KirkRegisterKirkRegister
Sign inGet started

Privacy Policy

Last updated: 3 June 2026

Draft for legal review. This policy has been prepared as a working draft. Before publishing, it should be reviewed by a qualified UK data protection adviser, particularly the sections on special category data, children's data, and the controller/processor relationship. Items in [square brackets] need to be completed.

1. Who we are

KirkRegister is a church management software service provided by I Aberdeen Ltd, a company registered in Scotland.

  • Company name: I Aberdeen Ltd, trading as KirkRegister
  • Company registration number: SC346442
  • Registered office: 63 Moss Street, Elgin, IV30 1LT, Scotland
  • ICO registration number: [ICO registration reference]

In this policy, “we”, “our” and “us” refer to I Aberdeen Ltd. “You” refers to the person reading this policy, whether you are a church administrator using KirkRegister, a member of a congregation whose details are held in the system, or a visitor to our website.

If you have any questions about this policy or about how your data is handled, contact us at privacy@kirkregister.co.uk or write to us at the registered office above.

2. Controller and processor — an important distinction

KirkRegister handles personal data in two different roles, and your rights and our responsibilities differ depending on which applies.

We are the data controller for:

  • Account data for the church administrators who sign up and log in (name, email, password)
  • Organisation and billing data for the churches that subscribe
  • Website usage and analytics data
  • Data we process to run, secure, and improve the service

For this data, this Privacy Policy explains how we use it and is the relevant notice.

We are a data processor for:

  • The member, donation, attendance, pastoral, safeguarding, and other personal data that a church enters into KirkRegister about its congregation

For this data, your church (the congregation, Kirk Session, presbytery, or other organisation) is the data controller. They decide what data to collect and why, and we process it only on their instructions under a Data Processing Agreement. If you are a member or adherent of a congregation and you have questions about how your church uses your data, please contact your church in the first instance. They are responsible for telling you how they use your data and for handling your data protection rights, with our support.

3. What data we collect

As controller, we collect and process:

  • Account data: name, email address, role, and password (stored only as a secure hash) for users who create an account.
  • Organisation data: church or organisation name, address, charity number, presbytery, and contact details.
  • Billing data: subscription plan, billing contact, and payment status. Card details are handled by Stripe and are never stored by us.
  • Usage data: log-in times, pages and features used, device and browser type, and IP address, used to operate, secure, and improve the service.
  • Support data: the content of any support tickets, emails, or messages you send us.

As processor, on behalf of churches, the service stores whatever congregational data the church chooses to enter. This may include member and adherent details, family relationships, giving and Gift Aid records, attendance, rota assignments, communications, pastoral notes, safeguarding records, and PVG/disclosure information. We do not decide what is entered — the church does.

4. Special category and sensitive data

Some of the data held in KirkRegister is special category data under UK GDPR (Article 9) or otherwise sensitive. This includes:

  • Religious belief, which may be implied by membership of a congregation
  • Health data, such as allergy or medical notes recorded for children's activities or pastoral care
  • Safeguarding and PVG/disclosure records

Where this data relates to a congregation's members, the church is the controller and is responsible for identifying the appropriate Article 9 condition for processing it (for example, the condition for not-for-profit religious bodies, or the substantial public interest condition for safeguarding). We process this data only as a processor on the church's instructions, and we apply additional technical and organisational protections to it, including restricted role-based access and audit logging of all access. Safeguarding records are subject to the strictest access controls in the system.

5. Children's data

KirkRegister can hold data about children — for example, in children's group registers, child check-in records, and baptismal records. Where this relates to a congregation, the church is the controller and is responsible for the lawful basis for processing children's data and for any necessary consents. As processor, we apply the same heightened protections to children's data as to other sensitive data, and we do not use children's data for any purpose other than providing the service to the church.

6. How we use your data (as controller)

We process the personal data for which we are the controller in order to:

  • Provide, maintain, and secure the KirkRegister service
  • Authenticate users and manage accounts
  • Process payments and manage subscriptions
  • Send service-related communications, such as password resets, billing notices, and important service updates
  • Respond to support requests
  • Understand and improve how the service is used, using aggregated and, where possible, anonymised data
  • Detect, prevent, and investigate fraud, abuse, and security incidents
  • Comply with our legal obligations

7. Legal basis for processing (as controller)

For the data for which we are the controller, we rely on the following legal bases under UK GDPR:

  • Performance of a contract — to provide the service you or your church has subscribed to, manage your account, and process payments.
  • Legitimate interests — to secure and improve the service and to prevent fraud and abuse. Where we rely on legitimate interests, we have considered your rights and interests, and you may object (see Section 11).
  • Legal obligation — to comply with our obligations under tax, accounting, and other applicable law.
  • Consent — for any optional communications. Where we rely on consent, you may withdraw it at any time.

The legal basis for member, safeguarding, and other congregational data is the responsibility of the church as controller (see Sections 2 and 4).

8. Data sharing and sub-processors

We do not sell personal data. We share data only with the service providers necessary to operate KirkRegister, who act as our sub-processors and are bound by contract to protect it:

ProviderPurposeLocation
SupabaseDatabase hosting and storageUnited Kingdom (London region)
StripePayment processingUK / EU, with international transfers
ResendEmail deliveryInternational (see Section 9)
TwilioSMS delivery, where enabled by the churchInternational (see Section 9)

We may also disclose data where required by law, court order, or to protect the rights, safety, or property of our users or the public.

A current list of sub-processors is maintained and made available to churches under the Data Processing Agreement.

9. International transfers

Our database is hosted in the United Kingdom. However, some of our sub-processors — in particular email (Resend) and SMS (Twilio) providers — may process limited personal data (such as an email address, phone number, or message content) outside the UK, including in the United States.

Where personal data is transferred outside the UK, we ensure it is protected by an appropriate safeguard recognised under UK data protection law, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfer to a country covered by UK adequacy regulations.

10. Data storage, security, and retention

Security. All data is stored on UK-based servers. Data is encrypted in transit using TLS and at rest using industry-standard encryption. Access is controlled by role-based permissions, sensitive data (including safeguarding records) carries additional access restrictions, and access to sensitive data is recorded in an audit log.

Retention.

  • Account and organisation data: retained for the duration of the subscription.
  • After cancellation: congregational data is retained for 30 days to allow reactivation or export, then permanently deleted, unless the church instructs otherwise or the law requires longer.
  • Financial and Gift Aid records: retained for 7 years to meet HMRC and accounting requirements.
  • Safeguarding records: retained in line with the church's safeguarding retention obligations, which may be considerably longer than other records. The church as controller determines this period.
  • Usage and log data: kept until manually removed or until the related organisation or person data is deleted, for security and service improvement.

Retention of congregational data is ultimately directed by the church as controller, subject to the minimum and maximum periods set out in the Data Processing Agreement.

11. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data, subject to legal retention requirements
  • Restrict processing in certain circumstances
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time, where we rely on consent

To exercise any of these rights in relation to data we control, contact privacy@kirkregister.co.uk. We will respond within one month.

If your request concerns member, safeguarding, or other congregational data, your church is the controller. Please contact your church, who will handle your request with our support.

Right to complain. If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the chance to address your concerns first.

12. Cookies

We use essential cookies only, for session management and authentication. We do not use advertising or third-party tracking cookies. [If you use any analytics that set cookies or similar identifiers — for example PostHog — describe them here and reconcile with this statement. If your analytics are genuinely cookieless and anonymised, you may state that.]

13. Changes to this policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify active subscribers by email. The “last updated” date at the top of this page always reflects the current version.

14. Contact

For any questions about this Privacy Policy or your data, contact:

I Aberdeen Ltd (trading as KirkRegister)
63 Moss Street, Elgin, IV30 1LT, Scotland
Email: privacy@kirkregister.co.uk