Privacy Policy

Overview

This Privacy Policy explains how the MCGI MFA Assistant collects, uses, shares, stores, and deletes personal information across our website and mobile applications (iOS and Android). By using our services, you acknowledge the practices described in this policy.

Data we collect

• Account and profile data: name, email, phone, church/location profile, and authentication identifiers.
• User-submitted service data: PDOS applications, seafarer registration details, inquiry details, and chat content.
• Technical and security data: device/platform details, app version, IP address, user agent, and session metadata.
• Notification data: push notification device tokens and delivery status metadata.
• Consent and legal records: consent timestamps, consent source, and policy versions accepted.

How we use data

• To provide account access, sign-in, profile management, and service functionality.
• To process PDOS, seafarer, inquiry, and support workflows.
• To operate security controls, fraud prevention, and abuse/rate-limit protections.
• To send transactional communications and service updates.
• To improve reliability, usability, and performance of web and mobile app experiences.

Legal bases and user rights

We process data based on your consent, our legitimate interests in operating secure services, and legal obligations where applicable.

Your rights may include:

• Access to your personal data.
• Correction of inaccurate or outdated data.
• Deletion of your account and personal data, subject to legal retention obligations.
• Export of your account data in machine-readable form.
• Withdrawal of consent where processing relies on consent.

Account and data deletion

If you created an account, you can request account deletion through in-app controls, through authenticated API deletion endpoints, or via our public deletion page at https://mfa-mcgi.org/account/deletion.

Deleting an account removes or anonymizes associated personal data unless retention is required by law, dispute handling, fraud prevention, or security obligations.

Data security

We use reasonable administrative, technical, and physical safeguards to protect your information. No system is completely secure, but we continuously monitor and improve our protections.

Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, and then delete or anonymize it. Some records may be retained for legal, regulatory, security, or dispute resolution requirements.

Third-party processors and integrations

• MCGI Hub and Google services for authentication flows.
• SMTP2GO for email/SMS delivery.
• OpenAI, Anthropic, and Google Gemini services for AI-assisted chat features when enabled.
• OpenStreetMap Nominatim services for geocoding and map-related location lookups.
• Hosting, infrastructure, and security providers required to operate the platform.

Children and minors

Our services are not directed to children under the age required by applicable law without parent or guardian involvement. If you believe a minor provided personal data improperly, contact us so we can review and act.

International data handling

Because our members and service providers may be located in different countries, data may be processed outside your jurisdiction using safeguards appropriate to the applicable privacy framework.

Changes to this policy

We may update this policy from time to time. Updated versions will be posted on this page with a new effective date and version. Material changes may also be highlighted in-app or on the website.

Contact

For privacy questions, data rights requests, or deletion concerns, contact us at privacy@mfa.mcgi.org or submit a request through the inquiry form.