Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Data Protection and Handling Policy

Last Updated: 2026-03-15

1. Introduction

This Data Protection and Handling Policy outlines how we collect, store, process, protect, and manage data entrusted to us by churches, ministries, and other faith-based organizations using our Software-as-a-Service (SaaS) platform ("Hamanahel Suite").

We are committed to maintaining the confidentiality, integrity, and availability of client data and to implementing appropriate technical and organizational measures to safeguard personal, financial, and organizational information in accordance with applicable privacy and data protection laws.

2. Scope

This policy applies to all systems, infrastructure, applications, personnel, contractors, and third-party service providers involved in the operation and support of the Platform.

It covers all data processed through the Platform, including:

  • Church and organizational records

  • Member and family information

  • Financial and donation records

  • User authentication data

  • Event and communication data

  • Media and document uploads

  • System logs and audit records

3. Data We Process

Depending on the modules and features utilized by a client organization, the Platform may process the following categories of data:

3.1 Personal Information

  • Names

  • Addresses

  • Phone numbers and contact details

  • Email addresses

  • Locations

  • Dates of birth

  • Wedding or anniversary dates

  • Family relationships and household information

  • Member profile information

3.2 Organizational Data

  • Church membership records

  • Ministry participation records

  • Event registrations

  • Communication preferences

  • Volunteer information

  • Attendance records

3.3 Financial Information

  • Donation history

  • Contribution records

  • Accounting and ledger information

  • Financial reports

  • Transaction records

  • Bank account information where required for operational purposes

3.4 Authentication and Access Data

  • Usernames

  • User roles and permissions

  • Authentication tokens

  • Password

3.5 Media and Content

  • Uploaded documents

  • Photos and media files

  • Event-related content

  • Church communications and announcements

3.6 Special Categories of Data

Certain deployments may include voluntary information such as:

  • Blood group information for church directories or emergency assistance programs

  • Emergency contact information

Such information is processed solely for the purposes authorized by the client organization and the data subjects.

4. Infrastructure and Hosting Security

The Platform is hosted on service provided by leading cloud providers designed for security, resilience, and scalability.

4.1 Core Services Subprocessors

  • Microsoft Azure

  • Amazon Web Services

  • Oracle Cloud Infrastructure

  • OVH

4.2 Ancillary Services Subprocessors

  • Cloudflare

  • Sentry

  • Openprovider

  • GoDaddy

  • Spaceship

  • PostHog

  • Laravel Nightwatch

  • Google Firebase

  • Google Cloud Platform

  • Meta | Whatsapp Business API

4.4 Distribution Services

  • Apple App Store

  • Google Play

5. Data Storage and Protection

5.1 Database Security

Client data is stored within Azure Database for MySQL Flexible Server or equivalent managed database services.

Security controls include:

  • Encryption at rest

  • Automated backups

  • Point-in-time recovery

5.2 File and Media Storage

Uploaded documents, photos, and other files are stored using secure storage systems with access controls and tenant-specific permissions.

5.3 Encryption

Data in Transit

All data transmitted between:

  • Users and the Platform

  • Mobile applications and APIs

  • Platform services and databases

is protected using TLS/SSL encryption.

Data at Rest

Databases, backups, and storage systems utilize industry-standard encryption technologies to protect stored information.

6. Tenant Isolation and Multi-Tenancy

The Platform is designed as a multi-tenant SaaS solution.

To ensure client data remains segregated:

  • Tenants are logically isolated from one another.

  • Access controls enforce tenant boundaries.

  • Users can only access data belonging to their organization.

  • Administrative functions are restricted according to role and tenant permissions.

7. Access Control and Authentication

7.1 Authentication

The Platform enforces secure authentication mechanisms including:

  • Session-based authentication

  • Token-based authentication where applicable

  • Password hashing using modern cryptographic algorithms such as BCrypt or Argon2

Plain-text passwords are never stored.

7.2 Role-Based Access Control (RBAC)

Access to information is governed through Role-Based Access Control (RBAC).

RBAC enables:

  • Granular permission management

  • Role-specific access to screens and features

  • Controlled Create, Read, Update, and Delete (CRUD) permissions

  • Restriction of sensitive administrative functions

7.3 Administrative Access

Access to production systems is limited to authorized personnel who require access for operational support, maintenance, or security purposes.

8. Application Security

The Platform incorporates multiple layers of security controls.

8.1 Secure Development Practices

Security measures include:

  • Parameterized database queries

  • ORM-based data access patterns

  • Input validation

  • Output encoding

  • Protection against SQL injection attacks

  • Protection against common web application vulnerabilities

8.2 Audit Logging

Critical system activities may be logged, including:

  • Authentication events

  • Permission changes

  • Sensitive data modifications

  • Administrative actions

Audit logs assist in security monitoring, compliance, and incident investigations.

8.3 Data Export Controls

When generating reports or exports such as:

  • Excel spreadsheets

  • PDF reports

sensitive security information, authentication credentials, and password hashes are excluded from output files.

9. Caching, Queues, and Temporary Data

The Platform may utilize technologies such as Redis and queue-processing services to improve performance.

These systems are used for:

  • Session management

  • Application caching

  • Background job processing

  • Notification delivery

Sensitive personal information is not intentionally retained in temporary caches beyond operational requirements.

These services operate within secured private infrastructure and are not publicly accessible.

10. Data Retention and Deletion

We retain client data only for as long as necessary to:

  • Deliver the Platform services

  • Meet legal obligations

  • Satisfy financial reporting requirements

  • Resolve disputes

  • Enforce contractual obligations

Data Deletion Requests

Upon a valid request from a client organization or authorized user, data may be deleted in accordance with applicable laws and contractual obligations.

Deletion procedures may include removal from:

  • Production databases

  • Storage systems

  • Authentication services

  • Operational environments

Backup retention periods may affect the timing of complete removal from archival systems.

11. Incident Response and Breach Management

In the event of a suspected or confirmed security incident, we follow a structured incident response process.

Containment

We may:

  • Disable compromised accounts

  • Restrict system access

  • Isolate affected infrastructure

  • Update security controls and firewall rules

Investigation

Our team will:

  • Assess the scope and impact

  • Review logs and monitoring systems

  • Determine root causes

  • Document findings

Notification

Where required by law or contractual obligation, affected clients and relevant regulatory authorities will be notified within applicable timeframes.

Remediation

Following an incident, corrective actions will be implemented to reduce the likelihood of recurrence.

12. Client Responsibilities

While we maintain extensive security controls, client organizations are responsible for:

  • Managing user access appropriately

  • Assigning permissions responsibly

  • Protecting account credentials

  • Maintaining accurate user information

  • Reporting suspected unauthorized access promptly

13. Policy Review and Updates

This policy is reviewed periodically to ensure alignment with:

  • Changes in technology

  • Security best practices

  • Regulatory requirements

  • Infrastructure updates

  • Operational changes

Material changes to this policy may be communicated through the Platform or other appropriate channels.

14. Contact Information

Questions regarding this policy, security practices, or data protection matters may be directed to:

Hamanahel Software Solutions Private Limtied policy-help@hamanahel.com

PreviousAbout usNextTerms of Service

Last updated