Introduction
Aurnet is a church engagement platform providing messaging, events, rotas, sermons and media, meetings, video rooms, bible plans, giving, SMS and email communications, and related tools. We are committed to protecting your privacy in compliance with UK GDPR, the Data Protection Act 2018, and EU GDPR. This Privacy Policy explains how we collect, use, share, and protect your personal data.
Data Controller and Our Role
Aurnet Limited is a company registered in England and Wales and is registered with the UK Information Commissioner's Office (ICO). For most data about church members, your church is the data controller and Aurnet acts as a data processor, handling that data only on the church's instructions to operate the platform. Aurnet is the controller for data whose purposes it determines itself, including account credentials, billing, security and audit logs, and visitors to our marketing website.
- Organisation: Aurnet Limited, registered in England and Wales
- ICO registration: ZC101797
- Email: privacy@aurnet.co.uk or info@aurnet.co.uk
- Address: Shepherds Green Road, Birmingham, B24 8EX, United Kingdom
Lawful Basis for Processing
We process your personal data under the following lawful bases under Article 6 of GDPR:
- Consent (Art 6(1)(a)): Where you give consent, for example to receive marketing emails or for processing special category data.
- Contract (Art 6(1)(b)): To perform the service agreement with your church and provide the features you use.
- Legal Obligation (Art 6(1)(c)): To meet legal duties, such as retaining giving and Gift Aid records for HM Revenue & Customs.
- Legitimate Interests (Art 6(1)(f)): To secure the platform, prevent abuse, and improve our service, balanced against your rights.
Special Category Data (Article 9)
Membership of a church can reveal your religious beliefs, which is special category data. Free-text content you choose to share — such as prayer requests, pastoral care notes, and testimonies — may also reveal sensitive information about you or others. We process this data under Article 9(2)(d) (processing by a not-for-profit religious body in respect of its members) and, where applicable, Article 9(2)(a) (explicit consent), solely for church administration, pastoral care, and engagement. Please only share sensitive details you are comfortable providing.
What Data We Collect
- Account Data: Full name, email address, hashed password, phone number, date of birth, profile photo, gender, location, bio, an optional emergency contact, your church affiliation and role, and (if you use single sign-on) an Apple or Google account identifier.
- Church Engagement Data: Participation in events, rotas, meetings, video rooms, training, prayer requests, testimonies, giving records, and interaction with sermons and media.
- Communication Data: Messages, voice messages, reactions and polls in chat; SMS and email content; and notification history, including timestamps and recipients.
- Financial Data: Donation and giving history, Gift Aid declarations (including full name, home address and postcode), bank details (encrypted with AES-256-GCM), and payment metadata processed by Stripe.
- Media: Profile photos, church and group logos, images and documents you upload, and audio/video when you join a video room.
- Notification & Device Data: Push notification tokens, device type and platform, and the notification content we deliver to your device (which can include a sender's name and photo and your church's name and logo).
- Technical Data: IP addresses, browser and device information, security and audit logs, and diagnostic/error data.
How We Use Your Data
- Deliver and maintain the Aurnet platform and provide the features you and your church use
- Manage your account and authenticate you securely, including verifying email changes and sending security notifications
- Send push notifications, including rich notifications that show your church's logo and, for messages from people, the sender's name and photo
- Enable real-time communication features such as chat, voice messages, video rooms, SMS, and email
- Process donations and financial transactions through Stripe, and maintain giving and Gift Aid records
- Respond to your enquiries and provide customer support
- Secure the platform, prevent abuse, and produce aggregate analytics for your church
- Comply with legal, regulatory, and safeguarding obligations
Account Changes and Verification
When you update sensitive account information, we take steps to protect your security and maintain transparency:
- Email Changes: When you request an email change, your current email remains active until the new email is verified via a confirmation link. We send a notification to your current email address informing you of the change request, and a second notification when the change is confirmed.
- Password Changes: Password changes require your current password for verification. Your new password is hashed before storage; we never store passwords in plain text.
- Phone Number: You may optionally provide a phone number. This is stored to support church contact purposes and is visible to church administrators within your church only.
- Profile Updates: Changes to your name and other profile fields are applied immediately and reflected across the platform.
Push Notifications and Device Permissions
To deliver notifications to your device, we send the notification content together with a device token to Apple's and Google's push services via Expo. Rich notifications may include your church's logo and, for person-to-person notifications, the sender's name and profile photo. On iOS, to display the sender's avatar in a communication-style notification, the app shares the notification's sender details with the device's operating system. You can turn notifications off at any time in your device settings or in the app's notification preferences. The app may also request access to your camera (to scan join-code QR codes and take a profile photo), photo library (to choose images and share them in chat), microphone (to record voice messages), and calendar (to add church events) — each only when you use that feature, and you can decline or revoke these permissions in your device settings.
Optional AI Features
Some optional tools in the church admin dashboard (such as generating website titles or draft content) use a third-party AI provider (Anthropic) to process the text a church administrator enters. This only happens when a church chooses to use those features. The submitted content is processed to return a result and is not used to train the provider's models.
Data Sharing and Sub-processors
We do not sell, rent, trade, or share your personal data for advertising or profiling. We share data only with trusted providers that process it on our behalf under appropriate contracts and confidentiality. Our sub-processors include:
- Stripe: Payment processing for donations, tickets and subscriptions (PCI-DSS compliant).
- Amazon Web Services (AWS): Cloud hosting, database, file storage and email delivery, hosted in the EU (Stockholm).
- Expo: Mobile app delivery and routing of push notifications.
- Apple (APNs) and Google (Firebase Cloud Messaging): Delivery of push notifications to iOS and Android devices.
- Mux: Hosting and streaming of sermon and media video.
- LiveKit: Real-time audio and video for meetings and rooms (run on our own EU infrastructure).
- Sentry: Error and performance monitoring (hosted in the EU); diagnostic data is scrubbed of obvious personal identifiers.
- Apple and Google Sign-In: Optional single sign-on, where you choose to use it.
- API.Bible and Bible Brain: Bible text and audio content (requests carry minimal or no personal data).
- Anthropic: Optional AI content-assistance features in the admin dashboard, where a church uses them.
- Email and website providers: Email delivery and hosting of our marketing and church websites.
SMS Messaging
Where your church enables SMS, messages are sent using the church's own SMS provider account (Twilio). In that case the church is the controller for those messages and the SMS provider acts on the church's behalf, not Aurnet's. Aurnet stores the church's SMS credentials in encrypted form and facilitates sending.
Data Retention
We retain personal data for as long as your account is active and as needed to provide the service. Routine items are pruned automatically — for example, notification history after about 90 days and unused device tokens after about 180 days. When you delete your account, we permanently delete your personal data, with limited exceptions we are legally required to keep: giving and Gift Aid records are retained for 6 years for HM Revenue & Customs and are anonymised (your name is removed and replaced with a placeholder). Security and audit logs are retained with identifying details removed or replaced with a snapshot taken at the time of the action. Aggregated, non-identifying statistics may be retained.
Your Rights Under GDPR
- Right of Access (Art 15): Request and export your personal data (Export My Data)
- Right to Rectification (Art 16): Correct or update inaccurate personal data
- Right to Erasure (Art 17): Request deletion of your account and all associated data (Delete Account)
- Right to Data Portability (Art 20): Receive your data in a structured, commonly-used format
- Right to Withdraw Consent: Withdraw consent for data processing at any time
- Right to Lodge a Complaint: Contact the ICO (Information Commissioner's Office) if you believe we have mishandled your data
Data Security
- Password Security: Passwords are stored using industry-standard salted hashing (bcrypt); we never store them in plain text.
- Multi-Factor Authentication: MFA is available (email one-time codes and authenticator apps) and required for some administrative accounts.
- Data Encryption: Sensitive fields such as bank details and SMS credentials are encrypted at rest using AES-256-GCM.
- Transport Security: All data is transmitted over HTTPS/TLS encryption.
- Security Headers & Rate Limiting: We implement security headers (HSTS, CSP, X-Frame-Options) and rate limiting to prevent abuse and brute-force attacks.
- Access Controls: Data is segregated by church (multi-tenant isolation) and access is governed by role-based permissions.
- Log Minimisation: We aim to keep personal data out of application logs and scrub identifiers from diagnostic data.
International Data Transfers
Our primary data hosting and error monitoring are located in the European Union. Some of our sub-processors (such as Stripe, Apple, Google, Expo, Mux and Anthropic) are based outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision, to ensure your data remains protected.
Children's Data
Aurnet is a tool for churches and their members. Individuals should be at least 13 years old to hold an account. Churches are responsible for managing who they invite and for obtaining any parental or guardian consent required for younger members under their own safeguarding policies; the app does not itself verify age. If you believe a child's data has been provided without appropriate consent, contact us or your church administrator and we will work with the church to address it.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes before they take effect. Your continued use of Aurnet after an update constitutes acceptance of the revised policy.