Persona: Karen — Privacy Paranoid
anonymous
Persona: karen-privacy-paranoid
Touchpoint: /pricing, /security, legal pages
Preconditions
- Visitor is concerned about data privacy and congregation surveillance
- Worried about ChatGPT-like data harvesting
- Will not buy without strong privacy guarantees
Steps
| # | Action | Expected Result |
|---|---|---|
| 1 | Land on homepage | No mention of training AI on church data. Privacy commitment prominent ('Your data is yours'). |
| 2 | Look for privacy policy | Privacy policy link accessible in footer. Clearly states ChurchWiseAI does not train on customer data. |
| 3 | Check data ownership language | Terms explicitly state: 'You own your data. We don't sell or use it for AI training.' |
| 4 | Look for GDPR/compliance badges | GDPR compliant and/or SOC 2 Type II mentioned. Links to compliance documentation if available. |
| 5 | Search for data encryption info | Data encrypted in transit (TLS/HTTPS) and at rest (AES-256 or similar). Clearly documented. |
| 6 | Check data location | Where is data stored? On-premise, US-only, EU-friendly explicitly stated. No 'stored globally' vagueness. |
| 7 | Verify no cross-border data sharing | Reassurance that visitor data stays in jurisdiction (US, EU, etc). Not sold to third parties. |
| 8 | Check data retention policy | How long is data kept? What happens when subscription ends (exported/deleted)? Clear answer. |
| 9 | Look for 'right to deletion' info | FAQ clarifies that church/visitors can request data deletion. Process documented. |
Known Failure Modes
- Privacy policy missing or vague — Karen bounces immediately
- Data used for AI training — Karen sees this as breach of trust
- No mention of encryption — Karen assumes unprotected
- Data stored in multiple countries — GDPR-compliant churches concerned
- No deletion policy — Karen worried data retained forever
References
- Playwright spec:
e2e/delivers/personas/karen-privacy-paranoid.spec.ts - Code files:
Notes
Karen is privacy-conscious (often church data officer or compliance person). Wants: data ownership guarantee, no AI training on her data, strong encryption, clear deletion policy, GDPR compliance, no cross-border sharing. A single vague sentence about data handling loses her. Honesty and transparency required.