This Agreement is between Church Management Platform ("Provider") and the subscribing church organization ("Church"). It governs the Church's use of the Church Management Platform software platform and clarifies data ownership, responsibilities, and system usage.
1. Purpose
This Agreement governs the Church's use of the Church Management Platform software platform and clarifies data ownership, responsibilities, and system usage.
2. Roles & Data Classification
For purposes of data protection:
- The Church is the Data Controller.
- Church Management Platform is the Data Processor.
The Church determines:
- What data is collected
- Why it is collected
- Who has access within the church
Church Management Platform processes data solely to provide the software service.
3. Data Ownership
All member data, including but not limited to:
- Names
- Contact information
- Family relationships
- Attendance records
- Volunteer data
- Ministry participation
- Child check-in information
- Giving and donation records
Remains the exclusive property of the Church. Church Management Platform does not acquire ownership rights to church data.
4. Data Use Restrictions
Church Management Platform agrees:
- Not to sell church data
- Not to share data for advertising
- Not to mine data for commercial resale
- Not to contact church members for unrelated purposes
Data is used solely to operate the software platform.
5. Confidentiality
Church Management Platform will:
- Maintain administrative, technical, and physical safeguards
- Restrict internal access to authorized personnel only
- Protect church data from unauthorized disclosure
6. Subprocessors
Church Management Platform may use third-party infrastructure providers such as:
- Cloud hosting providers
- SMS delivery providers (e.g., Twilio)
- Email delivery services
- Payment processors (e.g., PayPal)
These providers:
- Process data solely to support system functionality
- Are contractually bound to confidentiality
7. Security Measures
Church Management Platform implements:
- Encrypted data transmission (HTTPS)
- Encrypted credential storage
- Two-Factor Authentication
- Role-based access controls
- Audit logging
8. Data Portability & Export
Upon request or termination:
- The Church may request an export of its data in a standard format (e.g., CSV, JSON).
- Church Management Platform will provide data export within 30 days of the request.
9. Data Deletion
Upon written request:
- Church Management Platform will delete church data from active systems.
- Backup deletion will occur within a reasonable retention window (30–90 days).
10. Term & Termination
This Agreement remains in effect while the Church uses Church Management Platform.
Either party may terminate with written notice.
Upon termination:
- Access is revoked
- Data export is provided upon request
- Data deletion occurs per Section 9
11. Limitation of Liability
Church Management Platform's liability is limited to fees paid in the prior 12 months.
12. Independent Contractor
Church Management Platform operates as an independent contractor, not as a ministry partner, agent, or employee of the Church.
13. Governing Law
This Agreement is governed by the laws of the State of California.