Privacy Policy for the ChurchPay platform.

This policy explains how ChurchPay handles personal data when people visit our website, contact us, request a demo, use a church website powered by ChurchPay, or access the member and admin platform.

For church records, member data, newcomer details, pastoral notes, payments, service notices, communications, and reports, the relevant church, network, or platform customer is usually the data controller. NEURAL NETWORK GROUP LIMITED acts as a data processor where we host and operate ChurchPay on their behalf.

The platform may process names, email addresses, telephone numbers, church roles, member profiles, newcomer enquiry records, event RSVPs, hospitality and dietary preferences, giving and donation records, Gift Aid declarations, receipts, communication preferences, audit logs, support requests, and technical usage information.

Certain modules may also store sensitive operational records, such as pastoral care notes, mentoring notes, visit records, and compliance requests. These areas are designed for role-based access and should only be used by authorised team members.

We use data to run church websites, member portals, service and notice workflows, payment and donation flows, newcomer pipelines, communications, reporting, support, security monitoring, audit trails, and service improvement.

Our lawful bases under the UK GDPR may include contract, legitimate interests, legal obligation, consent, or explicit consent, depending on the context and the data involved. Customers are responsible for the lawful basis for customer-controlled church records.

We do not sell personal data. We do not use church member records for unrelated advertising.

Payment processing is handled by our payments partner. ChurchPay stores payment status, references, receipts, and reconciliation information, but full card details are handled by payment processors. We never see or store your card number.

We may use trusted service providers for hosting, database services, email delivery, analytics, storage, logging, support, payments, and security. These providers are used only where needed to deliver and protect the service.

We use strictly necessary cookies for login and security. Analytics cookies are used only where consent is given. Our Cookie Policy explains this in more detail.

Customer church data is retained according to the relevant church or customer instructions, legal requirements, and operational needs. Some records, such as audit logs, payment records, Gift Aid records, and compliance requests, may need to be retained for longer.

ChurchPay applies access controls, tenant separation, role permissions, audit logging, encryption in transit, secure service credentials, and operational safeguards appropriate to the platform.

Some suppliers may process data outside the United Kingdom. Where that happens, we aim to use appropriate safeguards such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU standard contractual clauses, or equivalent contractual and technical protections.

Depending on your relationship with a church and the data involved, you may have rights to access, correct, delete, restrict, object to processing, request portability, and withdraw consent where processing is based on consent.

If your request relates to a church record, we may need to pass the request to the relevant church or customer because they control that data. You can contact us and we will help route the request appropriately.

You also have the right to complain to the Information Commissioner's Office if you are unhappy with how your personal data has been handled.