Your privacy matters

We use cookies to improve your experience, analyse site traffic, and support our marketing efforts. You can accept or decline non-essential cookies. Read our Cookies Policy.

Church Loop
Get started

Privacy Policy

Last Updated: 14 April 2026

Welcome to Church Loop. We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (www.churchloop.co) and our church management software services.

Church Loop is a SaaS platform designed specifically for UK churches to manage visitor follow-up, event ticketing, people profiles, and team collaboration.

1. Important Information and Who We Are

Data Controller

Church Loop ("we", "us", or "our") is the data controller and is responsible for your personal data. If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email address: hello@churchloop.co
Website: www.churchloop.co

Data Processor Role

When a church (our "Customer") uses our platform to manage their own congregation's data (e.g., visitor names, notes, SMS history, event sign-ups), the church is the Data Controller, and Church Loop is the Data Processor. In these instances, we process data only on the instructions of the church and in accordance with our Data Processing Agreement (DPA).

2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you. The exact data we collect depends on whether you are visiting our website, using the Church Loop service as part of a church team, or whether your church has added your details to Church Loop for follow-up or event management.

We have grouped the data we may process as follows:

  • Identity Data: First name, last name, and (where relevant) a username or similar identifier.
  • Contact Data: Email address, telephone number, and (if you are a paying customer) billing address.
  • Account Data: Login credentials and basic account details for authorised users.
  • Customer/Church Organisation Data: Church name, team member roles, settings, and related administrative information.
  • Notes & Pastoral/Follow-up Data:Notes added by church users about a person's journey stage, interactions, and follow-up progress. (We understand this can sometimes include sensitive information if a church chooses to record it—see "Special category data" below.)
  • Messaging Data: Content and metadata associated with messages sent via Church Loop (e.g., SMS/email content, delivery status, timestamps, recipients). If your church connects third-party messaging providers, those providers will also process message data.
  • Event Data: Event sign-ups, ticketing information, attendance/check-in status, and related event communications.
  • Form Data: Information submitted through custom forms created by a church (for example, visitor cards, event registration forms, serving team forms).
  • Financial Data: Payment and subscription information for our customers (processed via secure third-party payment providers; we do not store full payment card details ourselves).
  • Technical Data: Internet protocol (IP) address, device identifiers, login data, browser type and version, time zone setting and location, and platform details.
  • Usage Data: Information about how you use our website and software (for example, feature usage and interactions).
  • Support Data: Information you provide when you contact us for help (e.g., emails and any details you include in support requests).

Special category data: Church Loop is not designed to require churches to store special category data (such as health information or detailed pastoral counselling notes). However, churches may choose to enter sensitive information into free-text notes or form fields. Where this happens, the church (as Data Controller) is responsible for ensuring they have a valid lawful basis and condition for processing under UK GDPR, and for limiting what they record to what is necessary.

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to. In practice, we use personal data to run Church Loop, help churches follow up people well, and keep the service secure and reliable.

Most commonly, we use your personal data in the following circumstances:

  • Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you (for example, to create accounts, provide the Church Loop service, and provide customer support).
  • Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example, improving the service, preventing fraud, and keeping our records up to date).
  • Comply with Legal Obligations: Where we need to comply with a legal or regulatory obligation (for example, accounting and tax requirements).

Where a church uses Church Loop to process church member/visitor data, the church is typically the Data Controller and Church Loop acts as a Data Processor. In that case, the church determines the purposes and legal basis for processing that data, and we process it only on the church's documented instructions.

4. Purposes for Which We Will Use Your Personal Data

We use personal data for the following purposes:

  • To provide the Church Loop service: Creating and managing user accounts, keeping people profiles in one place, and enabling churches to record and organise follow-up.
  • To help churches follow up visitors and keep in touch: Enabling follow-up journeys, tasks, team collaboration, and sending SMS/email messages through the platform.
  • To manage events: Handling event setup, sign-ups/registration, ticketing where applicable, attendance/check-in, and event communications.
  • To manage our relationship with you: Communicating with customers and users about updates, important service messages, and changes to our terms or this Privacy Policy.
  • To provide customer support: Responding to requests, troubleshooting issues, and improving our help resources.
  • To keep Church Loop safe and working properly: Monitoring for security issues, preventing abuse, and maintaining the reliability of the service.
  • To improve our website and product: Understanding how the service is used (in aggregated or appropriate analytics form) so we can make it calmer, simpler, and more useful for church teams.
  • To handle billing and administration: Managing subscriptions, invoices, and payments (via our payment providers).

5. Disclosures of Your Personal Data

We may share your personal data with the parties set out below:

  • Service Providers: Third-party providers who provide IT, system administration, SMS delivery, email delivery, and payment processing services (e.g., Stripe, AWS).
  • Professional Advisers: Including lawyers, bankers, auditors, and insurers.
  • HM Revenue & Customs: Regulators and other authorities based in the United Kingdom.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

6. International Transfers

While we focus on serving UK churches, some of our third-party service providers may be based outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transferring data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Using specific contracts approved for use in the UK which give personal data the same protection it has in the UK (Standard Contractual Clauses).

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

8. Data Retention

We will only retain personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for legal, regulatory, tax, accounting, or reporting requirements.

Because Church Loop is used by churches to manage people and events over time, retention periods can vary. In general:

  • Customer account and billing records: Kept for as long as you have an account with us, and afterwards for as long as needed to meet legal and accounting requirements.
  • Church member/visitor data (including names, contact details, notes, messages, and event data): Kept for as long as our customer (the church) chooses to keep it in their Church Loop account. When a customer deletes data within the product, we will delete or anonymise it in line with our systems and backups within a reasonable period.
  • Support communications: Kept for as long as necessary to handle your request and maintain support history, then deleted or anonymised when no longer needed.
  • Technical logs: Kept for security and reliability purposes and retained for a limited period appropriate to those purposes.

If you would like more detail about retention for a specific category of data, please email us at hello@churchloop.co.

9. Your Legal Rights

Under UK data protection laws, you may have rights in relation to your personal data. These include the right to:

  • Request access to your personal data (a "data subject access request").
  • Request correction of inaccurate or incomplete personal data.
  • Request erasure of your personal data (in certain circumstances).
  • Object to processing where we are relying on legitimate interests (in certain circumstances).
  • Request restriction of processing (in certain circumstances).
  • Request data portability (transfer of your personal data to you or a third party, where applicable).
  • Withdraw consent at any time where we rely on consent (where applicable).

Important note (church-managed data): If your data has been added to Church Loop by a church (for example as a visitor, member, or event attendee), that church is usually the Data Controller. The fastest way to exercise your rights for that data is often to contact the church directly. If you contact us, we will help by directing your request to the relevant church or supporting them in responding, as appropriate.

If you wish to exercise any of the rights set out above, please contact us at hello@churchloop.co.

You also have the right to make a complaint to the UK Information Commissioner's Office (ICO). We'd appreciate the chance to put things right first, so please do get in touch with us if you have concerns. You can find the ICO at ico.org.uk.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your legal rights, please contact us:

Church Loop
Email: hello@churchloop.co
Website: www.churchloop.co