Privacy Policy

Dviidea Technologies is a Lagos-based software company. We operate Church Manager, a multi-tenant church administration platform available at church.dviidea.com.

For data protection purposes, Dviidea Technologies is the data processor. Each church organisation using Church Manager is the data controller for their own congregation's data.

We collect data in two contexts: church administrators who register and manage the platform, and church members whose records are entered by their church admin.

Church administrator accounts:

• Name and email address
• Church name and subdomain
• Login credentials (hashed passwords, JWT tokens)
• Audit log of actions performed

Church member records (entered by admin):

• Full name, phone number, email address
• Date of birth, gender, home address
• Department, role, membership status, join date
• Custom fields configured by the church
• Profile photo (uploaded via Cloudinary)

Children's ministry data:

• Child's name and age
• Parent or guardian name and phone number
• Pickup authorisation codes
• Check-in and check-out timestamps

Attendance and programme data:

• Service dates, programme names, attendance status per member
• QR code check-in records

Follow-up and pastoral care data:

• Worker assignment records
• Contact logs (method, outcome, notes)
• OTP codes for worker portal access (expire within 10 minutes)

Data is used solely to provide the Church Manager service to the church that controls it. Specific uses include:

• Member directory — to display, search, and manage congregation records
• Attendance tracking — to record and report service attendance
• Birthday wishes — automated WhatsApp message sent to members on their birthday, on behalf of their church
• Staff birthday reminders — WhatsApp notification sent to designated internal staff when a member's birthday occurs
• Follow-up notifications — email sent to assigned workers when a pastoral care task is created
• New month messages — optional monthly email sent to active members, if enabled by the church
• AI-powered reports — aggregated, anonymised congregation data is sent to an AI model to generate an executive summary report for church leadership
• Authentication — OTP codes sent by email for worker portal access

We do not use member data for advertising, profiling, or any purpose outside the above.

Church Manager sends WhatsApp messages via the Meta WhatsApp Business Cloud API using pre-approved message templates. Messages are only sent:

• On a member's birthday (one message per year, sent at 8:00 AM WAT)
• To designated internal staff as a birthday reminder

Members' phone numbers are stored by the church admin and used solely for these purposes. We do not send unsolicited marketing messages. All WhatsApp templates used by this platform are reviewed and approved by Meta before use.

Email messages are sent via Resend from the domain dviidea.com. Members may receive emails if their church admin enables the new month message feature, or if they are assigned as a follow-up worker.

We use the following third-party infrastructure providers. Each is engaged under a data processing agreement and handles data only as instructed:

Church Manager is a multi-tenant platform. Each church operates under its own subdomain (e.g. graceassembly.church.dviidea.com). Data is strictly isolated at the database level — no church can access, view, or affect another church's data under any circumstances.

Church data is not accessed or shared outside of what is necessary to operate and maintain the platform.

• Active accounts — data is retained for as long as the church's account remains active
• Deleted members — member records deleted by an admin are removed from the active database. Audit logs referencing that member may persist for up to 12 months
• OTP codes — expire after 10 minutes and are marked used after verification
• Kids check-in records — retained for the church's operational use; deletable by the admin
• Account closure — upon request to close a church account, all associated data is permanently deleted within 30 days

If you have questions about data held about you, or wish to request a correction or deletion, please contact your church admin directly — they manage your record. For anything you cannot resolve with your church, reach us at info@dviidea.com.

The Children's Ministry module stores basic information about minors (name, age, pickup authorisation) for the sole purpose of secure check-in and check-out at church events. This data is:

• Entered and controlled exclusively by the church admin
• Never used for marketing or shared with third parties beyond what is described in Section 5
• Accessible only to authorised church staff and the child's registered parent or guardian

Dviidea Technologies does not knowingly collect children's data independently of a church's use of this feature.

Church Manager uses browser localStorage to store your session token, church name, logo, and theme preference locally on your device. This data never leaves your browser except as part of authenticated API requests.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies. No cookie consent banner is required under our current usage.

We may update this policy as the platform evolves. When we do, the "Last updated" date at the top of this page will reflect the change. Continued use of Church Manager after any update constitutes acceptance of the revised policy.

For any privacy-related questions, data requests, or concerns: