1. Introduction
This Privacy Policy explains how WayofLife Victorious Church ("the Church," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use our web application and Progressive Web App (PWA), collectively referred to as "the System."
By accessing or using the System, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the System immediately.
2. Legal Basis for Data Processing
We process your personal data under the following legal bases as defined by the Data Privacy Act of 2012 (RA 10173):
- Consent — You provide explicit consent when you agree to our Privacy Policy and Terms of Use upon first login, and when you voluntarily provide biometric data (facial images) for attendance verification.
- Legitimate Interest — Processing necessary for the Church's legitimate interest in managing membership, attendance, and pastoral care activities.
- Performance of a Contract — Processing required to provide the services and features you access through the System.
- Compliance with Legal Obligation — Processing required to comply with Philippine laws, regulations, and lawful orders of governmental authorities.
Republic Act No. 10173 — The Data Privacy Act of 2012 protects individual personal information and upholds the right to privacy. This policy ensures compliance with the Act, as enforced by the National Privacy Commission (NPC) of the Philippines.
3. Information We Collect
3.1 Personal Information
| Data Type | Examples | Purpose |
|---|---|---|
| Identity Data | Full name, date of birth, gender, civil status | Membership records, pastoral care |
| Contact Data | Email address, phone number, home address | Communication, notifications |
| Account Data | Login credentials, role assignments | Authentication, access control |
| Attendance Data | Event check-ins, timestamps, location | Attendance tracking, analytics |
| Engagement Data | Goals, habits, prayer requests, Bible reading progress | Spiritual growth features, pastoral insights |
| Financial Data | Donation records, tithe information | Financial transparency, receipts |
3.2 Sensitive Personal Information (Biometric Data)
Facial Recognition Disclosure — The System uses facial recognition technology powered by face-api.js (a client-side machine learning library) to verify member identity during attendance check-in. This constitutes the processing of sensitive personal information under Section 3(l) of RA 10173.
Regarding our use of facial recognition:
- What we collect: Your facial image is captured via your device camera during the QR code attendance check-in process to verify your identity.
- How it works: Face detection and comparison are performed entirely on your device (client-side) using the face-api.js library. Your facial data is processed locally in your browser and is not transmitted to our servers as raw biometric data.
- What is stored: Only verification results (match/no-match status, confidence scores, and timestamps) are stored on our servers for fraud prevention and audit purposes. Face verification logs are retained to ensure the integrity of attendance records.
- Consent: You must provide explicit, informed consent before using facial recognition features. You may decline facial verification, in which case alternative attendance methods (QR code only) will be available.
- Fraud prevention: Facial verification results and attendance fraud logs are maintained to detect and prevent fraudulent attendance entries.
3.3 Automatically Collected Data
- Device information (browser type, operating system, screen resolution)
- Session data (login timestamps, IP addresses, session duration)
- Activity logs (pages visited, features used within the System)
- Push notification subscription tokens (for web push notifications via VAPID)
4. How We Use Your Information
We use your personal data for the following purposes:
- Membership management — Maintaining accurate church membership records, branch assignments, and organizational roles.
- Attendance tracking — Recording event attendance through QR codes and optional facial verification to ensure accurate records.
- Pastoral care — Enabling church leaders to provide spiritual guidance, follow-ups, and support based on member engagement patterns.
- Communication — Sending notifications about events, prayer requests, birthday greetings, and system updates via email and push notifications.
- Analytics and insights — Generating aggregate, anonymized analytics and AI-driven insights to help church leadership make informed decisions about ministry programs.
- Financial transparency — Recording donations and tithes for financial accountability and issuing transparency reports.
- Security — Protecting accounts through session management, idle timeout enforcement, rate limiting, and fraud detection.
- System improvement — Analyzing usage patterns to enhance features, fix issues, and improve the user experience.
5. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We may share limited data with the following categories of third-party service providers, strictly under data processing agreements:
| Service Category | Purpose |
|---|---|
| Cloud Hosting & Storage | Secure storage of application data and uploaded files |
| Email Service (SMTP) | Sending transactional emails, login codes, and notifications |
| AI Services | Generating anonymized insights and predictions (no raw personal data is sent) |
| Authentication (Google OAuth) | Passwordless login option for members via Google accounts |
We may also disclose personal data when required by law, court order, or a lawful order from a government authority, in accordance with the Data Privacy Act.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes stated in this policy, or as required by applicable laws:
- Active member data — Retained for the duration of your membership and active use of the System.
- Attendance and facial verification logs — Retained for audit and fraud prevention purposes, subject to periodic review.
- Financial records — Retained in accordance with Philippine accounting and tax regulations.
- Soft-deleted records — Certain sensitive data is soft-deleted (marked as inactive rather than permanently erased) to maintain data integrity and audit trails, and may be permanently purged after a reasonable retention period.
- Session and activity logs — Retained for security monitoring and may be purged periodically.
7. Data Security Measures
We implement appropriate organizational, physical, and technical security measures to protect your personal data:
- Encryption in transit — All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
- Password security — Passwords are hashed using industry-standard algorithms (bcrypt) and are never stored in plaintext.
- Session security — Automatic idle session timeout for administrative accounts, rate limiting on login endpoints, and secure session management.
- Access control — Role-based access ensures that only authorized administrators can access sensitive member data.
- Audit logging — Critical actions are logged for accountability and security monitoring.
- Client-side biometric processing — Facial recognition runs entirely in your browser; biometric templates are not transmitted to or stored on our servers.
8. Your Rights as a Data Subject
Under the Data Privacy Act of 2012, you have the following rights:
- Right to be Informed — You have the right to know how your personal data is being collected, used, and processed.
- Right to Access — You may request access to your personal data held by us, including information on how it has been used or shared.
- Right to Rectification — You have the right to request correction of inaccurate or incomplete personal data.
- Right to Erasure or Blocking — You may request the deletion or blocking of your personal data, subject to lawful grounds and legitimate operational requirements.
- Right to Data Portability — You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
- Right to Object — You may object to the processing of your personal data, including processing for direct marketing or automated decision-making.
- Right to File a Complaint — You have the right to file a complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated.
To exercise any of these rights, please contact the Church administration. We will respond to all legitimate requests within a reasonable time frame, not exceeding thirty (30) days from receipt of the request.
9. Cookies and Local Storage
The System uses cookies and local storage for the following essential purposes:
- Session cookies — To maintain your authenticated session while using the System.
- CSRF tokens — To protect from cross-site request forgery attacks.
- PWA data — Service worker caches and local storage to enable offline functionality.
- Idle timeout tracking — Cookies to track session inactivity for administrative security.
We do not use third-party advertising or tracking cookies.
10. Children's Privacy
The System is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided personal data through the System, please contact us so we can take appropriate action.
11. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or system features. When changes are made:
- The "Last updated" date at the top of this page will be revised.
- For material changes, you may be asked to review and re-accept the updated policy through the System's policy agreement screen.
- Continued use of the System after any changes constitutes your acceptance of the revised Privacy Policy.
12. Contact Information
For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact:
WayofLife Victorious Church
Data Privacy Inquiries
Email: Contact the Church Administration
For complaints regarding data privacy, you may also contact the National Privacy Commission (NPC) at https://www.privacy.gov.ph.
Data Privacy Inquiries
Email: Contact the Church Administration
For complaints regarding data privacy, you may also contact the National Privacy Commission (NPC) at https://www.privacy.gov.ph.