JuanChurch ("we", "us", or "our") is committed to protecting the privacy of your church and its members. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data.
By using JuanChurch, you agree to the practices described in this policy. If you disagree, please stop using the service and contact us to have your data removed.
Philippine churches: JuanChurch operates in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules. Church administrators are considered personal information controllers under this law. JuanChurch acts as a personal information processor on your behalf.
1. Who This Policy Applies To
This policy applies to three types of people who interact with JuanChurch:
- Church Admins — people who register a church and manage the admin panel.
- Church Members — individuals whose records are entered into the system by church admins.
- App Users — members of the public who log in via the JuanChurch Member Hub mobile app.
2. Information We Collect
2.1 Church Admin Accounts
When a church registers on JuanChurch, we collect:
- Church name, subdomain, and short name
- Church contact details (email, phone, address)
- Church timezone and currency preference
- Church logo (uploaded image)
- Admin name, email address, and hashed password
- Last login timestamp
2.2 Member Records (entered by church admins)
Church admins may enter the following information about their church members:
- Full name, nickname, and suffix
- Date of birth and gender
- Mobile number and email address
- Home address
- Civil status and member status
- Date joined and household/family grouping
- Ministry assignments and roles
- Profile photo
- Financial giving records (amount, date, fund category, payment method)
- Internal notes
Church admins are responsible for obtaining the consent of their members before entering this information. JuanChurch does not independently collect or verify this data — it is entered entirely by church admins.
2.3 App Users (Member Hub mobile app)
When someone logs into the JuanChurch Member Hub app via Google or Facebook, we receive from the OAuth provider:
- Name and email address
- Profile photo URL
- OAuth provider identifier (used to identify your account)
We also store:
- The church the app user is associated with
- Firebase Cloud Messaging (FCM) device token (for push notifications)
- Last login timestamp
2.4 Automatically Collected Data
When you use JuanChurch, we may automatically collect:
- Browser type and version
- IP address
- Pages visited and actions taken within the admin panel
- Error logs for debugging purposes
This data is used solely for operating, maintaining, and improving the platform.
3. How We Use Your Information
We use the information we collect to:
- Provide and operate the JuanChurch platform and Member Hub app
- Authenticate church admins and app users
- Scope each church's data to their own subdomain (multi-tenant isolation)
- Send transactional emails (e.g., registration confirmation, trial expiry notices)
- Send push notifications to app users when a church publishes an announcement
- Generate public event pages when an admin marks an event as public
- Enforce subscription plan limits and trial access
- Respond to support requests and account inquiries
- Improve platform stability and fix bugs
We do not use your data for advertising, profiling, or selling to third parties.
4. Data Isolation Between Churches
JuanChurch is a multi-tenant platform. Every church's data is logically isolated by a
church_id scoped to their subdomain.
No church admin can access another church's members, finances, or events.
Super admins (JuanChurch platform operators) can view church account information for support and
billing purposes, but do not routinely access member-level data.
5. Third-Party Services We Use
JuanChurch relies on the following third-party services to operate. Each has their own privacy policy:
Google (OAuth + Firebase)
Used for social login in the Member Hub app (via Google OAuth) and for push notifications (via Firebase Cloud Messaging). We send FCM device tokens to Google's Firebase servers to deliver push notifications. See Google's Privacy Policy.
Facebook / Meta (OAuth)
Used as an alternative social login option in the Member Hub app. We receive your name, email, and profile photo from Facebook during login. See Meta's Privacy Policy.
Hosting and Infrastructure
JuanChurch is hosted on a VPS (Virtual Private Server) managed via Laravel Forge and served through Nginx. Your data is stored on servers located in our chosen cloud region. We take reasonable physical and technical security measures to protect server infrastructure.
Email Delivery
Transactional emails (registration confirmations, notifications) are delivered via an email service provider. These emails may include your name and church details as necessary for the message content.
6. Public Event Pages
When a church admin publishes an event and marks it as public, a shareable page is generated on the church's subdomain (e.g., gracechapel.juanchurch.com/events/sunday-service). This page is publicly accessible and may be indexed by search engines. It displays:
- Event title, date, time, and venue
- Preacher name and preaching title
- Song lineup
- Church name and logo
- Program items and assigned volunteer names
Church admins are responsible for ensuring that any personal information displayed on public event pages (such as preacher or volunteer names) is done with the consent of the individuals named.
7. Data Retention
We retain your data as follows:
- Active accounts: All data is retained for as long as your church account is active.
- Suspended accounts: Data is retained for 90 days after suspension, then permanently deleted.
- Deleted accounts: Upon request for deletion, data is removed within 30 days.
- App user accounts: Retained while the account is active. Deletable upon request.
- Server logs: Automatically purged on a rolling 30-day basis.
8. Your Rights
Under the Philippine Data Privacy Act of 2012 and general data protection principles, you have the right to:
- Access — request a copy of the personal data we hold about you or your church.
- Correction — request that inaccurate or outdated data be corrected.
- Erasure — request deletion of your personal data, subject to legal retention requirements.
- Data portability — request an export of your church's data in a usable format.
- Objection — object to certain types of processing.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at hello@juanchurch.com. We will respond within 15 business days.
Note for church admins: If a church member asks you to delete or correct their record, you can do so directly from the Members section of your admin panel. You do not need to contact us for individual member record changes.
9. Data Security
We take data security seriously and apply the following measures:
- All passwords are hashed and never stored in plain text
- Admin sessions use secure, HTTP-only cookies
- API authentication uses Laravel Sanctum token-based auth
- All data is transmitted over HTTPS (TLS)
- Each church's data is strictly isolated by tenant ID at the application level
- Server access is restricted to authorized personnel only
No system is 100% secure. In the event of a data breach that affects your information, we will notify affected church admins within 72 hours of becoming aware of the breach, as required by law.
10. Children's Privacy
JuanChurch allows church admins to record information about children (e.g., as household members or in youth ministry assignments). This data is entered and controlled entirely by the church admin. The church is responsible for ensuring that a parent or guardian has consented to the recording of a child's personal information.
The Member Hub mobile app is not intended for use by individuals under 13 years of age.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify church admins via email or a notice in the admin panel. Continued use of JuanChurch after changes take effect constitutes acceptance of the revised policy.
12. Contact Us
For privacy-related questions, data requests, or concerns, please contact our Data Privacy Officer:
- Email: hello@juanchurch.com
- Website: juanchurch.com
You also have the right to file a complaint with the National Privacy Commission of the Philippines if you believe your data rights have been violated.