1. Introduction
This Data Policy outlines how FlexiCHURCH ("we", "us", "our") handles data entered into our church management platform ("Service"). We take data stewardship seriously and are committed to responsible, transparent data practices.
2. Data Ownership
Your church retains full ownership of all data entered into FlexiCHURCH, including but not limited to:
- Member records and personal information
- Financial transactions and reports
- Communication logs and message history
- Event records and attendance data
- HR records, payroll data, and employee information
- Custom configurations, departments, and organizational structure
We do not claim any ownership, license, or rights to your data beyond what is necessary to operate the Service.
3. Multi-Tenant Data Isolation
FlexiCHURCH operates as a multi-tenant SaaS platform. Each church (tenant) has its own isolated database. This means:
- Your data is stored in a dedicated database separate from other churches.
- No other tenant, administrator, or church can access your data.
- Our system administrators access tenant data only for troubleshooting when explicitly requested by the church admin.
4. Data Storage & Security
Encryption
- In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS).
- At Rest: Sensitive fields (passwords, API keys, tokens) are encrypted or hashed using industry-standard algorithms.
Access Control
- Role-based access control (RBAC) ensures users see only the data their role permits.
- All administrative actions are recorded in an audit trail.
- Session management with automatic timeout for inactive sessions.
Backups
- Automated daily backups with retention for disaster recovery.
- Backups are encrypted and stored in geographically separate locations.
5. Data Processing
We process your data solely for the purpose of providing the Service. This includes:
- Storing and retrieving records as requested by your administrators
- Sending SMS, WhatsApp, and email messages on your behalf via trusted third-party providers
- Generating reports and analytics within your dashboard
- Processing subscription payments via PCI-compliant payment gateways (Paystack, Stripe, Flutterwave)
We do not mine, sell, rent, share, or monetize your data in any way.
6. Third-Party Data Sharing
We share limited data with third-party service providers only when necessary to operate the Service:
- Payment processors (Paystack, Stripe, Flutterwave) — for subscription billing
- SMS providers — phone numbers and message content for SMS delivery
- WhatsApp API providers — phone numbers and message content for WhatsApp delivery
- Email services — email addresses and content for email delivery
All third-party providers are bound by their own privacy policies and data protection obligations. We do not share data with advertisers, analytics companies, or data brokers.
7. Data Retention
- Active accounts: Data is retained for the duration of your subscription.
- Cancelled accounts: Data is retained for 30 days after subscription expiration, during which you may reactivate. After 30 days, data may be permanently deleted.
- Data export: You may export your data at any time from your church dashboard (members, finances, reports).
8. Data Deletion
You may request complete deletion of your church data at any time by contacting us. Upon receiving a verified deletion request:
- All church data, member records, and associated files will be permanently deleted within 14 business days.
- Backups containing your data will be purged within 30 days.
- Deletion is irreversible — we cannot recover data after it has been deleted.
9. GDPR & Compliance
While FlexiCHURCH is headquartered in Nigeria, we respect the data protection rights of all users globally. We are committed to:
- Honoring data subject access requests (DSARs)
- Providing data portability through export features
- Implementing the right to erasure (right to be forgotten)
- Maintaining lawful basis for data processing
- Complying with the Nigeria Data Protection Regulation (NDPR)
10. Contact Us
For any questions about this Data Policy or to exercise your data rights, contact us: