to match individuals to external databases.

3.6. Speaker Diarization in Transcription

When we transcribe sermon audio (whether from video or audio-only uploads), our third-party transcription provider may identify speaker boundaries — for example, labeling segments as "Speaker 0" or "Speaker 1" to distinguish between multiple speakers. This is temporal segmentation based on audio timing, not voice identification. We do not create voiceprints, voice embeddings, or any biometric voice identifiers. Speaker labels stored in the Service are simple metadata (names and timestamps), not biometric data.


4. How We Use Information

We use information for the following purposes:

  • To provide the Service — including processing sermons, generating transcripts and clips, hosting and distributing content, and operating public surfaces (the church directory, podcast feeds, and embeddable widgets).
  • To operate accounts — including authentication, subscription management, billing, and account communications.
  • To support customers — responding to inquiries, providing technical support, and troubleshooting.
  • To send transactional and service communications — including account notices, billing notices, security alerts, and material updates to our policies.
  • To improve the Service — analyzing usage patterns, debugging, testing new features, and improving accuracy of AI outputs.
  • To train, evaluate, and improve AI/ML models — including models used in the Service and models that may be used in other Pylos products or licensed to third parties. See §6 below.
  • To create Aggregated Data and Derived Data — including statistics, embeddings, model outputs, and other data derived from Customer Content, which we may use for any lawful purpose. See §6 below.
  • For marketing — promoting Pylos using customer names, logos, and excerpts of Customer Content under the license granted in our Terms of Service.
  • For content publishing on Pylos channels — editing, remixing, and publishing sermon clips, highlights, transcripts, and promotional content on Pylos-owned channels (including YouTube, social media, podcast feeds, and websites) under the Content Publishing License in our Terms of Service.
  • For safety, security, and legal compliance — detecting fraud, abuse, and security incidents; enforcing our Terms; and complying with applicable laws and lawful requests.
  • For business operations — including billing, accounting, audit, corporate governance, and similar internal purposes.

We may use information for additional purposes disclosed at the time of collection or with your consent.


5. Public Display of Customer Content

By design, the Service makes Customer Content publicly accessible. This includes:

  • Church profile pages on getpylos.com
  • Sermon listings, video and audio playback, and transcripts on public pages
  • Embeddable widgets that display sermons on church websites
  • Public podcast RSS feeds consumed by podcast platforms
  • URLs that may be indexed by search engines

Public accessibility is a core feature of the Service and is not optional. If you upload a sermon, you should expect it (and any individuals appearing in it) to be publicly viewable. See our Terms of Service for details.


6. AI Training, Aggregated Data, and Derived Data

We may use Customer Content to train, fine-tune, evaluate, and improve machine learning models. This includes models used in the Service today as well as models that may be used in future products, separate offerings, or licensed to third parties.

We may also retain and use Aggregated Data (data combined across customers and stripped of identifying information) and Derived Data (analytics, embeddings, statistics, and other outputs derived from Customer Content) for any lawful purpose, including improving the Service, building new products, conducting research, publishing content, and licensing to third parties.

We use commercially reasonable efforts to ensure that models trained on Customer Content do not output material that directly reproduces identifiable Customer Content to third parties.

Opt-Out: You have the right to ask us to stop using your identifiable Customer Content for AI training and certain other non-essential purposes. To opt out, email luke@getpylos.com. We will honor your request for prospective use of identifiable Customer Content. We are not able to remove your contributions from machine learning models, derivatives, or Aggregated Data already created. Opting out may affect features that depend on AI processing.


7. How We Share Information

We share information in the following circumstances:

7.1. Service Providers

We use third-party providers to deliver the Service. These providers process information on our behalf and are subject to contractual obligations to protect it. Categories of providers include:

  • Cloud infrastructure and hosting — for application hosting, database hosting, content delivery, and storage.
  • Speech-to-text and AI services — for transcription, sermon analysis, and clip suggestions.
  • Authentication providers — for account sign-in.
  • Payment processors — for subscription billing.
  • Email and messaging providers — for transactional and service-related communications.
  • Analytics, monitoring, and observability tools — for understanding usage and improving performance.
  • Backup and disaster-recovery providers — for business continuity.

These providers may process data under their own terms and privacy policies, which Pylos does not control. The specific providers we use change from time to time as we improve the Service. A current list of major providers is available on request to luke@getpylos.com.

7.2. Public Surfaces

As described in §5, Customer Content is publicly accessible by design. Publicly accessible content may be viewed, downloaded, and indexed by anyone, including search engines, podcast platforms, AI crawlers, and third parties whose practices we do not control.

7.3. Marketing

We may use customer names, logos, and excerpts of Customer Content for marketing and promotional purposes, as described in our Terms of Service.

7.4. Aggregated and Derived Data

We may share Aggregated Data and Derived Data with third parties (including for research, analytics, training data, or commercial licensing) without further notice. Such data does not identify individual customers.

7.5. Legal and Safety

We may disclose information when we believe in good faith that disclosure is required by applicable law, regulation, legal process, or government request; to enforce our Terms of Service; or to protect the rights, property, or safety of Pylos, our users, or the public.

7.6. Business Transfers

If Pylos is involved in a merger, acquisition, financing, reorganization, or sale of all or substantially all of its assets, information may be transferred as part of that transaction. We will notify affected customers if a transfer materially changes how their information is used.

7.7. With Your Consent

We may share information for other purposes with your consent.

We do not sell personal information in exchange for monetary compensation in the traditional sense. However, certain practices described above (including AI training, marketing, and aggregated data licensing) may be considered "selling" or "sharing" under California and similar state laws. See §11 for your rights.


8. How Long We Keep Information

We keep information for as long as we need it to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. General retention practices include:

  • Account and Customer Content — retained while your account is active and for a reasonable period thereafter (typically up to 60 days after termination, longer if required for billing, legal, or audit purposes).
  • Backups — retained for up to one year as part of our disaster-recovery program, then deleted in the ordinary course.
  • Server and security logs — retained for a limited period (typically up to 30 days, subject to our hosting provider's policies) for operational and security purposes.
  • Aggregated Data, Derived Data, and AI/ML models — retained indefinitely as permitted by our Terms of Service.
  • Records required by law — retained for the period required by applicable law (for example, tax records).

You may request deletion of your account and Customer Content as described in §11.


9. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect information, including encryption in transit, encryption at rest through our infrastructure providers' built-in encryption, access controls, and monitoring. No system is completely secure, however, and we cannot guarantee the absolute security of information.

If we determine that a security incident has materially affected your information, we will notify you in accordance with applicable law and our Terms of Service.

You are responsible for keeping your account credentials secure. Notify us promptly at luke@getpylos.com if you believe your account has been compromised.


10. Cookies and Tracking Technologies

We use a small number of cookies and similar technologies necessary for the Service to function, including:

  • Authentication and session management — to keep you signed in. Our authentication cookie expires after a limited period.
  • Security — to protect against fraud and unauthorized access.

We may, in the future, add cookies or similar technologies for analytics, performance measurement, or similar purposes. If we do, we will update this Policy.

You can manage cookies through your browser settings. Disabling our authentication cookie will prevent you from signing in.

We honor opt-out preference signals, including Global Privacy Control (GPC), where required by applicable law. You may also exercise your privacy rights as described in §11.


11. Your Privacy Rights

Depending on where you live, you may have rights regarding your personal information. We honor these rights for all US residents, regardless of state.

11.1. Rights You May Have

  • Right to Know / Access — Ask what personal information we have about you and how we use it.
  • Right to Portability — Receive a copy of your information in a portable, machine-readable format.
  • Right to Correct — Ask us to correct inaccurate personal information.
  • Right to Delete — Ask us to delete your personal information, subject to exceptions for information we need to keep for legal, security, or operational reasons.
  • Right to Opt Out of Sale or Sharing — Direct us not to "sell" or "share" your personal information as those terms are defined under applicable state law (see §11.3).
  • Right to Limit Use of Sensitive Personal Information — In some states, you can request that we limit our use of sensitive personal information.
  • Right to Non-Discrimination — We will not discriminate against you for exercising these rights, though we may decline to provide a service that depends on information you've asked us to delete.

11.2. How to Exercise Your Rights

To exercise any of these rights, email luke@getpylos.com with the subject line "Privacy Request" and tell us what you'd like to do. We may need to verify your identity before responding to ensure we don't disclose your information to someone else.

We will respond within the timeframe required by applicable law (typically 30–45 days). If we need an extension, we'll let you know.

You may designate an authorized agent to make a request on your behalf. We may require written authorization or other proof of authority before responding.

11.3. Opt Out of Sale or Sharing

We do not sell personal information for monetary compensation. However, certain practices — including AI training, marketing, and aggregated data licensing — may be treated as "selling" or "sharing" under California, Texas, Virginia, Colorado, Connecticut, Utah, and similar state privacy laws.

To opt out of sale or sharing of your personal information, email luke@getpylos.com with the subject line "Do Not Sell or Share" or use the "Do Not Sell or Share My Personal Information" link in our website footer.

11.4. State-Specific Notes

Some states require specific disclosures:

  • California (CCPA/CPRA): California residents have the rights described above. We do not knowingly sell or share personal information of consumers under 16 without consent. We do not use or disclose sensitive personal information for purposes other than those allowed by CCPA.
  • Texas (TDPSA): Texas residents have similar rights under the Texas Data Privacy and Security Act. As a Texas-based company, we comply with the TDPSA's requirements.
  • Virginia, Colorado, Connecticut, Utah, and other states with comprehensive consumer privacy laws have similar rights, and we honor them.

If you have questions about your specific state's privacy law, contact us at luke@getpylos.com.


12. Children's Privacy

The Service is not directed to children, and we do not knowingly collect personal information directly from anyone under the age of 13.

Customer Content uploaded by Account Holders may include images, voices, or other information of minors (for example, children appearing in sermons, baptisms, or church events). Account Holders are responsible for compliance with the Children's Online Privacy Protection Act (COPPA), the Texas SCOPE Act, and any other applicable child privacy laws, including obtaining verifiable parental or guardian consent before uploading such content. See our Terms of Service.

If we learn that we have inadvertently collected personal information directly from a child under 13 without parental consent, we will delete that information promptly. To report a concern, email luke@getpylos.com.


13. Geographic Scope

The Service is intended for use by churches and organizations located in the United States. If you access the Service from outside the United States, you do so at your own initiative and are responsible for compliance with local laws. By using the Service, you consent to the transfer, processing, and storage of your information in the United States, where privacy laws may differ from those in your jurisdiction.

We do not direct the Service to individuals in the European Economic Area, the United Kingdom, Switzerland, or other regions outside the United States.


14. Third-Party Sites and Services

The Service may contain links to third-party websites (for example, podcast platforms or church websites that embed Pylos widgets). We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing them with information.

If you connect your Pylos account to a third-party service, the third party will have its own privacy practices that govern that connection.


15. YouTube API Services

The Service uses YouTube API Services to allow Account Holders to publish sermon videos directly to their church's YouTube channel. By connecting a YouTube channel to the Service, you also agree to be bound by the YouTube Terms of Service.

15.1. Data We Access and Store

When you connect your YouTube channel, we request permission to upload videos and read basic channel information. Specifically, we access:

  • YouTube channel ID and channel name — to display which channel is connected and to publish videos to the correct channel.
  • OAuth access token and refresh token — to maintain the connection to your YouTube channel so we can upload videos on your behalf. These tokens are stored securely in our database and are used only to authenticate upload requests.

We do not access your YouTube viewing history, subscriptions, playlists, comments, or any other YouTube data beyond what is listed above.

15.2. How We Use YouTube Data

We use YouTube API data solely to:

  • Upload sermon videos (including titles, descriptions, and thumbnails) to your connected YouTube channel.
  • Display your connected channel name in the Service so you can confirm the correct channel is linked.
  • Refresh expired access tokens to maintain a persistent connection.

We do not use YouTube API data for advertising, AI training, analytics, or any purpose other than enabling the publishing feature you authorized.

15.3. Revoking Access

You can disconnect your YouTube channel from the Service at any time through your organization settings. When you disconnect, we immediately delete your stored YouTube OAuth tokens.

You can also revoke Pylos's access to your YouTube account directly through Google's security settings. Revoking access through Google will prevent the Service from uploading videos until you reconnect.

15.4. Data Retention and Deletion

YouTube OAuth tokens are retained only while your YouTube channel is connected. When you disconnect your channel or delete your account, tokens are deleted immediately. YouTube video IDs (references to published videos) are retained as part of your sermon records but do not grant access to your YouTube account.

15.5. Google Privacy Policy

Pylos's use of YouTube API Services is subject to Google's Privacy Policy. We encourage you to review it.


16. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version at getpylos.com/privacy and update the "Last Updated" date. For material changes, we will provide notice by email or in-product notification.

Your continued use of the Service after the effective date of an updated Policy constitutes acceptance of the changes. If you do not accept the changes, you should stop using the Service and may cancel your subscription.


17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your information, contact us at:

Pylos LLC

3708 E 29th St, Unit #342, Bryan, TX 77802

Email: luke@getpylos.com