Legal

Privacy Policy

Church Expenses App — by Christian360  ·  Last updated: April 2026

1. Who we are

Church Expenses App is a product of Christian360. In this Privacy Policy, 'we', 'us', and 'our' refer to Christian360 and its associated products.

We are the data controller for personal data collected through the Church Expenses App mobile application and this website. If you have any questions about how we handle your data, please contact us at [email protected].

2. What data we collect

When you use Church Expenses App, we collect the following categories of personal data:

2a. Data you provide directly

  • Mobile phone number (used as your account identifier and for SMS verification)
  • First and last name
  • Church or organisation name
  • Country and currency preferences
  • Expense claim details: descriptions, amounts, dates, and categories
  • Receipt images and PDF documents you upload
  • Notes and messages exchanged within the app between claimants and Finance Administrators
  • Proof of payment documents uploaded by Finance Administrators

2b. Data collected automatically

  • Device type and operating system version
  • App version
  • Crash reports and error logs (used solely for debugging)
  • Approximate location (country-level only, derived from your device locale setting)

2c. Data collected on this website

  • Name and email address submitted via contact or waitlist forms
  • Browser type and approximate location (for analytics only)
  • Pages visited and time spent on each page (anonymised analytics)

3. How we use your data

  • To provide and operate the Church Expenses App service
  • To verify your identity via SMS one-time codes
  • To send you notifications about your expense claims (approval, decline, payment confirmation)
  • To allow Finance Administrators to manage expense claims within their church group
  • To maintain a full audit trail of all expense activity within your group
  • To respond to your enquiries submitted via our website or email
  • To contact you about your waitlist registration or early access status
  • To improve the app based on anonymised usage data and crash reports
  • To comply with our legal obligations

4. Legal basis for processing

We process your personal data on the following legal bases under applicable data protection law:

Contract performance: processing necessary to provide the service you have signed up for.

Legitimate interests: processing necessary for our legitimate interests in operating and improving the service, where these are not overridden by your rights.

Consent: where you have given explicit consent, such as subscribing to our mailing list or joining the waitlist.

Legal obligation: where we are required to process data to comply with applicable law.

5. Data sharing

We do not sell your personal data. We do not share your personal data with third parties for marketing purposes.

We may share your data with the following categories of service providers who process data on our behalf under appropriate data processing agreements:

Cloud infrastructure providers (for hosting and data storage)

SMS gateway providers (for sending verification codes and notifications)

Analytics providers (using anonymised, aggregated data only)

We may also disclose your data where required to do so by law or in response to a valid legal request from a competent authority.

6. Data retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements.

Expense claim records, including receipt images and audit trail entries, are retained for the duration of your church group's subscription and for a period of seven years thereafter, to support financial record-keeping obligations that may apply to your organisation.

You may request deletion of your personal data at any time by contacting us at [email protected]. Note that some data may be retained where we have a legal obligation to do so.

7. Data security

We take the security of your personal data seriously. We use industry-standard encryption for data in transit (TLS) and at rest. Access to personal data is restricted to authorised personnel on a need-to-know basis.

Receipt images and documents are stored in encrypted cloud storage. We conduct regular security reviews of our infrastructure.

No method of transmission over the internet is 100% secure. If you believe your data has been compromised, please contact us immediately at [email protected].

8. Your rights

Depending on your location, you may have the following rights in relation to your personal data:

8a. Rights under UK/EU data protection law

  • Right of access: to obtain a copy of the personal data we hold about you
  • Right to rectification: to have inaccurate data corrected
  • Right to erasure: to request deletion of your data in certain circumstances
  • Right to restriction: to restrict how we process your data in certain circumstances
  • Right to data portability: to receive your data in a structured, machine-readable format
  • Right to object: to object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent, to withdraw it at any time

8b. Exercising your rights

To exercise any of these rights, please email [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

9. International data transfers

Your data may be processed in countries outside your country of residence. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection law, including standard contractual clauses where required.

10. Children's data

Church Expenses App is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or in-app notification. The 'Last updated' date at the top of this page reflects the most recent revision. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact and complaints

For any privacy-related questions or concerns, please contact us at [email protected].

If you are located in the UK or EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

Questions about this document? Email us at [email protected] — we aim to respond within one business day.