Privacy Policy

Last updated: April 21, 2026

At Ministrium ("we", "our", or "the Platform"), we are committed to protecting the privacy and security of the information of our clients (churches and ministries that subscribe to our services) and end users (members of said congregations). This Privacy Policy describes how we collect, use, store, and protect your personal data, in compliance with the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA), and other internationally applicable privacy regulations.

By using the Platform, you agree to the practices described in this Policy. If you disagree with any of the terms set forth herein, please refrain from using our services.

1. Data Collection

Ministrium collects information from both the church or ministry (hereinafter, "the Client") and the congregation members (hereinafter, "End Users"). The data we may collect includes, but is not limited to:

Personal identification data: full names, email addresses, phone numbers, and postal addresses.
Organizational data: church name, multi-campus structure (districts, zones, life cells), ministerial roles, and administrative hierarchy.
Attendance and participation data: attendance records for services, events, cell meetings, and ministerial programs.
Platform usage data: activity logs, configuration preferences, IP addresses, and browsing data for analytical purposes.

End User data is entered and managed by the Client. Ministrium acts as a Data Processor for such data, with the Client being the Data Controller.

2. Financial and Payment Data

Ministrium facilitates the management of tithes, offerings, donations, and other financial transactions within the Platform. However, it is essential to clarify that:

Ministrium does NOT store, process, or have access to credit card, debit card, or any payment instrument data (PCI-DSS).
All payments are securely processed through Stripe, Inc., our certified payment services provider, which complies with the highest industry security standards (PCI-DSS Level 1).
The only financial data Ministrium records are: transaction amounts, dates, categories (tithe, offering, donation), and reference identifiers for tax reporting and internal Client accounting purposes.

For more information about Stripe's privacy practices, please refer to their Privacy Policy.

2.b Geolocation via IP for User Experience

To enhance the experience of our website forms (such as the demo request form), Ministrium uses the third-party service ipapi.co to detect the visitor's country from their IP address. This is used exclusively to pre-select the correct country flag and dial code in phone number fields.

We do not store, share, or associate this data with any user profile.
The IP is sent directly from the browser to ipapi.co and never reaches our servers.
Users can change the detected country manually at any time, and the form works normally if the geolocation request fails or is blocked.

For more information, see ipapi.co's Privacy Policy.

3. Use of Artificial Intelligence (AI CoPilot)

Ministrium integrates Artificial Intelligence capabilities through its "AI CoPilot" module, designed to assist ministerial leaders with data analysis, report generation, attendance trend detection, and automated communication drafting.

Regarding the use of AI, Ministrium guarantees the following:

AI services are provided by third-party vendors (such as OpenAI), with whom we maintain contractual Data Processing Agreements (DPA) ensuring compliance with privacy regulations.
Your church and congregation data is NOT used to train, improve, or feed any public or third-party Artificial Intelligence models. The privacy of your congregation's data is absolute.
Data processed by AI is used exclusively to generate responses and analyses within the context of the Client's account and is treated with the same security and confidentiality standards as all other information on the Platform.
The Client retains full control over the activation and deactivation of AI functionalities at all times.

4. Sharing Data with Third Parties

Ministrium operates under a strict principle of confidentiality:

We do not sell, rent, trade, or transfer personal data to third parties for advertising, marketing, or any other commercial purpose unrelated to the direct provision of our services.
Data may only be shared with:
- Essential service providers (such as Stripe for payments and cloud infrastructure providers) under strict confidentiality and data processing agreements.
- Competent authorities, exclusively when required by a valid court order or legal requirement under applicable law.

5. User Rights

In accordance with the GDPR, CCPA, and other applicable regulations, both Clients and End Users have the following rights:

Right of Access: request a copy of the personal data we hold about you.
Right to Rectification: request the correction of inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten): request the permanent deletion of your personal data from our systems, unless legal obligations require temporary retention.
Right to Data Portability: request the export of your data in a structured, machine-readable format.
Right to Object: object to the processing of your data for specific purposes.
Right to Restriction of Processing: request the restriction of processing of your data under certain circumstances.

To exercise any of these rights, the User may contact us through the channels indicated in Section 7 of this Policy. Ministrium commits to responding to all requests within a maximum of 30 calendar days.

6. Data Security

The security of your information is our priority. Ministrium implements enterprise-grade technical and organizational security measures, including:

Encryption in transit and at rest: all data is transmitted via TLS 1.2+ protocols and stored with AES-256 encryption.
Certified cloud infrastructure: our servers operate in data centers from leading providers with SOC 2 Type II and ISO 27001 certifications.
Role-Based Access Control (RBAC): data access restricted by user function and authorization level.
Continuous monitoring: intrusion detection systems and periodic security audits.
Backups: automated and redundant backups to ensure data availability and integrity.

7. Contact Information

If you have questions, concerns, or wish to exercise any of your rights in relation to this Privacy Policy, you may contact us at:

Email: support@ministrium.com
Data Protection Officer (DPO): privacy@ministrium.com

8. Changes to this Policy

Ministrium reserves the right to update or modify this Privacy Policy at any time. Any substantial changes will be notified to Clients at least 30 days in advance through the Platform and/or email. The date of the last update will be indicated at the top of this document.