Back to Home

Privacy Policy

Compliance Framework: Nigeria Data Protection Act (NDPA) 2023

Last Updated: May 2026

At ChurchTab ("Company", "we", "us", or "our"), we understand that church data is highly sensitive. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our Ministry Operating System.

This policy is strictly drafted in accordance with the Nigeria Data Protection Act (NDPA) 2023 to ensure the highest standards of digital privacy.

1. Data We Collect

We collect information strictly necessary to provide and improve our services to you. This data falls into three primary categories:

  • Church Admin Data: Name, email address, role, and phone number used for account registration, billing, and system administration.
  • Member Data: Information entered into the CRM by the Church Admin or voluntarily submitted by members. This includes names, phone numbers, email addresses, and the results of the "Spiritual Gift Assessment" (e.g., 68-question diagnostic responses).
  • Usage Data: We automatically collect standard diagnostic data including IP addresses, browser types, interaction timestamps, and cookies strictly used for security, session management, and performance monitoring.

2. How We Use Data

We use the collected data exclusively to power the ChurchTab platform features for your specific organization. Uses include:

  • Providing the Church Admin with a comprehensive "Talent Map" of their congregation for leadership deployment.
  • Powering the automated member follow-up pipeline (e.g., sending system-generated WhatsApp/Email triggers for Birthdays, Anniversaries, and First-time visitor retention).
  • Generating downloadable PDF reports (Executive Summaries, Sunday Prep Reports) for internal church leadership review.
  • Facilitating secure financial transactions through our integrated payment gateways (e.g., Paystack) for Tithes, Offerings, and Project seeds.
  • Improving the overall platform experience by analyzing aggregated, anonymized system performance data.

3. Data Ownership (The "Sovereign Rule")

Under the NDPA 2023 framework:

  • Your Church is the Data Controller. You own all member data entered into your workspace.
  • ChurchTab acts strictly as the Data Processor. We process data solely on your behalf and instructions.

Strict Prohibition: We do not sell, rent, or trade your church's member data to third parties, advertisers, or data brokers. All data is securely hosted on Vercel and Supabase enterprise infrastructure, leveraging modern cryptography and Row-Level Security (RLS).

Even in a Denominational "HQ and Branch" setup, a branch cannot see another branch's data unless the Headquarters specifically initiates aggregated reporting via their authorized God-Mode view.

4. Member Rights under NDPA 2023

As a Data Processor acting on behalf of the Data Controller (the Church), we technically facilitate the following rights for all registered members:

  • Right to Access: Members may request access to the personal data held about them within the church's directory.
  • Right to Rectification: Members may request the correction of inaccurate or incomplete personal data.
  • Right to Withdraw Consent: Members may withdraw consent for data processing, including retracting their "Spiritual Gift Test" results, at any time.
  • Right to Erasure ("Right to be Forgotten"): Members may request the deletion of their personal data from the ChurchTab system.

Note: Members should primarily direct these requests to their respective Church Administrators, who have full control over data modification and deletion within the dashboard.

5. Data Retention & Archiving

We retain member and administrative data only as long as the Church maintains an active subscription or as necessary to comply with legal obligations.

Upon the formal termination or cancellation of a subscription:

  1. The account enters a suspended state.
  2. Data is securely archived for a period of 90 days to allow for accidental cancellations or data export requests.
  3. After 90 days, the data is permanently and irreversibly deleted from our active databases and standard backup rotations, unless requested otherwise by the Data Controller prior to deletion.

6. International Data Transfers

ChurchTab utilizes global cloud infrastructure (e.g., AWS, Vercel, Supabase). By using the Service, the Data Controller acknowledges that data may be transferred to and processed in secure data centers located outside of Nigeria. All such transfers are conducted in compliance with the NDPA 2023, utilizing standard contractual clauses and ensuring adequate levels of data protection.

7. Changes to this Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in legal regulations or platform capabilities. We will notify Church Admins of any material changes via an email or a prominent notification within the ChurchTab dashboard prior to the change becoming effective.

8. Contact the Privacy Team

If you have any questions or concerns about this Privacy Policy or our data handling practices, please contact our Data Protection Officer at privacy@churchtab.com.