Security at Lingual

Last updated: June 26, 2026

Churches trust Lingual with two sensitive things: the live words of your services, and your Planning Center connection. This page explains in plain English how we protect both. It's written for the person on your tech team who has to sign off — if anything here raises a question, email hello@lingual.services and we'll get on a call.

Your Planning Center connection

We never see your password. Connecting Planning Center uses OAuth: you sign in on planningcenteronline.com itself, and Planning Center hands Lingual a limited-access token. Your PCO password is never typed into, transmitted through, or stored by Lingual.

We ask for the least access that makes the product work. Lingual requests exactly one permission:

What we can never access: your People / member directory, Giving and donor records, Check-Ins (children's ministry data), and Groups. We don't request those permissions, so Planning Center itself blocks that data from us — even in the worst case where Lingual were compromised, your member, donor, and children's data is not reachable through our connection. Your email comes from you directly at sign-up, never from Planning Center.

How tokens are stored. Access tokens are encrypted at rest with authenticated encryption (AES with integrity checking). The encryption key lives in our hosting provider's secrets manager, separate from the database — someone with a copy of the database alone cannot read your tokens. Keys support rotation, and every deploy runs a self-test: a missing or malformed key fails the health check and the app never serves traffic. A syntactically valid key that doesn't match existing data surfaces as loud decryption failures on use — never a silent fallback to plaintext.

Tokens are never exposed. They are never written to logs, never appear in URLs, and are never returned by any API endpoint. Token refresh happens entirely server-side.

Disconnect any time. One click in operator settings deletes your Planning Center credentials from our systems immediately. If you want belt and suspenders, you can also revoke Lingual's access from your Planning Center account's integrations page — that kills the connection from Planning Center's side too.

What we store — and what we don't

Platform security

Process

If something goes wrong

If we discover a breach affecting your data, we will notify you promptly at the email address on file, consistent with our Privacy Policy.

Found a vulnerability? Email hello@lingual.services with “Security” in the subject. We read these first and respond fast — reports are genuinely appreciated.

A note from the founder. Lingual is a small company, and we'd rather over-share than hide behind boilerplate. If your church's tech team or elders want to walk through any of this live, email us — we're happy to get on a call and show you exactly how it works.