Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you register for and use ChurchDatabase, we collect:

• Account Information: Name, email address, phone number, church name, role
• Church Member Data: Member names, contact details, attendance records, donation information, Gift Aid declarations
• Payment Information: Billing address, payment method details (processed securely by our payment providers)
• Communications: Support messages, feedback, and other correspondence

1.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, actions taken
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Similar Technologies: See our Cookie Policy for details

2. How We Use Your Information

We use your information to:

• Provide Our Services: Deliver, maintain, and improve ChurchDatabase functionality
• Process Transactions: Handle payments and billing
• Customer Support: Respond to inquiries and provide technical assistance
• Communications: Send service updates, security alerts, and administrative messages
• Analytics: Understand usage patterns and improve our services
• Legal Compliance: Comply with applicable laws and regulations
• Security: Protect against fraud, unauthorized access, and other security issues

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract Performance: To provide our services to you
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with UK laws and regulations
• Consent: Where you have given explicit consent for specific purposes

4. Data Sharing and Disclosure

4.1 We Share Data With:

• Service Providers: Cloud hosting (AWS UK), payment processors (Stripe, GoCardless), email services
• Analytics Partners: To understand service usage (anonymized data only)
• Legal Requirements: When required by law or to protect rights and safety

4.2 We Never:

• Sell your personal data to third parties
• Share your data for marketing purposes without consent
• Transfer data outside the UK/EEA without appropriate safeguards

5. Data Storage and Security

Your data is stored securely in UK-based data centres with:

• 256-bit SSL encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and authentication measures
• Daily backups with 30-day retention
• ISO 27001 certified infrastructure

6. Data Retention

We retain your personal data:

• Active Accounts: For the duration of your subscription
• Closed Accounts: Up to 90 days after closure (unless you request immediate deletion)
• Legal Requirements: As required by UK law (e.g., financial records for 6 years)
• Legitimate Interests: Anonymized analytics data may be retained indefinitely

7. Your Rights Under GDPR and UK Data Protection Law

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restrict Processing: Limit how we use your data
• Data Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for specific processing activities
• Lodge a Complaint: File a complaint with the ICO (Information Commissioner's Office)

8. Children's Privacy

ChurchDatabase is designed for use by churches and church administrators. While church databases may contain information about minors, we require that:

• Parental consent is obtained before storing data about children under 13
• Enhanced safeguarding measures are in place for children's data
• Access to children's data is restricted to authorized personnel only

9. International Data Transfers

Your data is stored in UK data centres. If we need to transfer data outside the UK/EEA, we ensure:

• Adequate safeguards are in place (e.g., Standard Contractual Clauses)
• The recipient country has an adequacy decision from the UK government
• You are notified and give consent where required

10. Cookies and Tracking

We use cookies and similar technologies for:

• Essential functionality (authentication, security)
• Performance monitoring and analytics
• User preferences and settings

See our Cookie Policy for full details and how to manage your preferences.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will:

• Notify you of significant changes via email or in-app notification
• Post the updated policy on our website
• Update the "Last updated" date at the top of this page

12. Contact Us