Privacy Policy

Ecclesa ("we," "our," or "us") is committed to protecting the privacy of our users and their congregation members. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our church management platform. We understand that churches handle sensitive personal and spiritual information, and we take this responsibility seriously.

We collect information that you provide directly to us and information that is automatically collected when you use our services:

• Account Information: Name, email address, phone number, church name, and role within the organization
• Church Member Data: Names, contact information, family relationships, attendance records, group memberships, and volunteer assignments that you enter into the system
• Payment Information: Billing details for subscription payments (processed securely through third-party payment providers)
• Usage Data: How you interact with our platform, including features used, pages visited, and actions taken
• Device Information: Browser type, IP address, device identifiers, and operating system
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies

We use the information we collect for the following purposes:

• Provide, maintain, and improve our church management services
• Process subscription payments and send related communications
• Send administrative notifications, such as service updates and security alerts
• Respond to your inquiries and provide customer support
• Analyze usage patterns to enhance user experience and develop new features
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms of service

We do not sell your personal information or your congregation's data. We may share information in the following limited circumstances:

• Service Providers: Third-party vendors who perform services on our behalf, such as hosting, payment processing, and analytics (bound by confidentiality agreements)
• Legal Requirements: When required by law, subpoena, or other legal process
• Protection of Rights: To protect the rights, property, or safety of Ecclesa, our users, or others
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)
• With Consent: When you have given us explicit permission to share specific information

We retain your data for as long as your account is active or as needed to provide you services. Church member data is retained according to your subscription and preferences. Upon account closure, we retain data for 30 days to allow for data export, after which it is permanently deleted from our active systems. Backup data may be retained for up to 90 days for disaster recovery purposes.

We implement industry-standard security measures to protect your information:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
• Encryption at Rest: All stored data is encrypted using AES-256 encryption
• Access Controls: Strict role-based access controls limit who can access your data
• Regular Audits: We conduct regular security assessments and penetration testing
• Secure Infrastructure: Our systems are hosted in SOC 2 compliant data centers with 24/7 monitoring

While we implement robust security measures, no system is completely secure. We encourage you to use strong passwords and protect your account credentials.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (right to be forgotten)
• Data Portability: Request your data in a structured, commonly used format
• Withdraw Consent: Withdraw consent for data processing activities
• Object to Processing: Object to certain types of data processing
• Lodge a Complaint: File a complaint with a supervisory authority

To exercise any of these rights, please contact us at privacy@ecclesa.com. We will respond to your request within 30 days.

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for the platform to function properly (authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with our platform
• Marketing Cookies: Not used - we do not display third-party advertisements

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

Our service is intended for church administrators and is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@ecclesa.com. Churches using our platform to store information about minors are responsible for obtaining appropriate parental or guardian consent.

Our primary data centers are located in Singapore and Indonesia. If you access our services from outside these regions, your information may be transferred to, stored, and processed in these locations. We ensure that international data transfers comply with applicable data protection laws and implement appropriate safeguards.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and, for significant changes, sending an email notification to account administrators. Your continued use of our services after such modifications constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact our Data Protection team at privacy@ecclesa.com. For Indonesian users, you may also contact us at our Jakarta office. We are committed to addressing your concerns and will respond to inquiries within 30 business days.