Privacy Policy & Member Data Protection Covenant

1. Data Sovereignty. All data provided by a Member to the Ministry is held in sacred trust. The Member retains full sovereign ownership of their personal data at all times. The Ministry holds and uses such data solely in its capacity as fiduciary and ecclesiastical custodian, not as owner.

2. Minimum Collection. The Ministry shall collect only the data that is necessary to fulfill its ecclesiastical mission, administer membership, and provide Member services. The Ministry shall not collect data for commercial, marketing, or third-party purposes.

3. Non-Commodification. Member data shall never be sold, licensed, rented, traded, or otherwise commodified. Member data is not an asset of the Ministry. It is a trust obligation.

4. Ecclesiastical Jurisdiction. All Member data is held within the private ecclesiastical jurisdiction of the Ministry and is protected by the First Amendment, the Church Audit Procedures Act (26 U.S.C. § 7611), and the inherent privacy of private contract. No external agency, corporation, or court shall have access to Member data except as provided herein.

1. Physical Records. All physical records containing Member data shall be stored in a secure location under the direct custody of the Grantor or the Board of Trustees. Physical records shall not be stored in commercial cloud facilities, third-party storage units, or any location outside the Ministry's direct control.

2. Digital Records. All digital records containing Member data shall be encrypted at rest and in transit using industry-standard encryption. The Ministry shall not store Member data on commercial platforms (including but not limited to Google, Meta, Amazon, Microsoft, or Apple cloud services) unless such platforms are used solely as encrypted containers with no access granted to the platform provider. The Ministry shall maintain independent, encrypted backups of all digital Member data.

3. Sacred Biological Data. MC1R-functional screening data and all biological verification records shall be stored separately from general membership records, under enhanced security protocols determined by the Research Authority. Access to Sacred Biological Data shall be limited to the Grantor, the Research Authority, and any individual specifically authorized in writing by the Grantor.

4. Retention. Member data shall be retained for the duration of membership and for a period of seven (7) years following termination of membership, after which it shall be securely destroyed unless the former Member requests earlier destruction or the Ministry is required by its own governing instruments to retain specific records.

1. Internal Access. Member data shall be accessible only to the Grantor, the Board of Trustees, and such Officers or agents as are specifically authorized by Board resolution for a defined purpose. No blanket access shall be granted to any individual.

2. Member Access. Every Member has the right to review, correct, and receive a complete copy of their own data held by the Ministry. Requests shall be directed to the Board and fulfilled within thirty (30) days.

3. Non-Disclosure to External Parties. The Ministry shall not disclose Member data to any external party, including but not limited to government agencies, law enforcement, commercial entities, researchers, or other religious organizations, except:

• (a) With the express written consent of the affected Member;
• (b) Pursuant to a lawful court order that has been reviewed by the Board and determined to comply with the Church Audit Procedures Act (26 U.S.C. § 7611) and the First Amendment; or
• (c) To prevent imminent physical harm to the Member or another individual.

4. Member Lists. The Ministry shall never disclose, publish, or make available a list of its Members to any external party for any purpose. The identity of Members is private and shall remain so.

5. No Data Mining. The Ministry shall not engage in data mining, behavioral tracking, algorithmic profiling, or any form of automated analysis of Member data for purposes other than direct Ministry administration.

1. Right to Access: The right to review and obtain a complete copy of all data the Ministry holds about them.

2. Right to Correction: The right to correct any inaccurate data.

3. Right to Deletion: The right to request deletion of their data, subject to the Ministry's retention obligations under Article III, Section 4.

4. Right to Data Portability: The right to receive their data in a usable format upon request.

5. Right to Object: The right to object to any specific use of their data and to have such objection reviewed by the Board.

6. Right to Be Informed: The right to be notified within fourteen (14) days of any breach or unauthorized access to their data.

1. In the event of any unauthorized access to, disclosure of, or loss of Member data, the Grantor shall immediately convene the Board to assess the scope and impact of the breach.

2. All affected Members shall be notified within fourteen (14) days of the breach being discovered, with a description of the data affected, the circumstances of the breach, and the steps being taken to mitigate harm.

3. The Board shall take all reasonable steps to prevent future breaches and shall document the incident and response in the Ministry's private records.