Privacy Policy

1. Introduction

BizTrack Church ("we", "us", or "our") is a church management and engagement platform operated by BZ Tracking Solution (Pty) Ltd, accessible at biztrack.church and via our mobile applications on Android and iOS.

We are committed to protecting the privacy and personal information of our users in accordance with the South African Protection of Personal Information Act, 2013 (POPIA) and other applicable data protection legislation.

This Privacy Policy explains what personal information we collect, how we use it, how we protect it, and what rights you have in relation to your data. By using BizTrack Church, you consent to the practices described in this policy.

2. Information We Collect

We collect information that you provide directly when using the BizTrack Church platform, as well as information generated through your use of the service.

2.1 Personal Information

• Name and surname
• Email address
• Contact number
• Profile picture (optional)

2.2 Church Membership Data

• Organisation (church) affiliation
• User type and role within the organisation
• Team membership and assignments

2.3 Event and Activity Data

• Event registrations and attendance records
• Check-in and check-out times
• Prayer requests and meeting requests

2.4 Household and Family Data

• Household and family relationship information
• Children's names and details (collected only with parent or guardian registration)
• Pickup codes for child checkout verification

2.5 Payment Information

Payment transactions are processed securely via PayFast, a PCI DSS-compliant payment gateway. We do not collect, store, or have access to your credit card details, bank account numbers, or other financial instrument data. PayFast handles all payment information directly.

2.6 Custom Fields

Each church organisation may define custom fields (such as baptism date, cell group, or other church-specific information). The nature and content of these fields are determined by the church organisation's administrators.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain the BizTrack Church platform and its features
• To manage your account and church organisation membership
• To facilitate event registration, check-in, and attendance tracking
• To manage prayer requests and meeting requests within your church organisation
• To enable family and household management, including child check-in and checkout
• To process payments through our payment partners
• To send transactional communications (such as event QR codes and registration confirmations)
• To provide customer support
• To improve the platform and develop new features

4. App Permissions

BizTrack Church requests the following device permissions:

5. Data Storage and Processing

• Database: Your data is stored on Supabase (PostgreSQL) hosted infrastructure with industry-standard security measures, including encryption at rest and in transit.
• Email Communications: Transactional emails (such as event QR codes and notifications) are sent via SendGrid.
• Payment Processing: All payments are processed via PayFast, which is PCI DSS compliant. We do not store any payment card or banking details.
• Device Storage: No personal data is stored on your device beyond authentication tokens required to maintain your logged-in session. These tokens are stored securely using platform-appropriate secure storage mechanisms.

6. Data Ownership and Sharing

6.1 Data Ownership

Church member data belongs to the church organisation. BizTrack Church acts as an operator (processor) of this data on behalf of the church organisation, which is the responsible party (controller) under POPIA.

6.2 No Sale of Personal Data

We do not sell, rent, or trade your personal information to any third parties. Your data is used solely for the purpose of providing the BizTrack Church service.

6.3 Church Administrator Access

Authorised administrators of your church organisation can view and manage member data within their organisation. This is necessary for the operation of the church management platform. Administrators cannot access data belonging to other organisations.

6.4 Third-Party Service Providers

We share data only with the third-party service providers listed in Section 5 (Supabase, SendGrid, PayFast), solely for the purpose of delivering the BizTrack Church service. These providers are contractually bound to protect your data and may not use it for any other purpose.

7. Children's Privacy

We take the protection of children's data seriously. Children's information is collected only as part of a parent or guardian's registration and household setup. Children's data includes:

• Name and surname
• Relationship to parent or guardian
• Event attendance and check-in records

Children's checkout is protected by secure pickup codes and QR verification to ensure that only authorised individuals can collect a child from a church event or programme.

8. Data Retention

We retain your personal information for as long as the church organisation with which you are affiliated maintains an active BizTrack Church account. If a church organisation terminates its account, all associated data will be deleted within a reasonable period, unless retention is required by law. Individual users may request deletion of their personal data at any time (see Section 10).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), encryption of data at rest, secure authentication mechanisms, and role-based access controls within the platform.

10. Your Rights Under POPIA

Under the Protection of Personal Information Act (POPIA), you have the right to:

• Be informed about the collection and use of your personal information
• Access the personal information we hold about you
• Request correction of inaccurate or incomplete personal information
• Request deletion of your personal information
• Object to the processing of your personal information
• Withdraw your consent to processing
• Lodge a complaint with the Information Regulator

To exercise any of these rights, you may contact your church administrator directly, or reach out to us at Support@biztrack.co.za. We will respond to your request within a reasonable time, and in any event within the timeframes required by applicable law.

11. Cookies and Local Storage

The BizTrack Church web application uses local storage (a browser-based storage mechanism) to maintain your authentication session. This is necessary for you to remain logged in while using the platform.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. No data is shared with advertising networks or social media platforms through cookies or similar technologies.

You can clear your local storage data at any time through your browser settings. Doing so will require you to log in again.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify users via email or through a prominent notice within the application. The "Effective Date" at the top of this policy indicates when the latest revision was made. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. Information Regulator (South Africa)

If you believe that your right to privacy has been infringed upon by BizTrack Church, you have the right to lodge a complaint with the South African Information Regulator: