Subscribe

Trust & Security

We keep this honest: below is what Easy Sermon Notes actually does to protect your sermons and your account — no security-theater badges, no certifications we haven't earned.

Encrypted in transit

Every connection is served over HTTPS.

Backed up continuously

Live replication plus nightly snapshots.

Cookieless analytics

No cookies, no cross-site tracking.

Your content is yours

Never sold, never used to train models.

Encryption in transit

The site and app are served exclusively over HTTPS (TLS), fronted by Cloudflare. Traffic between your browser and Easy Sermon Notes is encrypted, and we send HSTS so browsers refuse to connect any other way.

Backups & durability

Your data lives in a single database with two layers of protection: continuous write-ahead-log replication (Litestream) guards against disk loss, and a verified nightly snapshot — integrity-checked and retained on a rolling window — guards against logical mistakes like a bad migration. Together they give us a clean, recent point-in-time to restore from.

Access & isolation

Sermons are private by default and scoped to your church account — only people you invite can see them. Generated files (slides, outlines, speaker notes) are served only to authenticated members of the owning church, and speaker notes are restricted to their author. Downloads and images are sent with private cache headers so they're never stored in a shared cache.

Analytics without tracking

We use cookieless, privacy-friendly analytics (Plausible) for aggregate, anonymous page views and outbound clicks. No cookies, no cross-site tracking, no personally identifying information.

Data ownership

Your content belongs to you. We use it only to provide the service to you and your church. We don't sell it, and we don't use it to train AI models. You can edit or delete your sermons anytime, and request export or account closure. See the Privacy Policy for the full detail.

A note on certifications

We're a small, focused product and we don't claim formal certifications (such as SOC 2 or ISO 27001) we haven't completed. What's on this page is what we genuinely do. Have a security question or a specific requirement? Email [email protected].

See also our live system status.