1. Who We Are
PewConnect is a church management platform that helps churches manage members, events, and communications. The platform is operated by your church, which acts as the data controller for member data held within the system.
For the purposes of UK GDPR, the data controller is your church organisation. PewConnect acts as a data processor, processing personal data on behalf of the church in accordance with their instructions and this policy.
2. What Data We Collect
Member Directory Data
- Full name, email address, phone number
- Role within the church (e.g. member, leader, deacon)
- Group memberships and tags
- Join date and activity notes
Event RSVPs
- Name, email, phone number, number of guests
- Which events you attended or registered for
- Any notes provided on the RSVP form
Consent Records
We record when, how, and what you consented to — for example, "RSVP form submission on 10 April 2026." This forms your audit trail.
Technical Data
- Cookie preferences (stored locally and in our database against an anonymous session key)
- IP address (recorded at point of consent, for audit purposes only)
- Browser type (user-agent, recorded at consent)
3. How We Use Your Data
- Member directory: Enabling the church to communicate with and manage its congregation.
- Events: Managing attendance, sending event reminders, tracking capacity.
- Consent audit: Demonstrating lawful basis for processing under UK GDPR.
4. Lawful Basis for Processing
Under UK GDPR, we rely on the following lawful bases:
- Consent — for event RSVPs and optional communications. You can withdraw consent at any time.
- Legitimate interests — for managing the church's internal member directory, where members have an existing relationship with the church.
5. Data Retention
- Member records: Retained for as long as the person is an active member, plus a reasonable period after they leave, or until they request deletion.
- RSVP records: Deleted when a member deletion request is completed.
- Consent records: Retained for the duration of the member relationship, then deleted with the member record.
- Deletion grace period: When a deletion is requested, we apply a 30-day grace period before permanently deleting data. This allows time to correct mistakes. The member's data is hidden but not yet purged.
6. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access (Subject Access Request)
You can request a copy of all data we hold about you. Your church administrator can generate this from the admin panel and provide it to you within 30 days.
Right to Erasure (Right to be Forgotten)
You can request that your personal data be permanently deleted. Your church administrator can submit this request, which starts a 30-day grace period before data is purged.
Right to Rectification
You can ask your church administrator to correct inaccurate or incomplete data we hold about you.
Right to Restrict Processing
In certain circumstances, you can ask us to restrict how your data is used. Contact your church administrator to make this request.
Right to Object
You can object to processing based on legitimate interests. Contact your church administrator.
Right to Data Portability
You can request your data in a machine-readable format (JSON). Your church administrator can generate a full data export on request.
7. Cookies
PewConnect uses only essential cookies required for the application to function:
- Session cookie: Keeps admin users logged in. This is strictly necessary.
- Cookie preference: Remembers whether you've accepted or declined optional cookies.
We do not use advertising, tracking, or third-party analytics cookies without your explicit consent.
8. Data Sharing
We do not sell your personal data. We share data only with the following service providers, who act as sub-processors:
- Neon / PostgreSQL — secure database hosting within the EU/UK
- Render — cloud hosting infrastructure
All sub-processors are contractually bound to process data only for the purposes specified and to maintain appropriate security standards.
9. Data Security
We take security seriously:
- All data is transmitted over HTTPS/TLS
- Database connections are encrypted
- Admin access is protected by PIN authentication
- No payment card data is ever stored on our servers
- Regular security reviews and dependency updates
10. Children's Data
PewConnect is designed for use by church administrators managing adult congregation members. If you need to store data about children (under 18), please ensure you have obtained appropriate parental consent and have documented this. Contact your church administrator to ensure children's records are appropriately marked.
11. Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be communicated to church administrators. The "Last updated" date at the top of this page will always reflect the most recent revision.
Questions About Your Data?
For any privacy-related questions or to exercise your data rights, contact your church administrator directly. They can process requests through the PewConnect admin panel.
For platform-level concerns: privacy@pewconnect.polsia.app
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data rights are not being respected.