Privacy Policy

Last updated: 11/8/2025

1. Introduction

Friday Outreach ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application for organizing street evangelism activities worldwide.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our app, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

  • Account Information: Email address, first name, last name, phone number (optional)
  • Profile Data: Profile photo, country code, language preference, favorite meeting point
  • Location Data: Meeting point locations (latitude/longitude), city, postal code, country
  • Activity Data: Statistics reports, testimonies, training course participation
  • Device Information: Device tokens for push notifications, device type (iOS/Android)

2.2 Ministry-Related Data

  • Meeting point details (name, description, address, meeting times)
  • Ministry statistics (participants count, people addressed, Gospel received, decisions for Jesus)
  • Testimony content and follow-up status
  • Training course enrollments and completion status

2.3 Technical Data

  • Authentication tokens
  • Session information
  • Audit logs for critical actions (role changes, approvals)
  • Timestamps (created_at, updated_at, last_login)

3. Legal Basis for Processing

We process your personal data based on:

  • Consent: For marketing communications and optional features
  • Contract: To provide our services and maintain your account
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Legal Obligations: To comply with applicable laws and regulations

4. How We Use Your Information

  • Provide and maintain evangelism coordination services
  • Enable meeting point creation and management
  • Track and report ministry statistics
  • Facilitate team communication and coordination
  • Send notifications about ministry activities
  • Verify user identity and prevent unauthorized access
  • Improve our services through anonymized analytics
  • Comply with legal obligations

5. Data Sharing and Disclosure

5.1 Within the Platform

  • Meeting point leaders can view team member information
  • Public testimonies are visible to all users (when marked as public)
  • Ministry statistics are aggregated and anonymized for reporting
  • Admin users can access data within their assigned territories

5.2 Third Parties

We do not sell your personal data. We may share data with:

  • Push Notification Services: Expo Application Services (EAS) for iOS notifications and Firebase Cloud Messaging for Android notifications
  • Legal Authorities: When required by law or court order

6. Data Security

We implement strong security measures including:

  • Row Level Security (RLS) policies in our database
  • Encrypted data transmission (HTTPS)
  • Secure authentication systems
  • Role-based access control (user, admin, super_admin)
  • Audit logging for critical actions
  • Regular security updates and monitoring

7. Your Rights Under GDPR

As a data subject under the General Data Protection Regulation, you have comprehensive rights regarding your personal data. Friday Outreach operates on-premises infrastructure, giving us complete control over your data and enabling immediate processing of most requests.

7.1 Right to Access

You can request a copy of all personal data we hold about you. How to exercise: Go to Settings > Export My Data in the app (immediately downloadable) or contact us directly. Response time: Within 30 days (often immediate via automated export).

7.2 Right to Rectification

You can correct or update your personal information if it's inaccurate. How to exercise: Update directly in app settings or contact support. Response time: Immediate (in-app) or within 30 days.

7.3 Right to Erasure ("Right to be Forgotten")

You can request complete deletion of your account and personal data. How to exercise: Settings > Delete My Account. Response time: Immediate (automated process). The account deletion process is designed to be GDPR-compliant and irreversible, processed entirely on our on-premises infrastructure:

  • Your user profile and authentication data are permanently deleted from our servers
  • Device tokens and notifications are removed from our on-premises database
  • Profile photos are deleted from our local file storage systems
  • Statistics and testimonies you submitted are anonymized (personal connection removed)
  • Meeting point leadership is transferred to another user within our system
  • Administrative references are reassigned where required
  • Audit logs are anonymized but retained for security compliance (2 years maximum)
  • Email records in Resend (Ireland) are automatically purged within 30 days

⚠️ This action cannot be undone. Your account and personal data will be permanently lost.

7.4 Right to Restrict Processing

You can limit how we process your data while keeping your account. How to exercise: Contact us at privacy@fridayoutreach.com with your specific restriction request. Response time: Within 30 days.

7.5 Right to Data Portability

You can export your data in a machine-readable format to transfer to another service. How to exercise: Settings > Export My Data (JSON format). Response time: Within 30 days.

7.6 Right to Object

You can object to certain types of data processing, especially for marketing. How to exercise: Settings > Notifications. Response time: Immediate.

7.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time through the app settings.

7.8 On-Premises Data Control

Friday Outreach operates on-premises infrastructure, giving us complete control over your data:

  • Direct database access: No third-party cloud dependencies for core data
  • Immediate processing: GDPR requests processed directly on our servers
  • Full data sovereignty: Your data remains under our exclusive control
  • Enhanced security: Network-isolated infrastructure with controlled access

8. Data Processing Locations and Security

8.1 Data Processing Locations

We process your data in the following locations:

On-Premises (Primary)

All core application data processed on our own servers:

  • User accounts & profiles
  • Meeting point data
  • Ministry statistics
  • Authentication & sessions
  • File storage & backups

Resend (Ireland - EU)

GDPR-compliant email service provider:

  • Transactional emails only
  • Email verification & passwords
  • Notification emails
  • No marketing emails
  • 1-day data retention
Data TypeProcessing LocationPurposeLegal Basis
Account InformationOn-Premises (Primary)Service provision, authenticationContract: To provide our services and maintain your account
Email CommunicationsResend (Ireland - EU)Account verification, notificationsContract: To provide our services and maintain your account
Location DataOn-Premises (Primary)Meeting point managementConsent: For marketing communications and optional features
Ministry StatisticsOn-Premises (Primary)Impact tracking, reportingLegitimate Interests: For security, fraud prevention, and service improvement
Device TokensOn-Premises (Primary)Push notificationsConsent: For marketing communications and optional features
Audit LogsOn-Premises (Primary)Security, complianceLegal Obligations: To comply with applicable laws and regulations

8.2 Enhanced Data Protection

Our on-premises infrastructure provides superior data protection compared to cloud services:

  • No International Transfers: Core data never leaves our controlled environment
  • Direct Processing: GDPR requests processed immediately without third-party delays
  • Physical Security: Data centers under our direct physical control
  • Limited External Dependencies: Only Resend (EU-based) for email services

9. Data Retention

We retain your data for as long as necessary to provide our services:

  • Active Accounts: Data retained while account is active
  • Statistics & Reports: Anonymized after account deletion for historical records
  • Audit Logs: Retained for 2 years for security and compliance
  • Deleted Training Courses: Soft-deleted for compliance tracking

10. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children under 16. If you become aware that a child has provided us with personal data, please contact us.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Information

For questions about this Privacy Policy, to exercise your rights, or if you need assistance with our on-premises data processing, contact us at:

Friday Outreach

Data Protection Officer: dpo@fridayoutreach.com

General Privacy Questions: privacy@fridayoutreach.com

On-Premises Security: security@fridayoutreach.com

Response Time: We will respond within 30 days (often much faster due to direct access)

Note: Our on-premises setup allows for immediate processing of most requests without external dependencies.

14. Supervisory Authority

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority. You can find your local authority at:

European Data Protection Board - Member Authorities

Back to Home
Friday Outreach - Global Street Evangelism Platform