MissionPay

Privacy Policy

Last updated: 28 April 2026

This Privacy Policy describes how MissionPay ("we", "us") collects, uses, stores and shares your personal information when you use the MissionPay platform (the "Service"). It is written to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs").

1. The information we collect

1.1 Information you give us directly

  • Account information. When you sign up as a donor or a Organisation Admin we collect your name, email address, phone number (optional), and the password you choose.
  • Organisation information (Organisation Admins only). Organisation name, denomination, location, branding (logo, colours), funds and campaigns you configure, ABN or other tax IDs you supply, and the contact details you publish on your giving page.
  • Donation information. When you donate we collect the donor name, email, donation amount, frequency, fund selection, optional message, and whether you wish to remain anonymous to the church. Card and bank details are entered directly into Stripe's secure payment elements — they never reach our servers.
  • Two-factor authentication data. If you enrol in 2FA we store your authenticator-app secret encrypted at rest, hashed recovery codes, and registered passkeys (public key only — the private key never leaves your device).

1.2 Information we receive from third parties

  • Stripe. When you complete a donation, Stripe shares transaction details with us (payment reference, the last four digits of the card and brand for receipts, the email Stripe verified, and the payout status). We do not receive full card numbers, CVVs, or full bank account numbers.
  • Our infrastructure providers. Limited delivery and performance information from the services we use to send transactional email and host the platform.

1.3 Information collected automatically

  • Technical data. IP address, user-agent, and timestamps for security-relevant events (sign-in, password change, email change, 2FA setup, and account-deletion requests). This data appears in security alert emails so you can spot unauthorised activity.
  • Cookies. Strictly-necessary cookies for sign-in, two-factor authentication, cross-site request protection, and remembering your selected campus. We do not use advertising or third-party tracking cookies.

2. How we use your information

We use the personal information we collect to:

  • create and operate your account, authenticate you, and protect it with 2FA;
  • process donations and route funds to the correct church via Stripe;
  • generate and email tax receipts, donation confirmations, and recurring giving statements;
  • let Organisation Admins see donor history, fund performance, and recurring giving schedules for their church;
  • detect and prevent fraud, abuse, account takeover, and chargeback fraud;
  • comply with our legal and regulatory obligations, including tax record-keeping;
  • contact you with service notices, security alerts, and (if you have opted in) product updates;
  • improve the Service in aggregate — for example, identifying common errors or slow flows.

We do not sell your personal information. We do not use it to train third-party AI models. We do not share it with advertisers.

3. Who can see your data inside MissionPay

3.1 Donors

Donors can see only their own profile, their own donations, their own recurring schedules, and their own tax receipts. Donors cannot see other donors' data or an organisation's internal records.

3.2 Church Admins

Organisation Admins can see donations, donor names and emails, campaign data, and recurring schedules for the donations made to their own organisation. Organisation Admins cannot see data belonging to other organisations. If you choose "anonymous" when donating, your name will be hidden from the organisation's donor list (the church still sees the donation amount and timestamp, and the financial record remains for ATO compliance).

Within a single organisation, Organisation Admins can be scoped to specific locations — location admins can see only the donations attributed to their assigned locations.

3.3 MissionPay platform admins

A small number of MissionPay employees (Super Admins) have access to all organisation and aggregate platform data for support, fraud prevention, and platform operations. Their actions on sensitive data (account deletion, role changes, 2FA resets) are audit-logged.

4. Who we share your data with

We share personal information only with:

  • Stripe — our payment processor. Stripe acts as an independent controller of payment data under its privacy policy.
  • Our infrastructure providers — the services we use to host the application, store uploaded media, send transactional email, and run supporting systems. They process personal information only as needed to provide the Service to MissionPay and are bound by written confidentiality and security obligations. A current list of sub-processors is available on request.
  • Law enforcement, regulators, or courts — where we are legally required to disclose information (subpoena, court order, statutory obligation), or where we believe disclosure is necessary to prevent serious fraud, harm, or threats to safety.

5. Where your data is stored

The operational database and uploaded media are hosted in Australia. Some of our processors (notably Stripe) operate globally and may process encrypted data in other regions for redundancy or fraud-detection purposes. These transfers are governed by the processor's own data protection commitments.

6. How long we keep your data

Different categories of data have different retention windows, summarised here and detailed in our internal data-retention policy:

  • Donations, transactions, and tax receipts — retained for at least seven years from the date of the transaction, to satisfy Australian Taxation Office record-keeping obligations and ASIC corporate-records guidance.
  • Account profile (name, email, phone, password, 2FA secrets) — retained until you exercise your right to erasure or your account is deleted by an admin.
  • Operational logs (security emails, IP/user-agent metadata) — retained for a rolling window sufficient for incident investigation, then aged out.
  • Ephemeral verification tokens (email OTPs, password reset tokens, email-change tokens) — auto-expire within minutes to a few hours and are then deleted.

7. Your rights

Under the Privacy Act 1988 (Cth) and APPs you have the right to:

  • Access the personal information we hold about you. You can download a JSON export from your account at any time, or contact support.
  • Correct personal information that is inaccurate. You can edit most fields directly in your account settings; email changes go through a double-confirmation flow for security.
  • Request erasure of your personal information. You can request deletion from your account page. Requests are reviewed by a platform admin and processed within seven days. Donations and tax receipts are retained for ATO compliance, but the personal information attached to them (your name, email, phone) is scrubbed and the donor reference is unlinked.
  • Withdraw consent for any optional processing (e.g. newsletters) at any time via your account preferences.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your data.

8. How we protect your data

We maintain technical and organisational measures appropriate to the sensitivity of the information we process. These include encryption of sensitive data in transit and at rest, modern password hashing, multi-factor authentication for administrators, least-privilege access controls between donor and admin roles, rate limiting on sensitive endpoints, and regular review of our security posture.

No system is perfectly secure. If you believe your account has been compromised contact us at security@missionpay.com.au immediately and reset your password.

9. Children

MissionPay is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe a child has created an account or made a donation, contact support and we will remove the data.

10. Cookies

We use only cookies that are strictly necessary for the Service to function: keeping you signed in, maintaining your two-factor authentication state, protecting against cross-site request forgery, and remembering Church Admin preferences such as the selected campus. We do not use advertising, analytics, or third-party tracking cookies.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. We will notify users by email of material changes that affect how we handle existing personal information.

12. Contact

Privacy questions, access requests, and erasure requests can be sent to privacy@missionpay.com.au. For general support contact support@missionpay.com.au.