Privacy Policy

1. Who We Are

MyEcclesia is a platform for discovering and managing Christian events across the United Kingdom. We are the data controller responsible for your personal data.

Contact for data requests: privacy@myecclesia.org.uk

2. Information We Collect

We collect and process the following types of personal data:

3. Why We Collect Your Data (Legal Basis)

We process your personal data based on the following legal grounds:

• Contract: To provide our services when you register for events or create an account
• Consent: For marketing communications and optional cookies
• Legitimate interests: To improve our platform, prevent fraud, and ensure security
• Legal obligation: To comply with applicable laws and regulations

4. How We Use Your Information

• Provide, maintain, and improve our services
• Process event registrations and send confirmations
• Send relevant updates about events you've registered for
• Respond to your enquiries and support requests
• Prevent fraudulent activity and ensure platform security
• Analyse usage patterns to improve user experience

5. Data Sharing

We do not sell your personal data. We may share your data with:

• Event organisers: When you register for their events (name, email for registration purposes)
• Service providers: Stripe (payments), Resend (emails), Supabase (hosting)
• Legal authorities: When required by law or to protect our rights

All our service providers are bound by data processing agreements and GDPR compliance requirements.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:

• Account data: Until you delete your account
• Event registrations: 2 years after the event date
• Transaction records: 7 years (legal requirement)
• Analytics data: 26 months

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise these rights, visit your account settings or email us at privacy@myecclesia.org.uk

8. Data Security

We implement appropriate technical and organisational measures to protect your data:

• All passwords are hashed using bcrypt (never stored in plain text)
• All data transmitted using TLS/HTTPS encryption
• Regular security audits and monitoring
• Role-based access control for staff
• Automatic session timeouts

9. Cookies

We use cookies to enhance your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

10. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

11. International Transfers

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date will be revised accordingly.

13. Complaints

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
ico.org.uk

14. Contact Us

For any questions about this privacy policy or your personal data, contact us at:

Email: privacy@myecclesia.org.uk
Or visit our Contact Page