Privacy Policy
Last Updated: May 2026
This Privacy Policy governs the data processing practices of our unified software ecosystem, which includes our public-facing Church Mobile Application (for congregants, newcomers, and team serving) and our internal Operations Management Application (for staff, trustees, and operational leadership), both built across the Base44 secure cloud network.
We are committed to protecting the privacy, dignity, and personal data of our church family, volunteers, visitors, and staff members.
1. Important Information and Who We Are
Data Controller
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the Data Controller is ‘Darlington Vineyard Church’ (referred to as "we", "us", or "our" in this policy). We operate and maintain both software applications.
Contact Details
If you have any questions about this privacy policy or our data protection practices, please contact our administrative team:
Email: info@darlingtonvineyard.church
Postal Address: Darlington Vineyard Church, Salt Yard, Darlington, DL3 7DX
2. The Legal Basis for Processing Your Data
Under UK GDPR, we process personal data under the following legal frameworks:
Explicit Consent: When you sign up for an account, agree to serve on a rota, or submit a connect card.
Legitimate Interests: For the day-to-day administration, communication, team coordination, and operational management of our church community hub.
Special Category Data (Religious Beliefs): Because our organization is a church, processing your account data inherently implies a religious affiliation. We process this under Article 9(2)(d) of the UK GDPR (processing carried out in the course of legitimate activities by a non-profit body with a religious aim) and ensure this information never leaves our secure system without your explicit consent.
3. Information We Collect
We collect different types of data depending on which application you are interacting with and your role within the community.
A. Public Church Mobile Application (Congregants & Newcomers)
Identity Data: First name, last name, date of birth.
Contact Data: Email address, mobile phone number, physical address block.
Profile Images & Media Uploads: User-submitted profile photographs uploaded to sync your identity avatar across our public and internal operations ecosystem (handleProfilePictureSync).
Device Identifiers & Push Tokens: Unique device ID tokens processed specifically to route operational church updates, rota alerts, and critical community notifications via native push messaging.
Ministry & Serving Data: Teams you choose to join (e.g., Welcome, Cafe, Worship), availability records, and calendar shift confirmations (rota_consent).
Preferences & Media Data: Interactions with our publicly curated Sunday service materials, liturgy setlists, and public Spotify media player widgets.
B. Internal Operations Application (Staff, Leadership & Volunteers)
Employment & Capacity Data: Contracted work hours tracking, timesheet entry logs, task completion metrics, and department workload accountability assignments.
Financial Data: Uploaded expenditure receipt photos, expense claims tracking parameters, and mileage logs for reimbursement.
Systems Metadata: Authentication logs, permission tags, and device identifier codes passed through secure Google or password-based authentication protocols.
C. Children’s and Minors’ Data (Under 18s & Under 13s)
We take the safety of children seriously under the ICO’s Age Appropriate Design Code and global child protection frameworks. We do not allow minors to register unverified accounts. We collect dates of birth to automatically detect minors. Any data concerning a minor (such as kids' church attendance or youth serving teams) strictly requires:
A digital link to a verified parent or legal guardian's Contact record.
Explicit, logged Parental Consent (parental_consent: true) before any data processing or rota scheduling occurs.
Under-13 Verifiable Framework: We do not knowingly collect or process data from children under the age of 13 without verifiable parental or legal guardian consent.
Parental Rights & Management: Parents or legal guardians retain the absolute right to review, manage, modify, or request the immediate deletion of their child's personal data at any time by contacting our data team directly.
4. How We Use Your Personal Data
We use your data across both platforms exclusively to run our church operations and community hub safely:
Account Provisioning: Moving new registrations securely through our automated staging "Airlock" queue until approved by an administrator to prevent directory duplicates.
Rota Planning & Logistics: Matching scheduled volunteers to stage plots, sound desks, hospitality lanes, and group rotas.
Worship Syncing: Compiling public Spotify tracking strings entered by worship pastors internally to update the public congregant media components automatically.
Financial Accountability: Auditing receipt uploads and timesheet records for regulatory and accounting compliance.
5. Airtight Data Security & Isolation
Both applications utilize an advanced security architecture to ensure your data is shielded from unauthorized internal and external eyes.
Row-Level Security (RLS): Our backend database enforces strict row-by-row isolation. General system users and volunteers can only query data relevant to their explicitly checked department assignments (e.g., a Cafe volunteer cannot view Safeguarding or Maintenance data rows).
The Confidential Pastoral Care Vault: To protect your ultimate privacy, tickets containing sensitive pastoral care updates are completely decoupled from global system dashboards, search features, and Kanban workload boards.
The Pastoral Lockdown Rule: Even full System Administrators and Trustees are strictly barred from viewing or reading pastoral support tickets or counseling logs. Access is cryptographically limited exclusively to the specific assignees, the creator, or individuals carrying the explicit Senior Pastor clearance badge.
6. Third-Party Data Sharing & Integrations
We do not sell or rent your personal data to third parties. Your data passes only through secure, approved technical pipelines necessary to operate the apps:
Base44 Platform Infrastructure: Our secure database hosting provider, bound by rigorous data processing agreements.
Stripe, Inc.: Our secure third-party payment gateway used to process ticket sales and registrations for paid church events. Credit card details are captured directly by Stripe using encrypted frames and are never transmitted to or stored on our Base44 servers.
Resend.com: Our transactional email delivery utility used to securely dispatch automated booking confirmations, event joining instructions, and account validation codes.
Google Play Services & Firebase: Infrastructure tools utilized for routing background push notifications, processing application crash diagnostics, and maintaining application stability.
ChurchSuite Embedded Forms: Where public "Stay in Touch" elements are loaded via secure embeds, data inputs flow directly into your secure master profile managed under our core privacy guidelines.
Spotify Web API: Publicly shared track links are synchronized into playlist strings across devices without transmitting any personal profile indicators.
Xero: We utilize Xero’s cloud accounting platform to process and reconcile financial expenditures. Receipts and expense claims processed within our Operations Application are transmitted to Xero via secure API to ensure accurate bookkeeping and audit-readiness. No personal identity data beyond that required for accounting compliance (e.g., vendor names and expense amounts) is transmitted.
7. Data Retention & Account Deletion (App Store Mandate)
We retain your personal information only as long as you are an active part of our community or as required for historical compliance (e.g., financial expense records).
The Right to Be Forgotten / Account Deletion
In accordance with both Apple and Google developer policies and the UK GDPR, you have the right to delete your account at any time.
How to Request Deletion: You can initiate account deletion directly within the Profile Settings page of the mobile app, or by emailing our data team at processing@darlingtonvineyard.church.
Our Anonymization Protocol
To prevent historical scheduling logs or financial statistics from breaking when an account is deleted, we utilize an advanced anonymization script instead of a destructive hard-delete. When you choose to delete your account:
Your first name, last name, and email address are completely overwritten with randomized anonymous strings (e.g., "Scrubbed User #541").
Your profile photo, phone number, address block, and exact date of birth are permanently purged from the server.
Your historical rota counts and ticket metrics are preserved for church capacity analysis, but they can never be traced back to you.
8. Your Legal Rights under UK GDPR
You have the right to:
Request access to a copy of the personal data we hold about you.
Request correction of incomplete or inaccurate data.
Request erasure/anonymization of your personal data.
Object to processing or request restriction of processing.
Withdraw your consent at any time where we are relying on consent to process your information.
If you wish to exercise any of these rights, please reach out to us via our contact email listed in Section 1. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).