Last updated: March 6, 2020
Please contact us with any questions: firstname.lastname@example.org
- Personal Information — Any factual/subjective information, recorded or not, about an identifiable individual.
- PIPEDA — The Personal Information Protection and Electronic Documents Act defines a Canadian company’s obligations to define and maintain consent around individual’s personal information.
- Data Residency — The geographical location where data is stored.
Collection of Personal Information
- To help prevent abuse IP addresses are stored when submitting a support ticket, purchasing a product, logging into a client billing and support account, or using our email services.
- To help guide decision-making non-identifying visitor analytics may be stored by our own and client websites. Client websites may also embed various content subject to respective policies.
Protection of Personal Information
- To help protect against manipulation or observation by a third party, connections to our websites, client websites and email services are encrypted with Transport Layer Security (TLS).
- Credit card data entered on our billing and support website (my.churchwebsupport.com) is transferred directly to our payment processor. For some accounts, credit card data is held in server memory until securely transferred to our payment processor, after which only an identifying token is stored.
- Billing and support data is protected by a combination of in-transit and at-rest data encryption, enforced internal multi-factor authentication, rolling backups, and redundant storage.
- Client website data is protected by rolling (20 automatic and 10 manual) backups, with automatic backups made upon each republishing or major design change.
Retention of Personal Information
- Email service logs, which may include IP addresses, are retained for up to 14 days to help operate and maintain the service.
- Email service statistics for each operated domain and user (such as message, spam/virus filtering, and connection counts) are retained for up to 3 months to help guide ongoing maintenance.
- Former client billing and support data is deleted if no invoicing or transaction activity occurs for 36 months.
- Client website data is stored until deletion is requested, or upon termination.
Access to Personal Information
- Client data can be requested, amended and/or deleted within 30 days, upon verified request.
- Client websites, including images and files, can be exported from the website editor at any time, or upon request.
- Cookie notices are displayed as applicable to inform our client and website visitors of data collection.
Disclosure of Personal Information
- Information is only ever disclosed to third parties as required by law, or to provide the above services.
Location of Personal Information (Data Residency)
- Email services are operated and stored within the United States.
- Billing and support data is operated and stored within Canada.
- Client website data is stored globally (from distributed nature of the platform).
- March 6, 2020 — Added “Data Residency” to Location of Personal Information section. Removed “Explicit opt-in consent is used on applicable form submissions” from Access to Personal Information section, as not all forms use opt-in concent for submission. Updated credit card handling to include embedded payment processing. Fixed grammar mistakes.
- November 22, 2019 — Increased Email service logs to 14 days, added Location of Personal Information section.
- May 6, 2019 — Added Definition and Disclosure sections.