Privacy Policy

This policy applies to Inperia and the inperia.app website.

Inperia is the controller of account, user and billing data. For the data each church uploads about its members and contacts, the church is the controller and Inperia acts as the processor, handling it according to the church’s instructions and this agreement.

This policy supplements our Terms and Conditions.

We process the following categories of data:

• Account user data: name, email, password (stored encrypted), preferred language, roles and session data.
• Billing data: the contracted plan and payment data, processed by payment providers; we do not store your full card details.
• Member and contact data uploaded by the church: identity, contact details, family relationships, ministry information, tags, custom fields, photos, documents and notes. These may include sensitive data and data of minors.
• Usage and technical data: access logs and diagnostic information that help us keep the service secure and improve it.
• Support data: the inquiries and communications you send us.

Church membership and religious affiliation may be considered sensitive data. As the controller, the church must ensure it has the legal basis and consent required to upload this data and that of minors. Inperia applies permission-based access controls to protect this information.

We process data to provide and maintain the service, manage the account and subscription, deliver support, ensure security and prevent fraud, comply with legal obligations and improve the Platform.

Depending on the case, the legal bases include performance of the contract, consent, legitimate interest and compliance with legal obligations, in accordance with the applicable personal-data protection law.

We do not sell your data. We only share it in these cases:

• with providers that help us operate —for example, payment processing, email delivery, cloud infrastructure and authentication—, and only as needed to provide the service;
• with another church, only when you enable a linkage, in a controlled, read-only way;
• when required by law or to protect rights, the security or the integrity of the service.

To deliver the service we rely on providers that process data on our behalf (sub-processors). We select them using data-protection criteria and bind them by contract to confidentiality and security obligations equivalent to those in this policy. They work in the following categories of services:

• payment processing;
• email delivery;
• cloud infrastructure and storage;
• authentication and session management;
• service diagnostics and monitoring.

You can request the current list of sub-processors by emailing us at [email protected]. If we add new sub-processors that materially affect the processing, we will notify you.

If you enable a linkage, part of your church’s operational information becomes visible in read-only mode to another church you choose. It is always voluntary, limited in scope, and you can revoke it at any time. Account settings, billing and administration are never shared.

Our team only accesses your account with your explicit consent and for a limited time, through an audited flow. While access is active a visible notice is shown, and any Owner can revoke it. There is no emergency access without approval.

We may process data in countries other than yours through our providers. In those cases we apply appropriate safeguards to protect your information, in accordance with applicable law.

We apply soft deletion on relevant entities and retain data while the account is active. Deleting the account removes its data and breaks existing linkages.

We may retain certain information for as long as legal obligations require or for legitimate purposes, such as billing records, and keep backups for limited periods.

Each account is independent. We apply encryption in transit, permission-based access control, audit logging of sensitive actions, data minimization and good personal-data protection practices. Files are kept in private storage and only served after permissions are verified.

Subject to applicable law, you may access, rectify, delete, export or object to the processing of your data, and withdraw your consent.

For member and contact data, the church is the first point of contact as the controller, and Inperia assists it as the processor. To exercise your rights, email us at [email protected].

The Platform uses essential cookies for authentication and sessions. This site stores your theme preference locally. We do not use advertising cookies.

We may update this policy. We will notify you of material changes and will always indicate the date of the latest update.

If you have questions about privacy or the processing of your data, email us at [email protected].