Legal

Privacy Policy

How Ekklesia collects, uses, and protects personal data — for church organisations and their members.

Last updated: May 2025

Summary:Ekklesia, operated by Nylank Technologies, collects only the data necessary to provide our church management platform. We never sell your data and we comply with applicable data protection law including GDPR principles. Church members' data is processed on behalf of the church organisation using Ekklesia.

1. Who We Are

Ekklesia is a SaaS platform for church administration and member engagement, operated by Nylank Technologies ("we", "us", "our"). This Privacy Policy explains how we collect, use, and protect personal data when you use our website (ekklesia.app) and the Ekklesia platform.


If you have any questions about this policy, please contact us at hello@ekklesia.app.

2. Data We Collect

We collect data in the following ways:


a) Data you provide directly
  • Account registration: name, email address, organisation name, phone number.
  • Contact form submissions: name, email, message content.
  • Church member data entered into the platform by church administrators.

    • b) Data collected automatically
  • Usage data: pages visited, features used, session duration.
  • Technical data: IP address, browser type, operating system, device type.
  • Cookies and similar tracking technologies (see Cookie section below).

    • c) Data provided by church administrators

    Church organisations using Ekklesia may enter member data on behalf of their congregations. In this context, Nylank Technologies acts as a data processor and the church organisation acts as the data controller.

    3. How We Use Your Data

    We use your personal data to:

  • Provide, operate, and maintain the Ekklesia platform.
  • Process account registrations and manage your subscription.
  • Respond to enquiries and provide customer support.
  • Send product updates, security notices, and service communications.
  • Improve the platform through aggregated, anonymised analytics.
  • Comply with our legal obligations.

    • We do not use your data for advertising or sell it to third parties.

    4. Legal Basis for Processing (GDPR)

    Where the General Data Protection Regulation (GDPR) applies, our legal bases for processing personal data are:

  • **Contractual necessity**: to provide the platform services you have signed up for.
  • **Legitimate interests**: to improve our services, ensure platform security, and communicate relevant product updates.
  • **Legal obligation**: to comply with applicable law.
  • **Consent**: where we ask for your consent (e.g. marketing communications), which you may withdraw at any time.

    • 5. Data Sharing

    We do not sell, rent, or trade your personal data. We may share data with:

  • **Service providers**: trusted third-party providers (e.g. cloud infrastructure, email delivery) who process data on our behalf under data processing agreements.
  • **Legal authorities**: where required by law, court order, or to protect the rights and safety of our users and third parties.

    • All sub-processors are held to equivalent data protection standards.

    6. Data Retention

    We retain personal data only as long as necessary for the purposes for which it was collected:

  • Active account data: retained for the duration of the account plus 30 days after cancellation.
  • Church member data: controlled by the church organisation. Upon account termination, data is deleted within 30 days.
  • Contact form submissions: retained for 12 months.
  • Anonymised analytics: retained indefinitely.

    • 7. Data Security

    We implement technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest (AES-256).
  • Access controls and role-based permissions.
  • Regular security assessments.
  • Hosting on AWS infrastructure with enterprise-grade security controls.

    • No system is completely secure. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority as required by law.

    8. Your Rights

    Depending on your location, you may have the right to:

  • **Access** the personal data we hold about you.
  • **Correct** inaccurate or incomplete data.
  • **Delete** your personal data (right to erasure).
  • **Restrict** or **object** to certain processing activities.
  • **Data portability**: receive your data in a machine-readable format.
  • **Withdraw consent** at any time where processing is based on consent.

    • To exercise any of these rights, please contact us at hello@ekklesia.app.

    9. Cookies

    Ekklesia uses cookies to:

  • Keep you logged in (session cookies — strictly necessary).
  • Remember your preferences.
  • Understand how visitors use our website (analytics — optional).

    • You can control cookie preferences through your browser settings. Disabling strictly necessary cookies may affect platform functionality.

    10. Children's Privacy

    Ekklesia is not intended for use by persons under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-platform notification at least 14 days before the changes take effect. The current version of this policy is always available at ekklesia.app/privacy.

    12. Contact

    For any privacy-related questions or to exercise your data rights, please contact:


    Nylank Technologies

    Email: hello@ekklesia.app

    Terms of Service →Acceptable Use Policy →Contact Us →