GDPR information for ChurchPay customers and users.

For most church records, the church, network, or platform customer decides why and how personal data is used. That organisation is usually the data controller.

NEURAL NETWORK GROUP LIMITED normally acts as a processor for customer platform data, providing ChurchPay hosting, software, support, security, backups, email delivery, payment workflow records, reporting, and technical operations.

For our own website, sales enquiries, support operations, security logs, and company administration, we may act as a controller.

The platform can process member records, team roles, newcomer enquiries, mentoring activity, service attendance, service notice delivery, RSVPs, hospitality and dietary requirements, giving and donation records, Gift Aid declarations, receipts, communications, support tickets, audit logs, and security events.

Some customers may use the pastoral care, compliance, or mentoring modules to store special category or sensitive personal data. These modules should be used only where there is a lawful basis and suitable internal governance.

Customers are responsible for deciding and recording the lawful basis for their own processing. Typical bases may include legitimate interests, contract, legal obligation, consent, or explicit consent depending on the data and purpose.

ChurchPay processes customer data under customer instructions, our service terms, data protection obligations, and the operational need to deliver and protect the platform.

Members, newcomers, donors, or team members may request access, correction, deletion, restriction, portability, objection, or consent withdrawal under applicable data protection law.

Where a request relates to customer-controlled church records, ChurchPay may need to route the request to the relevant customer. We will support customers with reasonable technical assistance where needed.

The platform is designed around tenant separation, church context, role-based permissions, audit trails, secure session handling, encrypted transport, and restricted administrative access.

Customers should review team access regularly, remove users who no longer need access, use appropriate roles, and avoid placing unnecessary sensitive information into general notes or public content fields.

ChurchPay may use subprocessors for hosting, database services, storage, email delivery, observability, payments, analytics, support operations, backups, and security.

Where data is transferred internationally, appropriate safeguards should be used according to the provider, hosting location, contract, and applicable law.

Customers can contact us through the contact form if they need more information about subprocessors for procurement or data protection review.

Strictly necessary cookies support login, security, and platform operation. Analytics cookies are only used where consent has been accepted.

The Cookie Policy explains the cookie categories, how consent works, and how a user can change their choice.

If you are unhappy with how personal data has been handled, please contact us first so we can investigate. You can also complain to the Information Commissioner's Office.