PRIVACY POLICY

1. INTRODUCTION

Dankie ("we", "us", or "our"), operated by the Twelve Apostles Church in Trinity (TACT), is committed to maintaining the confidentiality, integrity, and security of your personal information. This Privacy Policy details the types of information we collect, why we collect it, how we use it, and the rights you have regarding your data.

By downloading, accessing, or using the Dankie mobile application, you explicitly consent to the data collection and processing practices described herein.

2. INFORMATION COLLECTION

We collect information to provide specific services, improve app functionality, and ensure security. The data we collect falls into three categories:

2.1 Information You Provide Directly

• Account Registration: Name, surname, mobile number, email address, physical address, and church membership affiliation (Branch/District).
• TACTSO Academic Data: Matric results, identification documents (ID numbers/passports), and academic transcripts for university application services.
• Financial Data: Banking details (Bank name, account number, branch code) for payouts and transaction processing. Note: Sensitive payment card information is handled via secure, PCI-DSS compliant third-party payment gateways and is not stored on our servers.

2.2 Automated Data Collection

When you use the Dankie app, we may automatically collect technical information, including:

• Device Information: Device model, operating system version, unique device identifiers, and IP address.
• Usage Data: Features accessed, time spent on the app, and navigation patterns to help us improve user experience.
• Diagnostics: Crash reports and performance logs to resolve technical issues.

2.3 Biometric Information

For Overseers and Committee members, we collect facial geometry data for security authentication. This is classified as Special Personal Information under POPIA.

3. BIOMETRIC DATA & SECURITY POLICIES

We treat biometric data with the highest level of security:

• Encryption: Facial data is converted into an encrypted mathematical template (embedding). We do not store raw photographs of your face on our servers.
• Processing: Verification occurs either on-device or within a secure, encrypted cloud environment.
• Non-Disclosure: Biometric data is strictly used for authentication and identity verification. It is never sold, traded, or used for surveillance, marketing, or third-party profiling.
• Deletion: Upon the termination of your administrative role or account deletion, all biometric templates associated with your profile are permanently purged from our systems.

4. HOW WE USE YOUR INFORMATION

Your data is processed for the following legitimate interests:

• Identity Verification: Ensuring authorized personnel only access administrative/financial tools.
• Administrative Service: Managing church membership rolls and district organizational structures.
• Transaction Management: Facilitating secure payouts and records for marketplace activities.
• Academic Assistance: Assisting students with university applications through TACTSO.
• Communication: Sending essential system notifications, security alerts, and organizational updates.

5. DATA SHARING & THIRD PARTIES

We do not sell your personal data. We share data only when necessary:

• Service Providers: We utilize trusted third-party providers (e.g., Firebase, Cloud Hosting) to operate our infrastructure. These parties are contractually bound to maintain strict confidentiality and security standards.
• Legal Compliance: We may disclose information if required by law, such as to comply with a subpoena, court order, or when we believe disclosure is necessary to protect our rights or the safety of our members.
• Educational Institutions: With your explicit consent, we share student data with universities or bursary providers during the application process.

6. DATA RETENTION & SECURITY

We retain information for as long as necessary to fulfill the purposes for which it was collected or to comply with statutory legal requirements (e.g., SARS/Financial record-keeping for 5 years). We employ industry-standard security measures, including AES-256 encryption for data at rest and TLS 1.3 for data in transit, to prevent unauthorized access, alteration, or destruction of your information.

7. CHILDREN'S PRIVACY

Dankie is intended for use by the church community, which may include minors. We do not knowingly collect personal information from children under the age of 13 without the verifiable consent of a parent or legal guardian. If you are a parent or guardian and believe your child has provided data, please contact us for immediate deletion.

8. YOUR RIGHTS UNDER POPIA

Under the Protection of Personal Information Act, you have the right to:

• Right to Access: Request a record of the personal information we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request the deletion of your data (subject to our legal retention obligations).
• Right to Object: Object to the processing of your data for specific purposes.

9. POLICY UPDATES

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy within the app or via registered contact details. Your continued use of the app after such changes constitutes acceptance of the updated policy.

10. CONTACT US

If you have questions regarding this policy or wish to exercise your privacy rights, please reach out to the TACT Administration office or use the support contact details provided within the "Help" section of the Dankie app.