Pastor HQ

Privacy Policy

Last updated 5 May 2026

How we handle the information your church entrusts to us.

Pastor HQ ("we", "us", "our") is operated from Sydney, Australia. This Privacy Policy explains what personal information we collect about churches and the people in their databases, why we collect it, how we use and protect it, and the choices you have. We are bound by the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs); where you sit in the UK or EU, we also operate under the principles of the GDPR.

This policy applies to every person whose information passes through our platform — pastors and church staff who sign in directly, and members, attenders, and visitors whose data flows in from a connected church management system.

1. Information we collect

1.1 Information you give us directly

  • Account information: name, email address, password (hashed), profile photo if provided.
  • Church information: name, address, phone number, ABN if applicable, country.
  • Billing information: handled by our payment processor (Stripe). We never see or store full card numbers.
  • Communications you send us: support tickets, feedback, sales enquiries.

1.2 Information from connected church management systems

When a church connects a system like Planning Center Online, we read the data you authorise and store a synced copy in our database so that Pastor HQ's reports run quickly. This typically includes:

  • People records: names, contact details, household relationships, dates of birth, gender, membership status, marital status, custom fields.
  • Attendance and check-in records.
  • Donations and giving history (only when explicitly authorised by a super admin with MFA enabled).
  • Group memberships and events.

Information about religious belief or affiliation, attendance at religious services, and donations to a religious organisation is treated as sensitive information under the Privacy Act and as special category data under the GDPR. We apply heightened protections to all of it.

1.3 Information collected automatically

  • Usage data: pages visited, features used, performance metrics. Used to improve the product and to investigate incidents.
  • Device and connection: IP address, browser, operating system, approximate location derived from IP.
  • Cookies: a strictly necessary session cookie for authentication. We do not use third-party advertising cookies.

2. How we use information

  • To provide and operate the platform — render dashboards, process syncs, and deliver features the church has activated.
  • To bill the church for paid plans (via Stripe).
  • To communicate about the service — incident notifications, security alerts, feature updates the customer has opted into.
  • To investigate and respond to security events, abuse, or fraud.
  • To comply with legal obligations.

We do not sell personal information. We do not display advertising. We do not train AI models on church data without explicit, separate consent.

3. Lawful basis (UK / EU only)

Where the GDPR applies, our lawful bases are:

  • Performance of a contract for the church we have a paid agreement with.
  • Legitimate interests for security, abuse prevention, and product improvement (balanced against the rights of data subjects).
  • Consent for any processing of special category data — the customer church obtains this from its members via its own enrolment / membership processes.
  • Legal obligation where we're required to retain or disclose information.

4. How we share information

We share personal information with subprocessors who help us deliver the service. Each one is bound by a written agreement that prohibits using the data for any purpose other than what we've contracted them to do. Our complete list lives at pastorhq.com/legal/subprocessors and is updated whenever a subprocessor is added or removed.

We do not share information with any other third party except:

  • To the church the data belongs to, on request.
  • If required by Australian law or by a valid court order. We'll push back on overbroad requests and notify the affected customer where legally permitted.
  • In connection with a business transfer (acquisition, restructure). We'll give notice and ensure the recipient is bound by equivalent privacy commitments.

5. Data retention

We retain personal information only as long as we have a lawful purpose to do so. In practice:

  • Active churches: data is retained for the life of the connection.
  • Disconnected churches: synced data is retained for 30 days, after which it is purged unless the church requests an export first.
  • Backups: are encrypted and rotate on a 35-day schedule. Deletion in production propagates to backups within that window.
  • Audit logs: retained for 12 months.
  • Billing records: retained for 7 years to meet Australian tax requirements.

6. Your rights

Under the Privacy Act and (where applicable) the GDPR, you have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion (subject to retention obligations above).
  • Receive a portable export of your information.
  • Object to certain processing activities.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, or with your local supervisory authority in the UK / EU.

To exercise any of these rights, email privacy@pastorhq.com. For information about a member or attender at a particular church, contact the church directly first — they are the data controller of that information.

7. Security

We follow industry-standard security practices: encryption in transit (TLS 1.2+) and at rest, envelope-encrypted ChMS credentials in AWS KMS, MFA-required access to donation information, audit logs of every data access, and incident response playbooks. Our full security overview is at pastorhq.com/legal/security.

8. International transfers

Pastor HQ's primary infrastructure is in Sydney, Australia (Supabase ap-southeast-2; AWS ap-southeast-2). Some subprocessors operate globally (Stripe, Sentry, Inngest); transfers outside Australia are protected by Standard Contractual Clauses or equivalent.

9. Children

Pastor HQ is sold to churches, not directly to children. Where a church has children's personal information in its database (e.g. kids check-in), the church remains the data controller and is responsible for obtaining parental consent in line with its local laws. Australia's Children's Online Privacy Code applies from 10 December 2026 — we will publish any product changes required to comply ahead of that date.

10. AI features and automated decision-making

Some Pastor HQ features may use AI to summarise content, suggest pastoral follow-ups, or generate content. AI features are off by default and only run on data the customer church has explicitly opted in. We do not make decisions that produce legal or similarly significant effects on individuals automatically — the pastor is always in the loop. Australia's ADM transparency obligations commencing 10 December 2026 will be reflected here ahead of that date.

11. Changes to this policy

We'll post any material changes to this page with a new "last updated" date and notify active customers by email at least 14 days before they take effect.

12. Contact

Privacy enquiries: privacy@pastorhq.com
Postal: Pastor HQ, Sydney, NSW, Australia (full registered address available on request)