Data Collection Disclosure - Christ Connects

This document provides a comprehensive overview of all data collection practices in Christ Connects, ensuring transparency and compliance with privacy regulations.

1. Data Collection Categories

1.1 Account Data

What we collect:

Full name and username
Email address
Profile picture and bio
Account creation date
User preferences and settings

Purpose: Account creation and authentication, profile display and personalization, communication and support.

Legal Basis: Contract performance (account services), User consent (optional profile data).

1.2 User-Generated Content

What we collect:

Text posts, comments, and messages
Uploaded photos and videos
Event descriptions and details
Group discussions and forum posts

Purpose: Content sharing and community interaction, moderation and safety monitoring, feature functionality.

Legal Basis: Contract performance (app functionality), Legitimate interest (community features).

1.3 Device and Technical Data

What we collect:

Device type and model
Operating system version
App version and build number
Device language and region
Unique device identifiers
IP address and network information

Purpose: App functionality and compatibility, troubleshooting and support.

Legal Basis: Legitimate interest (app functionality), Contract performance (service delivery).

1.4 Error and Performance Data

What we collect:

Error logs and crash reports
Stack traces
Device information at time of error

Purpose: Bug fixing and troubleshooting, app stability improvement.

Legal Basis: Legitimate interest (service improvement).

1.5 Communication Data

What we collect:

Push notification tokens
Message delivery status
Communication preferences
Support request content

Purpose: Push notification delivery, message functionality, customer support, service communication.

Legal Basis: Contract performance (communication features), Legitimate interest (service notifications).

2. Third-Party Services

2.1 Cloud Infrastructure

Services Used:

Authentication services
Database services
File storage services

Purpose: User authentication, data storage, and app hosting.

2.2 Error Monitoring

Data Collected:

App crashes and errors
Device information and stack traces

Purpose: Bug fixing and app stability.

2.3 Push Notifications

Services Used:

Push notification delivery
App updates

Purpose: Delivering push notifications to users.

3. Data Processing and Storage

3.1 Data Processing Locations

Primary: European Union (Frankfurt data center)

3.2 Data Retention Periods

Account Data: Retained while account is active
User Content: Retained until deleted by user
Error Logs: 90 days for debugging and support
Legal Holds: Extended retention if required by law

3.3 Data Security Measures

Access Controls: Role-based access with principle of least privilege
Secure Authentication: Using industry-standard authentication services

4. User Rights and Controls

4.1 Data Access and Control

Profile Settings: Users can update personal information
Privacy Controls: Granular privacy settings for content visibility
Data Export: Request copy of personal data
Account Deletion: Complete account and data removal

4.2 Consent Management

Permission Requests: Clear explanations for required permissions
Opt-out Options: Users can disable push notifications in app settings

4.3 GDPR Rights (EU Users)

Right to Access: Request information about data processing
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Delete personal data ("right to be forgotten")
Right to Restrict Processing: Limit data processing activities
Right to Data Portability: Receive data in machine-readable format
Right to Object: Object to data processing in certain circumstances

5. Children's Privacy

5.1 Age Restrictions

Minimum Age: 15 years old (self-declared)
Note: We do not collect birth date or age during registration
Parental Controls: App respects device parental controls

5.2 COPPA Compliance

Not Applicable: App is intended for users 15+
Data Practices: No collection from children under 13

6. Data Sharing and Disclosure

6.1 No Sale of Personal Data

We do not sell, trade, or rent personal information to third parties for marketing purposes.

6.2 Limited Sharing

Data is only shared in the following circumstances:

Service Providers: With trusted partners for app functionality
Legal Requirements: When required by law or court order
Safety: To protect user safety and prevent harm
Business Transfers: In case of company sale or merger

6.3 Public Content

User-generated content posted publicly is visible to other users and may be indexed by search engines.

7. International Data Transfers

7.1 Cross-Border Transfers

EU-US Transfers: Comply with Privacy Shield or Standard Contractual Clauses
Data Localization: Primary data storage in EU regions
Transfer Mechanisms: Adequate protection for international transfers

7.2 Third-Party Transfers

All third-party service providers maintain adequate data protection standards.

8. Data Breach Notification

8.1 Our Commitment

In the event of a data breach that affects your personal information, we will:

Assessment: Investigate the breach to understand its scope and impact
Notification: Notify affected users as soon as reasonably possible
Remediation: Take appropriate steps to mitigate the breach

8.2 Preventive Measures

Secure Authentication: Using secure authentication services
Access Controls: Limited access to data on a need-to-know basis

Contact Information

Data Protection Inquiry: christ.connects.dev@gmail.com

GDPR Requests: christ.connects.dev@gmail.com (Subject: "GDPR Data Request")

Response Time: Within 30 days

General Support: christ.connects.dev@gmail.com