Trust & security

How Rewind is hosted

Rewind is built for church and ministry production teams. This page explains where your data lives, who processes it on our behalf, and how we keep it safe. Live system status is on the status page.

Sub-processors

Third parties that store or process workspace data on our behalf.

Vercel
Application hosting & global CDN
Data: HTTP requests, IP addresses, the web app itself
Supabase
Postgres database, authentication, file storage & edge functions
Data: Workspaces, members, channels, stream metadata, notes
Cloudflare Stream
Film Room video ingest, storage & playback
Data: Recorded multiview video and crew comms audio (coaching tier)
Stripe
Subscription billing & payment processing
Data: Billing contact, subscription status (card data never touches Rewind)
Resend
Transactional email — sign-in links, contact replies, weekly reports
Data: Recipient email addresses and message contents
PostHog
Product analytics (honors Do Not Track)
Data: Anonymized usage events; configurable US or EU region
Google / YouTube Data API
Live-broadcast detection
Data: Read-only access to public channel & video metadata
Planning Center Online (optional)
Single sign-on, when a workspace enables it
Data: Account identity for OAuth sign-in only

How we protect your data

Encrypted in transit
All traffic to Rewind and between our sub-processors is served over HTTPS/TLS. We do not accept unsigned webhooks.
Per-workspace isolation
Each workspace owns its own members, channels, and captured streams. Access is enforced at the database layer with Postgres row-level security, scoped to short-lived per-user JWTs.
Least-privilege credentials
Background jobs run with narrowly-scoped tokens — for example, the usage meter holds a read-only analytics token and can never delete recordings.
You control retention
Workspace owners set how long captured streams are kept and whether expired media is deleted or moved to cold storage.
A note on Film Room recordings

The optional Film Room tier records multiview video and crew comms audio so teams can review services later. Recording captures real people’s voices and likeness — make sure your crew knows when comms are being recorded, and set a retention window that fits your ministry’s policy. Owners can delete a workspace and its recordings at any time.

Reporting a security issue

We welcome responsible disclosure. See our security.txt for the current contact and policy, or email security@rewind.coach.

We use privacy-respecting product analytics under legitimate interest to improve Rewind (we honor Do Not Track). You can opt out anytime — see our Cookie Policy.

Trust & security — Rewind · Rewind