Customer Privacy Notice

This privacy notice tells you what to expect us to do with your personal information when you use the VineMe app. VineMe is a church community app designed to help users connect with small groups. We are committed to protecting your privacy and handling your personal data in a transparent and lawful manner.

1. Contact Details

Email: connect@vineme.app

2. What Information We Collect, Use, and Why

To provide services and goods

We collect or use the following information to deliver our core service of connecting users with small groups:

• Names and contact details (including phone number and email address)
• Profile photographs
• General geographic location (as provided by you)
• Demographic information
• Information relating to compliments or complaints

For the operation of customer accounts

We collect or use the following information to manage your account:

• Names and contact details
• Account information, including registration details
• Marketing preferences

For service updates or marketing purposes

We collect or use the following information to send you service communications:

• Names and contact details
• Marketing preferences

To comply with legal requirements

We collect or use the following information to meet our legal obligations, including GDPR compliance:

• Names and contact details
• Records of consent

For dealing with queries, complaints or claims

We collect or use the following information to handle any queries or complaints:

• Names and contact details
• Account information

3. Lawful Bases and Your Data Protection Rights

Under UK data protection law, we must have a lawful basis for collecting and using your personal information. Our lawful bases are set out below, along with the data protection rights that apply in each case.

Providing services and goods

Our lawful bases are:

• Contract – we need your information to deliver the service you have signed up for. All of your data protection rights may apply, except the right to object.
• Consent – where you explicitly confirm sharing your details with a group leader via an in-app notice. You have the right to withdraw your consent at any time.

Operation of customer accounts

Our lawful basis is:

• Contract – we need your information to maintain your account. All of your data protection rights may apply, except the right to object.

Service updates or marketing purposes

Our lawful basis is:

• Consent – we have your permission after providing you with all relevant information. You have the right to withdraw your consent at any time.

Legal requirements

Our lawful basis is:

• Legal obligation – we are required to retain certain records to comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object, and the right to data portability.

Dealing with queries, complaints or claims

Our lawful basis is:

• Legitimate interests – we have a legitimate interest in being able to manage and respond to queries and complaints. All of your data protection rights may apply, except the right to data portability.

Your Data Protection Rights

Depending on our lawful basis for processing, you have the following rights:

• Right of access – you have the right to ask us for copies of your personal information.
• Right to rectification – you have the right to ask us to correct or delete personal information you believe is inaccurate or incomplete.
• Right to erasure – you have the right to ask us to delete your personal information in certain circumstances.
• Right to restriction of processing – you have the right to ask us to limit how we use your personal information.
• Right to object to processing – you have the right to object to the processing of your personal data in certain circumstances.
• Right to data portability – you have the right to ask us to transfer your personal information to another organisation or to you.
• Right to withdraw consent – where we rely on consent as our lawful basis, you have the right to withdraw that consent at any time.

We must respond to any request without undue delay and within one month. To exercise any of these rights, please contact us at connect@vineme.app.

4. Where We Get Personal Information From

All personal information we hold is collected directly from you when you register for and use the VineMe app.

5. How Long We Keep Information

We retain your personal data for as long as your account remains active. If you close your account, we will delete or anonymise your personal data within 30 days.

If your account has not been accessed for three years, we will contact you to ask whether you wish to keep your account open. If we receive no response within 30 days of that notification, your account and all associated personal data will be permanently deleted.

Certain records, such as records of consent and complaints, may be retained for up to six years to comply with our legal obligations under the UK Limitation Act.

6. Data Security

We implement industry-standard security measures to protect your personal data from unauthorised access, loss, or misuse. These measures include secure cloud infrastructure, access controls, and encrypted data transmission.

Whilst we take all reasonable steps to safeguard your data, no system can guarantee absolute security. You acknowledge that the transmission of data over the internet carries inherent risks. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) in accordance with our legal obligations.

7. Who We Share Information With

Data Processors

We use the following third-party data processors who handle personal data on our behalf:

Supabase, Inc.
Supabase, Inc. provides cloud database and backend infrastructure services for our app. They store and manage the personal data submitted by our users, including names, contact details, profile information and account data, on our behalf. Data is hosted on Amazon Web Services (AWS) in the eu-west-2 (London) region. They do not access or use this data for their own purposes.

Twilio Inc.
Twilio Inc. provides SMS messaging services for our app. They process users' phone numbers on our behalf solely for the purpose of sending two-factor authentication (2FA) verification codes during account login. They do not access or use this data for their own purposes.

Twilio Inc. (trading as SendGrid)
Twilio Inc., trading as SendGrid, provides email delivery services for our app. They process users' email addresses on our behalf solely for the purpose of sending transactional emails, including account confirmations and verification emails. They do not access or use this data for their own purposes.

Brevo (Sendinblue SAS)
Brevo (formerly known as Sendinblue) provides email marketing and communication services for our app. Users' email addresses are manually uploaded to Brevo via CSV file for the purpose of sending service update communications, including notifications of changes to our privacy policy. Data is hosted on servers within the European Union. They do not access or use this data for their own purposes.

Other Relevant Third Parties

We share personal information with church leaders and group leaders at affiliated churches partnering with VineMe International Limited, for the purpose of connecting users to small groups.

Group leaders only receive a user's name and contact details once that user has explicitly consented via an in-app confirmation. Church leaders are required to sign a Data Handling Agreement with VineMe International Limited before receiving any personal data. This agreement requires them to handle all personal data in accordance with UK GDPR and VineMe's Privacy Policy, implement appropriate security measures, notify VineMe of any data breaches, and securely delete all data upon termination of the agreement.

Once personal data has been shared with church leaders or group leaders, they act as independent data controllers and assume full responsibility for their handling of that data in accordance with applicable data protection law. VineMe International Limited accepts no liability for any misuse or unlawful handling of personal data by affiliated churches or their representatives.

8. Sharing Information Outside the UK

Some of our data processors transfer personal information outside of the UK as part of their service. Where this occurs, appropriate safeguards are in place to ensure your data remains protected in accordance with UK GDPR.

For further information or to obtain a copy of the applicable safeguard, please contact us at connect@vineme.app.

Twilio Inc.

• Category of recipient: SMS and communications service provider
• Country: United States
• Transfer mechanism: Addendum to the EU Standard Contractual Clauses (SCCs)

Twilio Inc. (trading as SendGrid)

• Category of recipient: Email delivery service provider
• Country: United States
• Transfer mechanism: Addendum to the EU Standard Contractual Clauses (SCCs)

9. Changes to This Privacy Notice

We may update this privacy notice from time to time to reflect changes in our practices or legal requirements. Any material changes will be communicated to you directly by email prior to taking effect. We will also update the “Last updated” date at the top of this notice.

We encourage you to review this notice periodically. Continued use of the VineMe app following notification of any changes constitutes your acknowledgement of the updated notice.

10. How to Complain

If you have any concerns about our use of your personal data, please contact us in the first instance:

Email: connect@vineme.app

If you remain unhappy with how we have handled your data after raising a complaint with us, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):