Privacy Policy

MyBimah (“MyBimah”, “we”, “us”) is a service-planning platform for synagogues, operated by Shadow Shul. This policy explains how we handle information when you usemybimah.comor any tenant subdomain (your-synagogue.mybimah.com).

For Customer Content (the synagogue data you put into the Service — member directories, service orders, honor history, etc.), your synagogue is the data controller. We act as a processor, handling that data only on your synagogue's instructions. For information about how a specific synagogue uses its members' data, contact that synagogue's administrator.

This policy directly governs the marketing site (mybimah.com), your account information as an individual user (email, password, name), and how we operate our infrastructure.

From visitors to mybimah.com:

• Interest form submissions: name, email, organization, role, congregation size, and message body — only the fields you choose to submit.
• Standard server logs: IP address, user agent, and timestamps of requests, kept for security and abuse prevention.
• Cookies: see Section 5.

From signed-in users:

• Account profile: email, password (stored as a scrypt hash; we never see your plaintext password), display name, optional Hebrew name, role within your synagogue, avatar.
• Authentication metadata: last login timestamp, failed-attempt counters, session cookies (HMAC-signed, 30-day lifetime), OAuth provider linkage if you sign in with Google or Microsoft.
• Audit log: who changed what within your tenant, kept for security and accountability.
• Customer Content: anything you or your tenant's administrators upload — service orders, members' profiles, honors, lifecycle events, branding assets.

From your activity:

• Performance + error telemetry: anonymized error traces and page-load timings via Sentry and Vercel Analytics. We do not capture form values, passwords, or sensitive content.

• To operate, secure, and improve the Service.
• To send transactional emails (sign-in invites, password resets, honor confirmations, weekly recaps if you enable them). We do not send marketing email without your explicit opt-in.
• To respond to interest-form submissions on the marketing site.
• To detect, investigate, and prevent abuse, fraud, or violation of our terms.
• To comply with legal obligations.

We do not sell personal information. We do not use Customer Content to train AI models.

We use the following service providers to operate MyBimah. Each has its own privacy policy and is contractually required to protect data they process on our behalf.

We'll update this list as our infrastructure changes. If a change is material to you (for example, we add a vendor with substantial new data access), we'll notify you by email or a banner on the Service.

We use a small number of first-party cookies:

• session — your signed-in session, HMAC-signed, HttpOnly, 30-day lifetime.
• oauth_state — short-lived (5 min) cookie used during the OAuth sign-in flow to prevent CSRF.
• Vercel may set its own cookies for web-analytics and abuse prevention. See Vercel's privacy policy.

We do not use third-party advertising or behavioral-tracking cookies.

• Account information is retained for as long as you have an account, plus a short window for security investigations.
• Customer Content is retained as long as your synagogue maintains its tenant. After tenant termination, we keep it in cold backups for up to 30 days for recovery, then delete.
• Marketing-interest submissions: kept until you ask us to delete them.
• Audit logs: 12 months for security and compliance.
• Server logs: 90 days, longer for active security investigations.

We follow industry-standard practices:

• Encryption in transit — TLS 1.2+ on every hop (browser → app, app → database, app → Redis, app → third-party APIs).
• Encryption at rest — AES-256 on the production database (Neon, SOC 2 Type 2), Redis cache (Upstash, SOC 2 Type 2), error telemetry (Sentry), and email logs (Resend).
• Authentication — scrypt-hashed passwords, HMAC-signed session cookies, rate limiting on login + reset endpoints, and OAuth via Google + Microsoft (no third-party tokens stored on our side).
• Tenant isolation — every database query passes through a tenant-scoping helper; subdomain-based routing keeps tenant data separated at the URL level.
• Append-only audit log — administrative actions are recorded in an audit table that is enforced append-only at the database layer; even a compromised application user cannot quietly rewrite history.
• Application-aware PII scrubbing — error telemetry sent to Sentry is scrubbed of emails and member directory fields before transmission, so stack traces do not leak congregational identifiers.

No system is perfect. If you suspect a security incident affecting your account or your tenant, contact us at support@mybimah.com and we will investigate promptly.

Depending on where you live, you may have rights to access, correct, port, or delete the personal information we hold about you. To exercise these rights:

• For your own profile (email, name, avatar, etc.), you can edit it directly via the Profile page when signed in, or ask your tenant administrator.
• For data your synagogue holds about you (member record, honor history, etc.), contact your synagogue's administrator. They are the data controller; we act on their instructions.
• For data we hold about you directly (marketing-interest submissions, etc.), email us at support@mybimah.com and we'll respond within 30 days.

MyBimah is not directed at children under 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent. Synagogues may use the platform to coordinate B'nei Mitzvah and other youth activities — that data is uploaded by the synagogue, with the synagogue acting as data controller. If you believe a child has given us information without consent, contact support@mybimah.com and we'll delete it.

Our infrastructure is hosted primarily in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. By using the Service, you consent to that transfer.

We may update this policy from time to time. Material changes will be announced via email to active accounts and via a banner on the Service before they take effect. Routine clarifications (typo fixes, vendor additions of equivalent type) may happen without notice; the “Last updated” date at the top tracks the most recent change.

Privacy questions, data requests, or security reports: support@mybimah.com.