Skip to content

Privacy Policy

Last updated: July 15, 2026

SermonOS is a live-streaming and sermon-media platform built by Cedar & Stone for churches. This policy explains what information we collect, why we collect it, and how it's used and protected. If you have questions, contact us at andrew@cedarandstone.io.

Who we are

SermonOS is operated by Cedar & Stone. We build software that helps churches produce, stream, and archive their own services and sermon media. Cedar & Stone is the data controller for the information described below.

Information we collect

SermonOS collects only what it needs to run a church's streaming and media library:

  • Church staff accounts — username, display name, and role (e.g. church admin, soundbooth operator), used to sign in and to apply the correct permissions.
  • Congregant accounts — an email address, used solely to send a one-time sign-in code so a congregant can save or resume media in the church's public archive. We don't collect a password.
  • Live-stream metadata and health telemetry — technical details about a church's broadcasts (start/end times, connection and encoder health, bitrate, and similar diagnostics) used to run and troubleshoot the stream.
  • Sermon recordings and media — video and audio recordings of a church's own services, along with associated metadata (title, speaker, series, scripture reference). Media files are stored in Cloudflare R2.
  • OAuth access tokens — when a church chooses to connect a Facebook Page or YouTube channel, we store the resulting access token, encrypted, so SermonOS can publish to that destination on the church's behalf.

How we use information

We use this information for one purpose: to provide the service a church has asked for — ingesting, recording, and publishing that church's own services to the destinations the church has chosen to connect. We do not sell any information, and we do not use it for advertising. We do not share it with anyone other than the service providers described below, and only as needed to operate SermonOS.

Service providers we use

SermonOS relies on a small number of trusted processors to deliver the service. Each receives only the data needed to perform its function:

  • Meta / Facebook — to create and manage live broadcasts on a Facebook Page the church connects, at the church's direction.
  • Google / YouTube — to create and manage live broadcasts on a YouTube channel the church connects, at the church's direction. See YouTube API Services below.
  • Cloudflare R2 — object storage for sermon recordings and media files.
  • Email delivery — sends transactional email only: one-time sign-in codes and account notifications.
  • Hetzner — infrastructure hosting for the SermonOS application and streaming servers.

Facebook Page integration

When a church authorizes SermonOS to connect to Facebook, we request access to the list of Pages that person manages, so the church can choose which Page to stream to. Once a Page is selected, SermonOS uses that authorization to create, publish, and end live videos on the church's chosen Page — nothing else. The resulting Page access token is stored encrypted and used only for this purpose. A church can disconnect Facebook at any time from within SermonOS, which immediately stops all further access and revokes the stored token.

YouTube API Services

SermonOS uses YouTube API Services. By connecting a YouTube channel, you agree to be bound by the YouTube Terms of Service, and our handling of the resulting data is described here and in the Google Privacy Policy.

When a church connects a YouTube channel, SermonOS accesses that channel's identity (so the church can confirm which channel is connected) and the ability to create, manage, and end live broadcasts and live streams on that channel. This access is used only to run the church's own broadcasts, at the church's direction — never to read, modify, or publish anything beyond what's needed to operate the stream the church started.

You can revoke SermonOS's access to your Google account at any time, either by disconnecting YouTube from within SermonOS, or directly through Google's security settings — Third-party apps with account access.

How access tokens are protected

Every OAuth access token SermonOS stores — for Facebook or YouTube — is encrypted at rest using AES-256-GCM. Tokens are decrypted only at the moment they're needed to make an authorized request on the church's behalf. A token can be revoked at any time, either by disconnecting the platform inside SermonOS or by removing SermonOS's access from the platform's own account settings.

Data retention

Sermon recordings and media are retained according to each church's own configured retention policy. Account data (staff and congregant) is retained for as long as the account remains active, or until deletion is requested (see below).

Requesting data deletion

A church or an individual congregant can request deletion of their data at any time by emailing andrew@cedarandstone.io. Disconnecting a Facebook or YouTube connection from within SermonOS immediately revokes the stored token for that platform. Full details, including what gets deleted and the timeframe, are on our Data Deletion page.

Congregants and children

SermonOS is provided to churches for their own congregations. Congregant accounts collect only an email address, used exclusively for one-time sign-in codes. SermonOS is not directed at children, and we don't knowingly collect information from children beyond what a church itself provides in the ordinary course of publishing its own services.

Security

We use industry-standard safeguards — encryption at rest for sensitive credentials, access controls, and secure infrastructure — to protect the data described in this policy. No system is perfectly secure, but we take reasonable steps to prevent unauthorized access, disclosure, or loss.

Changes to this policy

We may update this policy as SermonOS evolves. Material changes will be reflected by updating the “Last updated” date above. Continued use of SermonOS after a change means you accept the updated policy.

Contact

Questions about this policy or your data can be sent to andrew@cedarandstone.io.