Privacy Policy

Effective March 16, 2026

Introduction

This Privacy Policy describes how Charismata (charismata.org) collects, uses, and protects your information. The Service is operated by Matt Heerema. I take your privacy seriously and aim to collect only what is necessary to deliver the assessment experience.

What We Collect

When you take the assessment, the following data may be collected:

  • Name — optional, only if you choose to provide it
  • Email address — optional, only if you choose to provide it
  • Church name — optional, only if you choose to provide it
  • Group name — optional, only if you choose to provide it
  • Assessment responses — your answers to 100 statements on a 1–5 scale
  • Calculated scores — your results across 10 gift categories, derived from your responses

If your session was provisioned by a third-party integration (such as Trellis), your name and email may be provided by that service rather than entered by you directly.

How We Use Your Data

Your data is used to:

  • Generate and display your assessment results
  • Allow you to return to your results via your session link
  • Improve the assessment through aggregate, anonymized analysis of response patterns

What We Don't Do

  • We do not sell your data to anyone, ever
  • We do not use advertising or ad-tracking services
  • We do not use analytics or tracking cookies
  • We do not share your data with third parties, except as described below

Third-Party Integrations

If your assessment session was provisioned through a third-party application (such as Trellis), your results will be sent back to that service via a secure callback as part of the integration your organization opted into. In that case, the third party's own privacy policy governs how they handle your data once received.

Outside of this specific scenario, your data is never shared with any third party.

Cookies

Charismata does not use tracking cookies, analytics cookies, or advertising cookies. The only cookie used is a functional authentication cookie for the administrative panel, which does not affect regular users of the assessment.

Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Neon in the United States. The application is hosted on Vercel, also in the United States.

All data is encrypted in transit using HTTPS/TLS. Database connections use SSL. While no system is perfectly secure, I take reasonable measures to protect your information.

Data Retention and Deletion

Assessment data is retained indefinitely to allow you to access your results at any time. If you would like your data deleted, you may request deletion by emailing matt@mattheerema.com. I will delete all data associated with your session upon request.

Children's Privacy

Charismata is intended for users aged 13 and older. The Service does not knowingly collect personal information from children under 13, in compliance with COPPA (Children's Online Privacy Protection Act).

For users between 13 and 16, parental consent is recommended, particularly in a church or youth group context. If you believe a child under 13 has provided personal information through the Service, please contact me at matt@mattheerema.com and I will promptly delete that data.

Changes to This Policy

I may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated effective date. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy or want to request data deletion, you can reach me at matt@mattheerema.com.

Matt Heerema
2916 Bayberry Rd.
Ames, IA 50014

Terms of Service|Resources