Privacy Policy

1. Introduction

This Privacy Policy explains how FellowWorker (“we”, “us”, or “our”) processes personal data when you use our mobile application designed for Christian congregations to manage member data. We act as a data processor on behalf of congregations (the “Data Controllers”) who use our service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy applies to users in the European Union (EU), European Economic Area (EEA), and the United States.

2. Data Controller and Data Processor

2.1 Our Role as Data Processor

FellowWorker acts as a data processor for congregation member data. This means we process personal data only on behalf of and under the instructions of the congregation administrators (Data Controllers) who use our platform.

2.2 Congregation Administrators as Data Controllers

The congregation or organization that uses FellowWorker to manage member information acts as the Data Controller. They determine the purposes and means of processing member data, including what information is collected about congregation members.

2.3 Our Role as Data Controller

We act as the Data Controller only for the personal data we collect directly for authentication and account management purposes, specifically: your name, email address, and phone number.

3. Data We Collect

3.1 Data We Collect as Data Controller

For authentication and account management, we collect:

• Full name
• Email address
• Phone number

3.2 Data We Process on Behalf of Data Controllers

Congregation administrators may collect and store various types of member data through our platform. The specific data collected is determined by each congregation and may include membership status and other information relevant to congregation management. We process this data solely according to the instructions of the Data Controller.

3.3 Children's Data

Our service may process data about children (minors under 18 years of age). This data is entered by parents, legal guardians, or congregation administrators on behalf of the child. We do not knowingly collect personal information directly from children. Parents and guardians maintain control over their children's data and may request access, correction, or deletion at any time through their congregation administrator or by contacting us directly.

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

• Contract Performance: Processing your authentication data is necessary to provide you access to our service.
• Legitimate Interests: We may process data for analytics purposes using aggregated and anonymized data to improve our services.
• Data Processing Agreement: For congregation member data, we process according to our Data Processing Agreement with each Data Controller.

5. Data Storage and Security

5.1 Data Location

All personal data is stored on servers located within the European Union. We use industry-standard security measures to protect your data.

5.2 Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit and at rest, access controls, and regular security assessments.

6. Data Sharing and Third Parties

We share data with the following categories of third parties:

6.1 Analytics Providers

We use PostHog and Dash0 for analytics purposes. These services receive only aggregated and anonymized data and are hosted on EU-based instances to ensure GDPR compliance.

6.2 Payment Processors

For subscription payments processed through our web application, we use Apple (App Store) and Paddle as payment processors. These providers process payment information in accordance with their own privacy policies and PCI-DSS standards.

6.3 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

7. Cookies and Similar Technologies

Our web application uses essential cookies for session management and authentication. When processing payments, our payment providers (Apple and Paddle) may use their own cookies in accordance with their privacy policies. We do not use advertising or tracking cookies.

8. Data Retention

When you or a congregation administrator requests deletion of your account or data, we delete your personal data immediately from our active systems. Backup copies containing your data are automatically purged within 30 days of the deletion request. Aggregated and anonymized data that cannot be used to identify you may be retained indefinitely for analytical purposes.

9. Your Rights

9.1 Rights Under GDPR (EU/EEA Users)

If you are located in the EU or EEA, you have the following rights:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your personal data.
• Right to Restrict Processing: Request limitation of processing.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Lodge a Complaint: File a complaint with your local supervisory authority.

9.2 Rights Under CCPA (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of categories and specific pieces of personal information collected.
• Right to Delete: Request deletion of your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Opt-Out: We do not sell personal information, so this right does not apply.

9.3 Exercising Your Rights

For data we control (authentication data), contact us directly using the details in Section 12. For congregation member data, please contact your congregation administrator who will either fulfill your request or coordinate with us as needed.

10. International Data Transfers

Your data is stored in the EU. For users in the United States, your data may be transferred to and processed in the EU. We ensure appropriate safeguards are in place for any international transfers in compliance with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our application and updating the “Last Updated” date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at: