Privacy Policy

Privacy Policy

Last updated: 1 Sept 2025

Edeso (“we,” “our,” “us”) provides a church management system that helps churches and faith-based organizations manage their communities. This Privacy Policy explains how we process personal data when you use our Services, and what rights individuals have under data protection laws.

1. Who We Are

Edeso operates as a data processor on behalf of our clients (churches).

• Churches act as data controllers: they decide what personal data is collected, for what purpose, and on what legal basis.
• Edeso acts as a processor: we process data strictly in accordance with the instructions of the church.

For questions about how your data is used, you should first contact your church directly. You may also contact us using the details at the end of this Policy.

2. Types of Personal Data We Process

Depending on how churches configure their accounts, we may process the following categories of data:

• Contact details: name, email, phone number, address
• Account activity: login and logout dates, attendance records, session logs
• Membership information: status, roles, groups, family links
• Religious and community-related data: such as baptizing dates or other custom fields defined by the church (considered special category data under GDPR)

3. Purpose of Processing

We process personal data only for the purpose of providing the Services to our client churches, including:

• User account creation and access management
• Membership tracking and community organization
• Attendance records and activity logs
• Event management and group administration
• Reporting and analytics for church leaders

We do not use personal data for advertising, profiling, or resale.

4. Legal Basis for Processing

Since Edeso acts as a processor, the legal basis for processing is determined by the church as the data controller. Typically, churches rely on:

• Consent (e.g., voluntary membership data)
• Contractual necessity (e.g., providing church-related services)
• Legitimate interests (e.g., community management)
• Legal obligations (e.g., financial records)

5. Special Category Data

Some data processed in Edeso may reveal religious beliefs, such as baptism or membership records. This qualifies as special category data under GDPR.

• Edeso processes such data only under the documented instructions of the church.
• Churches must ensure they have a valid legal basis under Article 9 GDPR (such as explicit consent from members).

6. Data Retention

• Data is retained for as long as the church maintains an active subscription with Edeso.
• Upon termination, data is deleted or anonymized within 3 months, unless retention is required by law.
• Backup copies are deleted in accordance with our retention policy.

7. Sharing of Data

We do not sell or trade personal data. We may share data only with:

• Authorized sub-processors (such as hosting providers, IT support, or email delivery services).
• Legal authorities if required by law.

All sub-processors are contractually bound to data protection standards equivalent to this Policy.

8. International Data Transfers

Personal data may be transferred outside the country of origin.

• For transfers from the European Economic Area (EEA) or UK, Edeso uses Standard Contractual Clauses (SCCs) or relies on adequacy decisions.
• Sub-processors outside the EEA/UK are contractually required to implement equivalent safeguards.

9. Data Security

We apply technical and organizational measures to safeguard data, including:

• Encryption of data in transit and at rest
• Role-based access controls and authentication
• Regular monitoring, logging, and audits
• Secure hosting with industry-standard protections

10. Data Subject Rights

Individuals (church members) have rights under data protection law, including:

• Right of access (to know what data is held)
• Right to rectification (correction of inaccurate data)
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

How to exercise rights:

• Contact your church directly, as the data controller.
• Edeso will support the church in fulfilling these requests.

11. Children’s Data

Edeso may be used by churches to manage children’s ministries.

• Churches are responsible for obtaining parental or guardian consent where required.
• Edeso does not knowingly allow children to create accounts without parental involvement.

12. Cookies & Tracking

Edeso may use cookies or similar technologies for:

• Authentication and login sessions
• Security (e.g., fraud prevention)
• Service functionality (e.g., remembering user preferences)
• Marketing data
• Analytics data

We do not use cookies for advertising.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last updated” date.

14. Contact Us

If you have any questions about this Privacy Policy or how your data is processed, please contact:

Edeso
Email: contact@edeso.app
Website: https://edeso.app