ChurchDekv0.4

Legal

Data Protection

Governance, roles, retention, and your data subject rights.

Last updated May 18, 2026 · ChurchDek operated by Tecunit

Roles

For congregation and staff data entered into ChurchDek, your church is typically the data controller and Tecunit is the data processor.

For account, billing, and platform telemetry relating to church administrators, Tecunit may act as controller for those limited purposes.

Security program

We maintain administrative, technical, and organizational measures including access control, audit logging, tenant isolation, encryption in transit, and staff confidentiality obligations. Details of encryption are described on our Data Encryption page.

Data subject requests

Members wishing to access or delete personal data should contact their church leadership first. Churches can export or amend records within ChurchDek where permissions allow.

Individuals may also contact contact@tecunitgh.com with subject “Data Protection” if the church does not respond within a reasonable time. We will coordinate with the relevant workspace owner.

Data Processing Agreement

Enterprise and data-protection-sensitive customers may request a Data Processing Agreement (DPA) outlining subprocessors, breach notification timelines, and audit rights. Email sales@tecunitgh.com.

Breach notification

If we become aware of a personal data breach likely to affect your church, we will notify workspace owners without undue delay and provide information needed to meet your regulatory obligations.

Retention & deletion

Active tenants: data retained per church configuration and legal needs. After subscription ends, production data is deleted or anonymized within a defined period except where law requires retention (e.g. billing records).

Backups may persist for a limited window; deleted production data is purged from backups on rolling schedules.

Subprocessors

Hosting, database, email, SMS, and payment partners process data under written agreements requiring confidentiality, security, and deletion on termination. Subprocessor changes are communicated to DPA customers when material.

Cross-border processing

Churches in the EU/UK, Ghana, US, and other regions may have different statutory requirements. We apply appropriate transfer mechanisms and assist churches with impact assessments on request.