church website privacy policy

Do We Need a Church Website Privacy Policy? (including GDPR update)

A church website privacy policy would be a page on your website that explains how your church  collects personal information and how you use it.

church website privacy policy

Even an initial site for your supporters might be set up to collect information. Most church websites offer some or all of the following data collection forms:

  • Email newsletter signup
  • Contact us
  • Online donation

If someone signs up for your newsletter, do you make it plain what you’re going to do with their email address? Do you set a cookie on their browser (even ethically) so that they’ll see your online ad before a big event you’ll promote?

I’m a little torn on this – on the one hand it sounds a little over-the-top for small, startup, volunteer organizations to go to this kind of trouble. My first reaction was, “For real?!?”

Which is maybe a little contradictory because personally I’m pretty security and privacy cautious. I’m not prone to hand out my own info willy-nilly. And there are even mobile apps I won’t use because they grant themselves way too much access to every bit of sensitive info on my phone.

But let’s take it a step further – do you encourage everyone to fill out a connection card (paper or electronic) and then get that information into a church database? Would guests be creeped out to know you even have a church database that isn’t disclosed anywhere?

Examples of Church Website Privacy Policy

This has never really been on my radar, so it was a little to my surprise that it was pretty easy to find a church website privacy policy on prominent sites:

Resources for Creating Your Own

Make your own decision about whether you’ll include a church website privacy policy now or someday. When you do, here are some FREE resources that should help:

2018 Church GDPR Privacy Policy Update

On May 25, businesses and organizations around the world that collect personal data of individuals that live in the EU must comply with the new General Data Protection Regulation (GDPR). I poked around the EU website source material and came to my own conclusion:

If a US church’s:

  • email list
  • church database
  • online campus

…contains any personal data of an EU citizen who lives in an EU state, the US church should comply with the GDPR requirements.