ccaasys← Back to home

Privacy Policy

Last updated: 1 May 2026

1. Who We Are

CAASYS (“we”, “us”, “our”) provides a cloud-based church administration and attendance system. We act as a data processor on behalf of the churches (“data controllers”) that use our platform. Our registered address is available upon request.

2. Data We Collect

2.1 Church Account Data

When a church registers, we collect the church name, administrator name, email address, and password (stored as a salted hash). We may also collect billing details if the church subscribes to a paid plan.

2.2 Member & Visitor Data

Churches may input data about their members and visitors, including:

  • Full name, date of birth, email, phone number, postal address
  • Family relationships and household groupings
  • Attendance records, check-in timestamps, and event participation
  • Visitor journey stage and pastoral notes
  • Giving records and Gift Aid declarations
  • Photographs and biometric data — fingerprint templates and device credentials (where enabled; see Section 2.4)
  • Prayer requests and care notes

2.3 Children’s Data

The Kids module processes data about children, including name, date of birth, guardian information, allergies, medical notes, and custody chain-of-custody logs. This data is entered and managed solely by the church. We do not knowingly collect data directly from children.

2.4 Biometric Data (Special Category)

Where a church enables the biometric check-in feature, CAASYS processes biometric data classified as “special category data” under Article 9 of UK GDPR. This section explains how we handle this data:

  • What we collect: A mathematical template derived from a fingerprint scan or a WebAuthn device credential. We never store raw fingerprint images.
  • Legal basis: Article 9(2)(a) — explicit consent. Members must provide clear, affirmative consent before any biometric data is collected. Consent is recorded with a timestamp.
  • Purpose limitation: Biometric data is used solely for identity verification during church check-in. It is never used for surveillance, profiling, or any secondary purpose.
  • Storage: Biometric templates are stored as encrypted credential records in our database, associated with the member’s profile. They are never shared with third parties.
  • Withdrawal of consent: Members may withdraw consent at any time by contacting their church administrator. Withdrawal triggers immediate and permanent deletion of all biometric credentials. The member can still check in by name.
  • Children: Biometric enrolment is not available for members under the age of 13. For members aged 13–17, a parent or guardian must provide consent through their church administrator.
  • Retention: Biometric data is retained only while consent is active and the member remains on the church roll. It is deleted automatically if consent is withdrawn, the member is archived, or the church account is closed.
  • ICO compliance: We follow the Information Commissioner’s Office (ICO) guidance on biometric data, including conducting a Data Protection Impact Assessment (DPIA) for biometric processing.

2.5 Technical Data

We collect standard server logs (IP address, browser type, access timestamps) for security monitoring and system diagnostics. We do not use tracking cookies or third-party analytics on the platform.

3. How We Use Your Data

We process personal data to:

  • Provide and maintain the CAASYS platform
  • Authenticate users and secure their sessions
  • Send SMS and email communications on behalf of the church
  • Generate attendance reports and analytics
  • Facilitate automated follow-up workflows
  • Process subscription payments
  • Comply with legal obligations

4. Lawful Basis for Processing

We process data under the following lawful bases as defined by UK GDPR:

  • Contract: To deliver the service the church has subscribed to
  • Legitimate interests: System security, fraud prevention, and service improvement
  • Consent: Where a church member or visitor has consented to receiving communications
  • Explicit consent (Article 9): For biometric data processing — members must provide clear, informed, and freely given consent before any biometric data is collected or used
  • Legal obligation: Where required by law (e.g., financial record-keeping for Gift Aid)

5. Data Sharing

We do not sell or rent personal data. We share data only with:

  • Sub-processors: Cloud hosting (AWS), email delivery (Resend), SMS delivery (BulkSMS), payment processing (Stripe). All sub-processors are bound by Data Processing Agreements.
  • The church: As the data controller, the church has full access to member data within their account.
  • Legal authorities: Where required by law or to protect vital interests.

6. Data Security

We implement appropriate technical and organisational measures, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Salted password hashing (bcrypt)
  • Role-based access controls within each church account
  • Regular security monitoring and access logging
  • Tenant isolation — churches cannot access one another’s data

7. Data Retention

Member and visitor data is retained for as long as the church account is active. Upon account cancellation, we retain data for 90 days to allow for reactivation, after which it is permanently deleted. Anonymised, aggregated data may be retained indefinitely for statistical purposes.

8. Your Rights

Under UK GDPR, individuals have the right to:

  • Access: Request a copy of the personal data held about them
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of their data (“right to be forgotten”)
  • Restriction: Request limited processing of their data
  • Data portability: Receive their data in a machine-readable format
  • Object: Object to processing based on legitimate interests

To exercise any of these rights, please contact your church administrator in the first instance. For requests directed at CAASYS, email [email protected].

9. Cookies

CAASYS uses a single, strictly necessary HTTP-only authentication cookie (caasys_token) to maintain your login session. This cookie is essential for the platform to function and does not require consent under UK GDPR. We do not use advertising, tracking, or third-party analytics cookies.

10. International Transfers

Data may be processed in the United States (AWS hosting, Stripe, Resend). Such transfers are safeguarded by Standard Contractual Clauses and/or the UK–US Data Bridge, in compliance with UK GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to church administrators. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related enquiries, please contact:

CAASYS Data Protection
Email: [email protected]

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).