ChurchPlan Inc. ("ChurchPlan", "we", "our", "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, retain, and protect Personal Information when you use the ChurchPlan Platform — including our mobile application, web application, administrative portals, and related services (collectively, the "Platform").
This Privacy Policy applies to all users of the Platform, including end users (donors, church members, event participants, guests) and the staff and Authorized Administrators of Client Churches (individuals designated by their Church with privileged access to the Platform). It also describes how ChurchPlan acts as a data processor on behalf of Churches, which independently control their own member and community data.
By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you must not use the Platform.
1. Who We Are and How to Contact Us
ChurchPlan Inc. ("ChurchPlan", "we", "our", "us") is a technology company incorporated in Ontario, Canada, that provides a software-as-a-service platform enabling churches, charities, and faith-based organizations to manage their communities — including donations, events, member communications, tax receipting, and related administrative functions. We process Personal Information in connection with operating this Platform and providing services to subscribing Client Churches and their members, donors, and participants. This Privacy Policy explains what Personal Information we collect, how we use and protect it, with whom we share it, and what rights you have in respect of your information.
1.1 Privacy Commitment and Principles
ChurchPlan is committed to handling Personal Information in a lawful, fair, transparent, and secure manner. Our approach is guided by widely recognized privacy principles:
- accountability for Personal Information under our control;
- transparency about how information is collected, used, and disclosed;
- collection and use limited to identified, lawful purposes;
- data minimization — collecting only what is reasonably necessary;
- reasonable technical and organizational safeguards;
- your right to access, correct, and delete your information; and
- retention only for as long as reasonably necessary or legally required.
These principles inform every section of this Policy and our day-to-day data handling practices.
1.2 Privacy Officer and Contact Details
For any questions, concerns, or requests relating to this Privacy Policy or the handling of your Personal Information, please contact:
ChurchPlan Privacy Officer 1200 Bay St. Suite 1201 Toronto, Ontario M5R 2A5 Canada Tel: 1-800-420-1140 Email: privacyofficer@churchplan.com https://www.churchplan.com/privacy-policy
We will acknowledge your inquiry within five (5) business days and respond substantively within the timeframe required by applicable law (typically 30 days, or up to 45 days with notice under some frameworks).
1.3 Jurisdiction-Specific Representatives
Where required by applicable law, ChurchPlan may appoint local representatives or data protection officers in specific jurisdictions. Details of any such representatives will be published at the URL above or provided upon request.
1.4 Relationship with Client Churches
Each Church using the Platform operates as an independent data controller with respect to its own members, donors, participants, and community data. If your inquiry relates to data collected and managed by a specific Church, you should contact that Church directly. ChurchPlan can provide guidance on how to identify and contact the appropriate Church.
2. Scope and Applicable Laws
2.1 Scope of This Policy
If you are an Authorized Administrator or staff member accessing the Platform on behalf of a subscribing Church, your organization's use of the Platform is also governed by the ChurchPlan Master Service Agreement, available at https://www.churchplan.com/master-service-agreement, which contains data processing obligations, security requirements, and other B2B terms applicable to Client Churches.
This Privacy Policy applies to Personal Information collected, used, or disclosed by ChurchPlan in connection with the Platform, regardless of where you are located. It covers: (a) Personal Information you provide directly when creating an account, making a donation, or registering for an event; (b) Personal Information provided by a Church about its members or community; (c) Personal Information automatically collected through your use of the Platform; and (d) Personal Information received from third-party payment providers and other integrated services.
2.2 Global Privacy Law Compliance
ChurchPlan operates globally and seeks to comply with applicable privacy laws in every jurisdiction where the Platform is used. The following laws are of particular relevance:
ChurchPlan's End-User Terms of Service are available at https://www.churchplan.com/terms-of-service and govern your use of the Platform alongside this Privacy Policy.
| Jurisdiction | Applicable Law(s) | Key Rights / Obligations |
|---|---|---|
| Canada | PIPEDA; Quebec Law 25 (Bill 64); CASL | Access, correction, withdrawal of consent; breach notification; 30-day response |
| United States | CCPA / CPRA (California); other state privacy laws | Right to know, delete, opt-out of sale; non-discrimination; 45-day response |
| European Union | GDPR (Regulation 2016/679) | Lawful basis required; data subject rights; DPA required; 72-hr breach notification |
| United Kingdom | UK GDPR; Data Protection Act 2018 | Same as EU GDPR with UK-specific adaptations; ICO as supervisory authority |
| Australia | Privacy Act 1988; Australian Privacy Principles (APPs) | 13 APPs; access and correction rights; notifiable data breach scheme |
Where the requirements of different applicable laws conflict, ChurchPlan applies the higher standard of protection. Where a specific jurisdiction grants you rights not listed in this Policy, those rights remain available to you.
2.3 What Is Not Covered
This Privacy Policy does not cover: (a) the independent data practices of Client Churches, which are each responsible for their own privacy policies and compliance; (b) third-party websites or services linked from the Platform; (c) payment processors' independent handling of card or bank data; (d) offline records maintained solely by a Church outside the Platform; or (e) data that has been fully anonymized and can no longer be associated with any individual.
3. What Personal Information We Collect
3.1 Information You Provide Directly
We collect Personal Information in the following ways: directly from you when you register, donate, message, or participate; from your Church or Charity administrators; from a parent or guardian where a youth profile is created; from payment processors (transaction status data only); automatically from your device and browser through technical logs and cookies; and from profile transfers and cross-church interactions you initiate. Each category of information collected is described below.
3.1.1 Account Registration
When you create a ChurchPlan account, we collect the following mandatory information: full name; email address; date of birth; phone number; mailing address; marital status; gender; and login credentials (password stored in hashed form — we never store plaintext passwords). Note: The specific fields required during onboarding may be configured by each Client Church based on the programs it offers. After account creation, you or your Church may optionally add additional profile information, including: family and household details; health and allergy information; emergency contacts; ministry roles; and other information relevant to your participation in Church programs.
3.1.2 Donation Information
When you make a donation through the Platform, we collect: donation amount, currency, and date/time; payment method type (card type and last four digits for card payments; or bank account type and last four digits for ACH/EFT direct bank debit — (full card details and full bank account credentials are held by the payment processor, not ChurchPlan); transaction identifiers and references; mailing address (required by applicable tax law for receipt issuance); any optional dedication, memo, or campaign note you choose to provide; and donation fund or campaign designation.
3.1.3 Event Registration
When you register for a Church event or activity, we collect: registration status and ticket details; emergency contact details where required; dietary, allergy, or accessibility information you voluntarily provide for event safety or logistics; medical information you voluntarily disclose in connection with an activity; consent forms and waiver acknowledgements; and any other information required by the Organizing Church for the specific event.
3.1.4 Family and Youth Profiles
If you create or manage a family profile, we collect information about linked family members including minors. This may include names, dates of birth, gender, school year/grade, emergency contacts, medical or allergy information, and consent records provided by a parent or guardian. Such information is treated with heightened care and is accessible only to authorized Church Personnel and the managing parent or guardian.
3.1.5 Guest Transactions
Guests who transact without creating a full account provide: name; email address; and for donations, home address required for tax receipt issuance. Guest data is associated with transaction records and is not used for unrelated purposes.
3.1.5a Guest Event Participants and Named Guests
Where an individual participates in a Church event as a Guest (with no ChurchPlan account) or is added as a Named Guest by another user, the following Personal Information may be collected: name; email address (for ticket confirmation and OTP authentication); and any other information required by the Organizing Church for the specific event (such as emergency contact details, dietary requirements, or accessibility needs). Named Guests' information is provided by the account holder who created the reservation; ChurchPlan does not collect Named Guests' information directly. Named Guests are not ChurchPlan users and cannot independently access or manage their event records. Requests relating to Named Guest information should be directed to the Organizing Church as the Data Controller, or to the account holder who created the reservation.
3.1.6 Pastoral Care and Community Support Information
Where a Church or Charity chooses to use the Platform for pastoral care, visitation, follow-up, counselling coordination, prayer requests, confession booking, or other member-support functions, limited Personal Information may be collected and stored through the Platform for these purposes. Such information is collected and controlled by the relevant Church or Charity, which is solely responsible for ensuring it has an appropriate legal basis and any required consents before collecting or using this category of information. ChurchPlan processes such data on the Church's behalf as a data processor and does not use it for any purpose other than operating the Platform feature configured by the Church.
3.1.7 Communications and Support
When you contact ChurchPlan or a Church through the Platform, we collect the content of your messages, support requests, feedback, and any attachments you submit.
3.2 Information Collected Automatically
3.2.1 Usage and Log Data
When you use the Platform, we automatically collect: IP address and approximate geographic location (country/city level); device type, operating system, and browser type; app version; session identifiers and authentication tokens; pages viewed, features used, and actions taken within the Platform; timestamp and duration of sessions; crash logs and error reports; and referring URL or app source.
3.2.2 Cookies and Similar Technologies
The Platform uses cookies and similar technologies for authentication, security, session management, and basic performance monitoring. We do not currently use third-party advertising cookies or behavioural tracking technologies. For details, see Section 12 (Cookies and Tracking Technologies).
3.3 Information Received from Third Parties
3.3.1 Payment Processors
Our third-party payment processors (including Stripe, Apple Pay, and Google Pay) share limited transaction metadata with us — including transaction identifiers, payment status, and payment method type — to enable donation processing, receipting, and fraud detection. We do not receive full card numbers, CVV codes, or bank account credentials.
3.3.2 Client Churches
Churches may import Personal Information into the Platform from their own records or legacy systems — including membership databases, donation histories, and administrative records predating the Church's use of ChurchPlan. ChurchPlan processes this data on behalf of the Church as a Data Processor only.
The importing Church is the Data Controller for all imported data and is solely responsible for: (a) ensuring it has a lawful basis under applicable privacy law to transfer and process the data through ChurchPlan; (b) notifying affected individuals of the import and its purposes, or determining that notification is not required under applicable law; and (c) ensuring the import does not violate any applicable law, regulation, or individual right. ChurchPlan does not independently verify whether a Church has obtained the necessary consents or whether the import is lawfully authorized, and ChurchPlan does not assume any legal liability arising from unlawful or unauthorized data imports.
If you believe your Personal Information has been imported into ChurchPlan by a Church without your knowledge or consent, you should contact the relevant Church directly as the Data Controller for that information. If you are unable to obtain a satisfactory response from the Church, you may contact privacyofficer@churchplan.com and ChurchPlan will provide reasonable assistance, including helping you identify the responsible Church and understand your available rights. You may also submit a deletion request to the Church itself, or to ChurchPlan, or self-delete your own account by visiting https://www.churchplan.com/delete-account — all subject to the Church's lawful retention obligations.
3.3.3 Other Integrations
Where you authorize third-party integrations (such as calendar services or streaming platforms), we may receive limited data from those services as necessary to provide the integrated functionality.
3.4 Sensitive Personal Information
The following categories of information are treated as sensitive and are subject to heightened protection: health and medical information (including allergy, dietary, mobility, and emergency medical notes); pastoral care and community support records (including confession booking records); information about minors; financial account details (not retained by ChurchPlan — held by payment processors); government-issued identification numbers (not routinely collected); and religious beliefs or practices (disclosed incidentally through Church affiliation). Sensitive information is collected only where a specific Church has configured the Platform to require or enable such collection for its particular programs, ministry, or safeguarding requirements — it is not collected by default or across all churches generally. All sensitive information is subject to stricter access controls, retention limits, and handling obligations. Churches and Charities are responsible for ensuring they have appropriate legal bases for collecting and using sensitive information through the Platform.
4. How We Use Personal Information
4.1 Primary Operational Purposes
ChurchPlan uses Personal Information to operate and deliver the Platform, including:
- creating and managing User accounts and Church affiliations;
- authenticating users and securing the Platform;
- processing donations, event payments, and related financial transactions;
- generating, delivering, and archiving tax receipts and financial records;
- managing event registrations, attendance, and participation records;
- supporting pastoral care, follow-up, and community support workflows where enabled by a Church;
- administering family and household relationships and youth profiles;
- recording parental and guardian consents and safeguarding information;
- enabling communications between Users and Churches;
- maintaining user preferences, account settings, and notification subscriptions;
- supporting administrative and operational workflows within Churches;
- providing customer support, troubleshooting, and technical assistance;
- maintaining audit trails, system logs, and transaction histories; and
- detecting, preventing, and investigating fraud, misuse, or unauthorized activity.
4.2 Legal and Regulatory Compliance
We use Personal Information as required to: comply with applicable laws and regulations including tax, charitable receipting, anti-money laundering, and data protection laws; respond to lawful requests from regulators, courts, or law enforcement; enforce our Terms of Service and other agreements; and maintain records required by applicable accounting, audit, and safeguarding standards.
4.3 Platform Security and Improvement
We use limited technical data (including logs, error reports, and aggregated usage statistics) to: maintain system reliability, security, and performance; detect and respond to security incidents and unauthorized access; improve user experience and Platform functionality; and conduct internal research and development on an aggregated, de-identified basis.
4.4 Communications
We use contact information to send: transactional messages (donation confirmations, receipts, event confirmations, account notices); operational communications required for Platform function; and non-transactional or promotional communications (newsletters, Church announcements, fundraising appeals) only where you have provided separate, express consent as required by applicable law (including CASL in Canada). You may withdraw consent for non-essential communications at any time through your account settings.
4.5 What We Do Not Do
ChurchPlan does not: sell Personal Information to third parties; use Personal Information for targeted advertising or behavioural profiling; disclose Personal Information to advertisers or marketing intermediaries; use automated decision-making or profiling that produces significant legal or similarly significant effects on individuals without human review; or collect or use biometric or facial recognition data.
5. Legal Bases for Processing (GDPR / UK GDPR)
5.1 Summary of Legal Bases
Where GDPR, UK GDPR, or similar regimes apply, ChurchPlan and/or the relevant Church or Charity may process Personal Information on one or more of the following legal bases:
- Consent — for example, when you create an account, submit optional information, register for certain Activities, opt into communications, or transfer your profile between Churches;
- Contractual Necessity — to provide the Platform services you have requested, including processing donations and event registrations;
- Legal Obligation — to comply with tax, audit, anti-fraud, safeguarding, or other regulatory requirements;
- Legitimate Interests — to maintain platform security, prevent abuse, perform diagnostics, and ensure operational integrity, where those interests are not overridden by your rights; and
- Vital Interests — where necessary to protect the safety, health, or welfare of a user or third party in an emergency.
Where a Church or Charity is the data controller, it is independently responsible for identifying, documenting, and communicating its lawful basis for processing to affected individuals.
5.2 Detailed Processing Activities Table
The table below sets out ChurchPlan's specific legal bases for its own processing as a data controller:
| Processing Activity | Legal Basis | Details |
|---|---|---|
| Account creation and management | Contract performance (Art. 6(1)(b)) | Necessary to provide the Platform services you have requested |
| Donation processing and tax receipting | Contract + Legal obligation (Art. 6(1)(b) and (c)) | Required to fulfill the transaction and comply with tax/charitable laws |
| Event registration and attendance | Contract performance (Art. 6(1)(b)) | Necessary to administer your participation |
| Pastoral care and community support data | Legitimate interests / Legal obligation (Art. 6(1)(c) and (f)) | Processed only on Church instructions; Church is controller and responsible for basis |
| Safety, medical, and consent records for minors | Vital interests / Legal obligation (Art. 6(1)(c) and (d)) | Required for safeguarding compliance and duty of care |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) | ChurchPlan's interest in maintaining platform integrity and security |
| Transactional communications | Contract performance (Art. 6(1)(b)) | Required to deliver the requested service |
| Marketing / promotional communications | Consent (Art. 6(1)(a)) | Freely given, specific, and withdrawable at any time |
| Legal claims and regulatory compliance | Legal obligation (Art. 6(1)(c)) | Required by applicable law |
| Analytics and platform improvement | Legitimate interests (Art. 6(1)(f)) | Aggregated / de-identified — does not materially affect your rights |
| Sensitive data (health, religious affiliation) | Explicit consent or legal obligation (Art. 9(2)(a) and (c)) | Collected only where strictly necessary and with appropriate protections |
Where we rely on legitimate interests, we have conducted a balancing assessment and determined that our interests are not overridden by your data protection rights. You may request information about these assessments by contacting our Privacy Officer. For individuals in Canada, the legal basis for collection is generally consent, contractual necessity, or legal obligation under PIPEDA and applicable provincial law. For individuals in Australia, collection is based on the Australian Privacy Principles under the Privacy Act 1988.
6. How We Share Personal Information
6.1 Sharing with Client Churches
When you donate to, register with, or otherwise engage with a Church through the Platform, we share the Personal Information reasonably necessary for that Church to administer your participation, process your donation, issue receipts, and manage its community. Each Church receives only the information relevant to its specific relationship with you. ChurchPlan does not grant one Church access to data held by another Church about you without your consent or a lawful basis.
Participant data for a specific Activity may also be accessible to Activity Supervisors — individuals designated by an Authorized Administrator of the Organizing Church to manage and supervise that Activity. An Activity Supervisor's access is limited to the participant list for that Activity only and expires automatically when the Activity concludes and is removed from active Platform listings. Activity Supervisors are not appointed by ChurchPlan.
6.2 Payment Processors
We share payment and transaction information with our third-party payment processors (including Stripe, Apple Pay, and Google Pay) as necessary to process financial transactions. These processors are bound by their own privacy policies and applicable payment industry standards (PCI-DSS). ChurchPlan does not receive or retain full payment card details.
6.3 Technology Subprocessors
ChurchPlan uses third-party technology providers to operate the Platform, including cloud hosting, email delivery, push notification services, analytics infrastructure, and customer support tooling. These providers act as subprocessors under our direction and are contractually bound to handle Personal Information only as instructed, with appropriate security measures. A current list of material subprocessors is available upon request by contacting privacyofficer@churchplan.com. We will provide at least 30 days' notice before adding a new subprocessor that may materially affect the handling of your Personal Information.
6.4 Legal Disclosures
We may disclose Personal Information to third parties — including regulators, courts, law enforcement agencies, and child-protection authorities — where required or permitted by applicable law, including: compliance with a court order, subpoena, or legal process; response to a lawful request by a government authority; protection of the rights, property, or safety of ChurchPlan, its users, or the public; investigation of fraud, security incidents, or violations of our Terms of Service; or where we have a good-faith belief that disclosure is necessary to prevent serious harm.
6.5 Business Transitions
If ChurchPlan undergoes a merger, acquisition, reorganization, sale of assets, or similar corporate transaction, Personal Information may be transferred to a successor entity as part of that transaction. We will provide reasonable notice before Personal Information becomes subject to a materially different privacy policy, and affected individuals will have the opportunity to exercise applicable rights.
6.6 Aggregated and De-identified Data
We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify any individual — for example, statistical reports on Platform usage, donation trends by region, or event participation patterns — for research, benchmarking, or product improvement purposes. Such data is not considered Personal Information.
6.7 Third-Party Services
The Platform may integrate with or link to third-party services such as payment providers, app stores, analytics tools, video streaming services, or messaging platforms. These third-party services have their own privacy policies and terms of service. ChurchPlan is not responsible for the privacy practices of third parties acting outside our role as service providers to the Platform. We encourage you to review the privacy policies of any third-party services you use in connection with the Platform.
6.8 External Event Registration and Ticketing Platforms
Some Churches may post links within their ChurchPlan pages to third-party ticketing, event registration, or form platforms — including, without limitation, Ticketmaster, Eventbrite, Google Forms, or similar services. Clicking such a link takes you away from the ChurchPlan Platform entirely and to a website or application operated by a third party. Any registration, ticket purchase, payment, or Personal Information you provide on a third-party platform is governed exclusively by that platform's own privacy policy and terms of service — not by this Privacy Policy. ChurchPlan has no access to, no visibility into, and no responsibility or liability for any Personal Information collected, retained, used, shared, or disclosed by third-party platforms you access through links posted by Churches. The relevant third-party platform — not ChurchPlan — is the data controller for any information you provide on that platform. If you have concerns about how a third-party platform handles your Personal Information, please contact that platform directly or review its privacy policy before providing your information.
6.9 External Donation Platforms
Some Churches may post links to external charitable donation platforms — including, without limitation, PayPal, GoFundMe, Zeffy, CanadaHelps, or similar services — through which donors may make contributions directly to the Church or to a third-party cause. Clicking such a link takes you away from the ChurchPlan Platform entirely.
ChurchPlan has no access to, no visibility into, and no responsibility for any Personal Information, payment data, or transaction records collected by external donation platforms. The external platform — not ChurchPlan and not the Church — is the data controller for any Personal Information you provide through that platform. Such information is governed exclusively by that platform's own privacy policy and terms of service.
Important: Donations made through external platforms are not processed by ChurchPlan and are not reflected in ChurchPlan's records. ChurchPlan cannot generate tax receipts for donations made outside the Platform. If you require a charitable donation receipt for tax purposes, you should confirm with the relevant Church or the external platform whether a receipt will be issued and on what basis. ChurchPlan bears no responsibility for the tax treatment, receipting practices, or data handling of any external donation platform.
6.10 What We Never Do
ChurchPlan does not: sell Personal Information to any third party; share Personal Information with advertisers, data brokers, or marketing intermediaries; disclose Personal Information to another Church without your consent or a legitimate operational reason; use Personal Information collected in connection with religious participation for purposes unrelated to Platform operation; or initiate the export of your Personal Information from ChurchPlan to any external system, CRM, ChMS, or third-party database on your behalf. Any export of Personal Information from the Platform may only be initiated by the Client Church as the Data Controller, not by ChurchPlan. ChurchPlan does not transfer your data to external systems at its own discretion.
6.11 Data Export Controls and Audit Trail
Every export of Personal Information from the Platform — including bulk member list exports, donor database exports, or any other data export function — is initiated exclusively by the Client Church or its authorized administrators. ChurchPlan never initiates exports of your Personal Information on its own authority.
ChurchPlan maintains immutable administrative access logs for all data exports. These logs record: the identity of the user who initiated the export; the date, time, and duration; the data categories and number of records included; and the originating IP address and device. Export logs cannot be deleted or altered by Church administrators.
The unauthorized export, sale, or commercial exploitation of Personal Information obtained through the Platform is a serious breach of the relevant Church's agreement with ChurchPlan and may constitute a criminal offence under applicable law in all jurisdictions where ChurchPlan operates. If you believe your Personal Information has been exported or misused by a Church administrator without authorization, you may: (a) report it to ChurchPlan immediately at safety@churchplan.com; and (b) report it to the relevant law enforcement authority or data protection regulator in your jurisdiction. ChurchPlan will cooperate fully with any such investigation and will provide audit log evidence to competent authorities upon request.
ChurchPlan's audit log evidence will be made available to any competent law enforcement or regulatory authority investigating a data misuse incident. A claim by any person that an unauthorized export constitutes a "data breach" attributable to ChurchPlan — where ChurchPlan's logs confirm the export was initiated by an authenticated user — does not transfer liability to ChurchPlan.
7. Data Retention
7.1 General Principle
ChurchPlan retains Personal Information for no longer than is necessary to fulfill the purposes for which it was collected, including providing the Platform, supporting participating Churches, complying with legal obligations, and resolving disputes. When Personal Information is no longer required, we securely delete, anonymize, or archive it. Where appropriate, information may be anonymized rather than deleted, in which case it is no longer considered Personal Information and may be retained indefinitely for statistical or operational purposes.
7.2 Retention Periods by Category
| Data Category | Typical Retention Period | Basis |
|---|---|---|
| Active account data (profile, preferences) | Duration of account + 90 days post-deletion | Service delivery; legal obligations |
| Donation records and tax receipts | 7 years minimum from date of donation (or as required by applicable tax law) | CRA, IRS, ATO, HMRC requirements |
| Financial transaction logs | 7 years minimum | Accounting, audit, anti-fraud |
| Event registration and attendance records | 3 years or as required by applicable insurance / safeguarding law | Legal obligation; insurance |
| Pastoral care and community support records | As determined by the relevant Church (independent data controller) | Church's legal and safeguarding obligations |
| Safeguarding and consent records (minors) | Until the minor reaches adulthood + 7 years, or as required by law | Child protection legislation |
| Support and communications records | 3 years from last interaction | Dispute resolution; service continuity |
| Security and system audit logs | 12 months rolling | Security monitoring; incident response |
| Anonymized / aggregated analytics | Indefinite (no longer Personal Information) | Platform improvement; research |
7.3 Church-Controlled Retention
Each Church acting as an independent data controller determines its own retention periods for the Personal Information it manages through the Platform, based on its legal, regulatory, tax, safeguarding, and organizational obligations. ChurchPlan does not determine how long Churches retain their data. If you wish to have records held by a Church corrected, restricted, or deleted, you should contact that Church directly.
7.4 Retention Following Account Deletion
When you delete your ChurchPlan account: (a) your active profile and login credentials are removed from active systems within 90 days; (b) donation records, tax receipts, and financially significant transaction history are retained for the minimum period required by applicable tax and accounting law, regardless of account status; (c) safeguarding records, consent forms, and records relating to minors are retained as required by applicable child-protection law; (d) records held by Churches are unaffected by an account deletion request and remain subject to the relevant Church's retention practices; and (e) anonymized or aggregated data derived from your activity may be retained indefinitely, as it can no longer identify you.
7.5 Retention Following Church Contract Termination
If a Church's subscription to ChurchPlan ends, ChurchPlan retains Platform data associated with that Church for a limited period (typically 90 days) to allow data export. After that period, data may be securely deleted, anonymized, or archived unless legal obligations require longer retention. During the retention period, the Church may be provided access to export its data subject to applicable agreements.
7.6 Church Contract Termination — Data Controller Responsibility
When a Church's subscription or service agreement with ChurchPlan ends, the following applies with respect to the Personal Information of individual Users affiliated with that Church:
- The Church remains the Data Controller for all member, donor, and community data it collected and managed through the Platform, both during the subscription and following termination. ChurchPlan's role as Data Processor for Church-controlled data does not transfer to ChurchPlan upon termination.
- ChurchPlan acts as a custodian only during the 90-day export window. During this period, ChurchPlan will not use Church member data for any purpose other than making it available for the Church to export.
- After the export window, ChurchPlan will securely delete or anonymize Church member data, except where independent legal obligations require ChurchPlan to retain specific records — for example, donation and tax receipt records, which ChurchPlan may retain for the statutory minimum period required by applicable tax and accounting law regardless of Church termination.
- Individual Users' statutory privacy rights — including access, correction, deletion, and portability — in respect of Church-controlled records must be directed to the Church as the Data Controller. ChurchPlan cannot fulfill data subject requests on behalf of a Church's own records after termination.
- If the Church dissolves, ceases operations without a lawful successor, or is otherwise permanently unable to respond to data subject requests, ChurchPlan will make reasonable efforts to respond to requests from affected individuals regarding records retained in ChurchPlan's own systems, and will notify affected Users of the Church's termination where required by applicable law or where technically practicable.
- Users who wish to transfer their active profile to another Church before their current Church's contract ends should use the Platform's self-service profile transfer feature in account settings.
8. Data Storage and Security
8.1 Where Data Is Stored
ChurchPlan's Platform infrastructure is hosted on cloud services operated by reputable third-party providers with data centres located primarily in Canada and the United States. Depending on applicable data residency requirements in your jurisdiction, data may also be stored or processed in other jurisdictions. Where required by law (for example, under Quebec's Law 25 or EU GDPR requirements for international transfers), we implement appropriate transfer mechanisms including Standard Contractual Clauses or equivalent safeguards.
8.2 International Data Transfers
When Personal Information is transferred outside your home jurisdiction, ChurchPlan takes steps to ensure it receives an adequate level of protection, including: relying on adequacy decisions where available; entering into Standard Contractual Clauses (EU/UK SCCs or equivalent); implementing supplementary technical measures where required; and maintaining contractual obligations with all recipients to uphold privacy standards equivalent to this Policy. A summary of transfer mechanisms used can be obtained by contacting the Privacy Officer.
8.3 Security Measures
ChurchPlan implements technical, administrative, and organizational security measures designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction. These measures include:
- All data transmitted between your device and ChurchPlan is encrypted using 256-bit TLS encryption — the same level of protection used by major financial institutions. Data stored in our databases is encrypted at rest using AES-256 or equivalent.
- Passwords are stored using bcrypt hashing — ChurchPlan never stores your password in plain text. Session cookies are secured with HTTP-only and secure flags, preventing access via JavaScript or insecure connections. User sessions expire automatically and are immediately invalidated when a user's role or permissions change.
- ChurchPlan uses a role-based access control system. Each user — whether a member, treasurer, service supervisor, or administrator — has access only to the data and features relevant to their role. Email verification is required before accessing sensitive features.
- Each church's data is fully isolated at the database level. No organization's information is accessible to another — your congregation's data stays yours alone.
- ChurchPlan never stores credit card numbers or full payment credentials. All payment processing is handled through PCI-compliant providers (including Stripe, Apple Pay, and Google Pay), which tokenize financial data so it never touches ChurchPlan's servers.
- Members and administrators can request full account deletion, data export, and consent management through the Platform. Deleted records are retained in a recoverable state for a limited period to protect against accidental loss and to satisfy legal retention requirements.
- ChurchPlan includes age verification controls based on date of birth, and parent/guardian consent workflows for events and activities involving minors.
- Authenticated activity on the Platform is logged, giving administrators visibility into system activity and supporting accountability within their organization.
- ChurchPlan aligns its security controls with the SOC 2 framework, maintaining controls around security, availability, and confidentiality.
For questions about ChurchPlan's security practices, contact privacyofficer@churchplan.com or support@churchplan.com.
8.4 Your Role in Security
You are responsible for maintaining the confidentiality of your login credentials, using reasonably secure devices, and notifying us promptly at support@churchplan.com if you suspect unauthorized access to your account. ChurchPlan will never ask you for your password.
8.5 Security Limitations
No security system is impenetrable. While we take reasonable measures to protect your Personal Information, we cannot guarantee absolute security. In the event of a breach affecting your Personal Information, we will notify you as required by applicable law.
9. Your Privacy Rights
9.1 Rights Available to All Users
Subject to applicable law and reasonable verification of your identity, you may exercise the following rights with respect to Personal Information held by ChurchPlan (for its own processing as a data controller):
| Right | Description | How to Exercise |
|---|---|---|
| Access | Obtain a copy of Personal Information we hold about you — available directly in your account screen in the ChurchPlan app, or by email to the Privacy Officer | In-app (Account screen) or email privacyofficer@churchplan.com |
| Correction / Rectification | Correct inaccurate or incomplete Personal Information | Via account settings or email to Privacy Officer |
| Deletion / Erasure | Request deletion of your Personal Information subject to legal retention obligations | Via in-app account deletion, or by visiting https://www.churchplan.com/delete-account from any browser, or by contacting privacyofficer@churchplan.com |
| Restriction of Processing | Request that we limit how we use your data in certain circumstances | Email privacyofficer@churchplan.com |
| Data Portability | Receive your data in a structured, machine-readable format (where technically feasible) | Email privacyofficer@churchplan.com |
| Withdraw Consent | Withdraw consent for consent-based processing at any time without penalty | Via account settings or email to Privacy Officer |
| Object to Processing | Object to processing based on legitimate interests | Email privacyofficer@churchplan.com |
| Opt-Out of Sale/Sharing (CCPA) | Opt out of any sale or sharing of Personal Information (we do not currently sell or share for advertising) | Email privacyofficer@churchplan.com |
| Lodge a Complaint | File a complaint with a supervisory authority in your jurisdiction | See Section 9.4 for authority contacts |
9.1.1 Self-Service Profile Editing
You do not need to contact the Privacy Officer to update most of your personal details. Where enabled by the Platform and your Church's settings, you may edit the following directly within the ChurchPlan mobile app or web app: name; contact details (email address, phone number, home address); gender; date of birth; marital status; and family and household details.
Some records cannot be self-edited because they must be preserved for legal or compliance reasons. These include issued tax receipts, historical donation records, transaction histories, and safeguarding records. To correct an error in any of these records, contact the relevant Church directly or submit a correction request to privacyofficer@churchplan.com. To delete your account entirely, use https://www.churchplan.com/delete-account.
9.2 Rights Relating to Church-Held Data
Where Personal Information is held by a specific Church as an independent data controller (such as your donation history, attendance records, or Church communications), ChurchPlan acts only as a processor and cannot fulfill access, correction, or deletion requests on the Church's behalf. You should contact the relevant Church directly. ChurchPlan can assist you in identifying the appropriate contact at the relevant Church upon request.
9.3 Response Timeframes
ChurchPlan will acknowledge privacy rights requests within five (5) business days of receipt and will respond substantively within: 30 days (Canada — PIPEDA; EU/UK — GDPR; Australia — Privacy Act); 45 days with notice (United States — CCPA/CPRA); or such other period as required by applicable law. We may extend response timeframes in complex cases and will notify you if an extension is required.
9.4 Supervisory Authorities and Regulatory Contacts
If you are not satisfied with our response to a privacy request or complaint, you have the right to lodge a complaint with your local supervisory authority:
| Jurisdiction | Supervisory Authority | Website |
|---|---|---|
| Canada (Federal) | Office of the Privacy Commissioner of Canada (OPC) | priv.gc.ca |
| Quebec | Commission d'accès à l'information du Québec (CAI) | cai.gouv.qc.ca |
| European Union | Lead supervisory authority in your EU member state | edpb.europa.eu |
| United Kingdom | Information Commissioner's Office (ICO) | ico.org.uk |
| Australia | Office of the Australian Information Commissioner (OAIC) | oaic.gov.au |
| United States (California) | California Privacy Protection Agency (CPPA) | cppa.ca.gov |
10. Children and Minors
10.1 Minimum Age
The Platform is not directed at children under the age of 13, or the minimum age of digital consent in their jurisdiction, whichever is higher. ChurchPlan does not knowingly collect Personal Information directly from children under this minimum age without verifiable parental or guardian consent. If we become aware that we have collected Personal Information from a child below the minimum age without appropriate consent, we will take steps to delete that information promptly.
10.2 Family and Youth Profiles
The Platform enables Parents/Guardians to create and manage profiles for minors participating in Church activities. Personal Information about minors is collected only through a verified Parent/Guardian account, with the express consent of that Parent/Guardian. Such information is treated as sensitive, subject to stricter access controls, and used only for the purposes for which it was collected (such as activity registration, safeguarding compliance, or education tracking). Churches and Charities are responsible for obtaining any required parental or guardian consents and for using youth-related data in accordance with applicable child privacy, safeguarding, and protection laws.
10.3 Parental Rights
Parents and guardians may, at any time: (a) request access to Personal Information collected about a minor under their care; (b) request correction or deletion of such information, subject to applicable legal retention requirements; (c) withdraw consent for the collection of a minor's information (which may limit the minor's ability to participate in certain Platform features); and (d) contact the relevant Church to exercise rights in respect of Church-held records. Requests should be directed to privacyofficer@churchplan.com or to the relevant Church.
10.4 Safeguarding Records
Records relating to safeguarding, child protection, consent, incidents, or supervision of minors may be retained for the period required by applicable child-protection legislation, regardless of an account deletion or parental opt-out request. Such records may be shared with relevant authorities where required by law or where there is an imminent risk to the safety of a child.
10.5 COPPA (United States)
For users in the United States, the Platform's features accessible to children under 13 are limited to those administered through a verified parental account. ChurchPlan complies with the Children's Online Privacy Protection Act (COPPA) for U.S. users, including obtaining verifiable parental consent before collecting personal information from children under 13, limiting use of such information to the purposes disclosed, and providing parents with the right to review and delete it.
11. Data Breach Notification
11.1 ChurchPlan's Obligations
In the event of a data breach that creates a real risk of significant harm (Canada — PIPEDA), a high risk to individuals' rights and freedoms (EU/UK — GDPR), or a significant data breach (Australia — Privacy Act), ChurchPlan will: (a) notify the applicable supervisory authority within the timeframe required by law (72 hours under GDPR; promptly under PIPEDA and the Privacy Act); (b) notify affected individuals without undue delay where required; and (c) maintain a record of all data breaches, whether or not notification is required.
11.2 Breach Notifications to You
If ChurchPlan determines that a breach is likely to result in a risk of harm to you, we will notify you by email (at the address associated with your account) and, where required, by other means specified by law. Our notification will describe: the nature of the breach; the categories and approximate number of individuals and records affected; the likely consequences of the breach; the measures we have taken or propose to take to address it; and the contact details of our Privacy Officer.
11.3 Church Responsibilities
Churches acting as independent data controllers are responsible for managing and reporting breaches affecting Personal Information within their own systems. Churches must notify ChurchPlan promptly upon becoming aware of any breach involving Platform-hosted data, and must comply with their own legal breach notification obligations independently of ChurchPlan.
12. Cookies and Tracking Technologies
12.1 What We Use
The Platform uses cookies and similar technologies (such as local storage and session tokens) for the following strictly necessary and functional purposes:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Authentication cookies | Maintain your logged-in session securely | Session / up to 30 days if 'remember me' selected |
| Security tokens | Protect against CSRF and replay attacks | Session |
| Preference cookies | Remember your language, notification, and display preferences | Up to 12 months |
| Functional cookies | Enable Platform features such as OTP verification and checkout state | Session |
| Performance / error logging | Capture technical errors and performance data to improve the Platform | Up to 90 days (aggregated, not behavioural) |
12.2 What We Do Not Use
ChurchPlan does not currently use: third-party advertising cookies; behavioural tracking or cross-site tracking technologies; social media pixels (e.g. Meta Pixel, TikTok Pixel); fingerprinting technologies; or cookies that track your activity outside the Platform.
12.3 Managing Cookies
You can control or delete cookies through your browser settings. Disabling strictly necessary cookies may impair Platform functionality, including the ability to log in or complete transactions. Preference and performance cookies can be disabled without affecting core functionality. Instructions for managing cookies in common browsers are available at allaboutcookies.org.
12.4 Do Not Track
Some browsers send "Do Not Track" signals. Because the Platform does not use behavioural tracking technologies, Do Not Track signals do not materially change our data collection practices. We will update this section if our practices change.
13. Donation and Tax Receipt Privacy
13.1 Donor Privacy
Donation information — including donation amounts, frequency, campaign designations, and memos — is shared only with the Recipient Church to which the donation is made. ChurchPlan does not disclose your donation history to other Churches, third parties, or the public.
13.2 Tax Receipt Data
Personal Information included on a tax receipt (name, mailing address, donation amount, date, and any required legal identifiers) is provided to the issuing Church for the purpose of receipt generation. Receipt data is retained as required by applicable tax law (typically seven years). The Recipient Church is the legal issuer of the receipt and is solely responsible for its content and compliance.
13.3 Unified Donation Dashboard
Where the Platform provides a unified dashboard showing your donation history across multiple Churches, each Church can view only the donations made to it. No Church has visibility into your donations to other Churches. ChurchPlan may access aggregated donation logs for fraud prevention, audit, and system support purposes, subject to strict internal access controls.
13.4 Donor Anonymity
The Platform does not currently support fully anonymous donations, as applicable tax law requires donor identification for receipt issuance. Where a Church does not require a tax receipt, it may configure its settings to collect minimum information only, subject to its own policies and applicable law.
14. Jurisdiction-Specific Rights and Disclosures
14.1 Canada — PIPEDA and Provincial Laws
Canadian residents have the following rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation (including Quebec's Act respecting the protection of personal information in the private sector, Law 25):
- Right to know what Personal Information ChurchPlan holds about you and how it is used;
- Right to access your Personal Information and request corrections;
- Right to withdraw consent for non-essential processing, subject to legal and contractual limitations;
- Right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca;
- Quebec residents have additional rights under Law 25, including the right to data portability and the right to be forgotten (de-indexation) in limited circumstances.
ChurchPlan complies with CASL for commercial electronic messages. We obtain express or implied consent as required before sending commercial messages and provide a functional unsubscribe mechanism in every such message.
14.2 United States — CCPA / CPRA and State Privacy Laws
California residents and residents of other U.S. states with applicable privacy legislation have the following rights:
- Right to Know: request disclosure of the categories and specific pieces of Personal Information we collect, the purposes of collection, and the categories of third parties with whom we share it;
- Right to Delete: request deletion of Personal Information we have collected, subject to legal exceptions;
- Right to Correct: request correction of inaccurate Personal Information;
- Right to Opt-Out of Sale or Sharing: ChurchPlan does not sell or share Personal Information for cross-context behavioural advertising — this right is noted for completeness;
- Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information for purposes beyond those permitted by CPRA;
- Right to Non-Discrimination: we will not discriminate against you for exercising any CCPA/CPRA rights.
To exercise California privacy rights, contact privacyofficer@churchplan.com. We will respond within 45 days, with a possible 45-day extension for complex requests (with notice).
14.3 European Union and United Kingdom — GDPR / UK GDPR
EEA and UK residents have the following rights under GDPR and UK GDPR (Articles 15–22), as summarized in Section 9 of this Policy. In addition:
- You have the right to lodge a complaint with your local supervisory authority (listed in Section 9.4);
- Where ChurchPlan relies on legitimate interests, you may object to processing at any time and we will cease unless we can demonstrate compelling legitimate grounds;
- You have the right not to be subject to solely automated decision-making that produces legal or similarly significant effects — ChurchPlan does not currently conduct such processing;
- For data transfers outside the EEA/UK, see Section 8.2 (International Data Transfers).
ChurchPlan Inc. is incorporated and established in Ontario, Canada. GDPR and UK GDPR apply to ChurchPlan by virtue of their extraterritorial scope (GDPR Articles 3(2) and 27(2)(a); UK GDPR Articles 3(2) and 27(2)(a)) to the extent ChurchPlan processes Personal Information of individuals in the EU or UK in connection with offering services to them.
ChurchPlan does not have an establishment in the EU or UK. Each EU member state supervisory authority and the UK Information Commissioner's Office retain jurisdiction to investigate complaints from individuals in their respective territories.
For all privacy inquiries, data subject rights requests, and regulatory correspondence relating to EU or UK data subjects, please contact: privacyofficer@churchplan.com.
14.4 Australia — Privacy Act and APPs
Australian residents have rights under the Privacy Act 1988 and the Australian Privacy Principles (APPs), including:
- Right to access Personal Information ChurchPlan holds about you (APP 12);
- Right to request correction of inaccurate, incomplete, or out-of-date Personal Information (APP 13);
- Right to complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe your privacy rights have been breached.
ChurchPlan collects Personal Information about Australian residents only by lawful and fair means, provides notice of collection, and does not use or disclose Personal Information for a purpose other than the primary purpose of collection unless permitted by the APPs. This Privacy Policy is intended to satisfy APP 1's requirement for a clearly expressed and up-to-date privacy policy.
15. Data Processing Agreement — For Client Churches
This section is addressed primarily to Client Churches using the Platform. It summarizes ChurchPlan's obligations as a data processor and the Church's obligations as a data controller. A full Data Processing Agreement (DPA) satisfying GDPR Article 28 and equivalent requirements is included as Schedule A to the ChurchPlan Master Service Agreement, available at https://www.churchplan.com/master-service-agreement, and must be executed before processing data of individuals in the EU, UK, or other jurisdictions requiring a formal DPA.
15.1 ChurchPlan's Obligations as Data Processor
In processing Personal Information on behalf of Client Churches, ChurchPlan:
- processes Personal Information only on documented instructions from the Church, as set out in the Master Service Agreement and this Policy;
- ensures that personnel authorized to process Church data are bound by appropriate confidentiality obligations;
- implements and maintains the security measures described in Section 8;
- assists the Church in responding to data subject requests, data protection impact assessments, and breach notifications as required by applicable law;
- deletes or returns all Personal Information to the Church upon termination of the service relationship, subject to applicable legal retention requirements; and
- notifies the Church without undue delay upon becoming aware of a data breach affecting Church-controlled data.
15.2 Church's Obligations as Data Controller
Each Church using the Platform is independently responsible for:
- ensuring it has a lawful basis under applicable law to collect, use, and transfer Personal Information to ChurchPlan for processing;
- providing adequate privacy notices and obtaining all required consents, permissions, and authorizations from individuals whose data it uploads to or processes through the Platform;
- responding to data subject requests relating to Church-controlled data;
- complying with all applicable privacy, data protection, and charitable laws in its own jurisdiction;
- maintaining appropriate internal policies and procedures for data governance, security, and breach response; and
- notifying ChurchPlan promptly — and in any event within 48 hours — of any suspected or confirmed data breach involving Client Data hosted on or transmitted through the Platform.
15.3 Subprocessors
ChurchPlan uses subprocessors to provide the Platform, including cloud hosting, payment processing, email delivery, and support tooling. A current list of material subprocessors is available upon request by contacting privacyofficer@churchplan.com. ChurchPlan will provide at least 30 days' prior written notice before engaging a new subprocessor that may affect the processing of Church-controlled data.
15.4 Legacy Data Imports
Some Churches import existing member or donor data into ChurchPlan from prior systems as a condition of or in connection with their subscription. This section describes how such imports are governed from a privacy law perspective.
ChurchPlan's role: ChurchPlan processes imported data on behalf of the importing Church as a Data Processor only. ChurchPlan does not use imported data for any purpose other than operating the Platform features the Church has configured. ChurchPlan does not independently review, assess, or verify whether imported data was lawfully collected or whether the Church has obtained the necessary consents.
Church's responsibility: The importing Church is the Data Controller for all imported data and bears sole responsibility for: (a) ensuring it has a valid lawful basis under applicable privacy law (including GDPR, PIPEDA, CCPA, and the Australian Privacy Act) to import and process the data through ChurchPlan; (b) providing all required notices to affected individuals, or determining that notice is not required under applicable law; (c) ensuring the import complies with all applicable laws, regulations, and data subject rights; and (d) indemnifying ChurchPlan against any claims, losses, or regulatory findings arising from unlawful or unauthorized data imports initiated by the Church.
Individual rights: Individuals whose data has been imported by a Church without their prior knowledge or consent have the following options: (a) contact the relevant Church directly as the Data Controller to exercise access, correction, deletion, or objection rights; (b) self-delete your own account by visiting https://www.churchplan.com/delete-account from any browser, or submit a deletion request by emailing privacyofficer@churchplan.com; or (c) contact privacyofficer@churchplan.com if they are unable to obtain a satisfactory response from the Church. ChurchPlan will provide reasonable assistance in identifying the responsible Church and facilitating the exercise of applicable rights, but cannot override a Church's own lawful retention obligations.
Transparency: ChurchPlan's acceptance of a data import from a Church does not constitute a representation that the import is lawful or that the Church has obtained the required consents. ChurchPlan's obligations in respect of imported data are limited to those of a Data Processor acting under the Church's instructions.
16. Changes to This Privacy Policy
16.1 How We Update This Policy
ChurchPlan may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or Platform features. For material changes — including changes that expand the categories of data collected, introduce new purposes for processing, or materially affect your rights — we will provide at least thirty (30) days' advance written notice by email to the address associated with your account and by prominent notice within the Platform.
For non-material updates (such as clarifications, corrections, or changes required by law with immediate effect), we may update this Policy with shorter notice or immediately, and will note the update date at the top of this document.
16.2 Continued Use
Continued use of the Platform after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms. If you do not accept a material change, you may close your account before the effective date by contacting support@churchplan.com. Prior versions of this Privacy Policy are archived and available upon request.
16.3 Version History
This Privacy Policy includes a version number and effective date at the top of the document. Version 1.0 was the initial published version. Version 1.1 incorporated additional data collection disclosures, legal bases, and service boundary clarifications. Version 2.0 reflects updates to data collection practices, sharing disclosures, jurisdiction-specific rights, and operational policies, effective May 15, 2026.
17. Contact and Complaints
17.1 Privacy Inquiries
For any questions, concerns, or requests relating to this Privacy Policy or the handling of your Personal Information, contact:
ChurchPlan Privacy Officer 1200 Bay St. Suite 1201 Toronto, Ontario M5R 2A5 Canada Tel: 1-800-420-1140 Email: privacyofficer@churchplan.com https://www.churchplan.com/privacy-policy
17.2 Complaint Process
If you have a privacy concern, we encourage you to contact us first so we can try to resolve it directly. We will: acknowledge your complaint within five (5) business days; investigate the matter thoroughly; provide a written response within the timeframe required by applicable law; and, if we have made an error, take appropriate remedial action.
If you are not satisfied with our response, you have the right to escalate your complaint to the supervisory authority in your jurisdiction (see Section 9.4 for contact details). You also have the right to seek judicial remedy in your jurisdiction.
17.3 Other Contacts
Support: support@churchplan.com Safety and Safeguarding: safety@churchplan.com Legal: legal@churchplan.com
Legal Documents
This Privacy Policy: https://www.churchplan.com/privacy-policy Terms of Service: https://www.churchplan.com/terms-of-service Master Service Agreement: https://www.churchplan.com/master-service-agreement All Legal Documents: https://www.churchplan.com/legal
ChurchPlan Inc. — Privacy Policy v2.0 © ChurchPlan Inc. All rights reserved.
Last updated: April 22, 2026