Privacy Policy

← Back to Home

Welcome to CYP Vasai (www.cypvasai.org). This Privacy Policy explains how Christian Youth in Power ("CYP," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website and related services.

By accessing or using our website, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use our services.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide when using our services:

• Registration and Account Information: Name, email address, phone number, date of birth, and other profile details when you create an account or register for membership.
• Event Registration: Information you provide when registering for events, including preferences, dietary restrictions, and emergency contact details.
• Ticket Purchases: Name, email, phone number, and ticket selection details for concerts, lotteries, and other events. We do not directly store payment card information (see Section 4).
• Forms and Surveys: Responses to custom forms, surveys, feedback forms, and questionnaires (including the Lent 2026 progress tracking forms).
• Contact Inquiries: Information submitted through contact forms, including your name, email, and message content.
• Donations and Fundraising: Information provided when making donations or purchasing items from our fundraiser store.
• Media Uploads: Photos, videos, or other content you upload or share with us.

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information:

• Usage Data: Pages visited, time spent on pages, click patterns, and navigation paths.
• Device Information: Browser type, operating system, device type, IP address, and unique device identifiers.
• Location Data: General geographic location based on IP address.
• Performance Data: Page load times, errors, and other diagnostic information through Vercel Analytics and Speed Insights.

1.3 Information from Third Parties

• Google Authentication: When you sign in with Google, we receive your name, email address, and profile picture from Google.
• Google Photos: If you authorize our Gallery feature, we access your shared Google Photos albums.
• Social Media: Information from social media platforms if you interact with our content or share information with us.

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

• Process event registrations, ticket purchases, and membership applications
• Generate and deliver QR-coded e-tickets via email
• Manage event check-ins through our offline-first PWA scanner
• Provide access to CYP Talks video streaming and media galleries
• Track and display Lent spiritual progress for registered participants
• Enable form submissions and survey responses

2.2 Communication

• Send transactional emails (order confirmations, ticket deliveries, password resets)
• Provide event updates, announcements, and community newsletters
• Respond to inquiries and provide customer support
• Send important administrative messages about service changes

2.3 Improvement and Analytics

• Analyze website usage to improve user experience and performance
• Monitor application errors and fix technical issues
• Conduct research and surveys to enhance our services
• Develop new features and optimize existing functionality

2.4 Security and Fraud Prevention

• Verify ticket authenticity and prevent duplicate ticket scanning
• Implement rate limiting to prevent abuse and bot attacks
• Detect and prevent fraudulent transactions or registrations
• Ensure the security and integrity of our systems

2.5 Legal Compliance

• Comply with legal obligations and regulatory requirements
• Enforce our terms of service and other policies
• Respond to legal requests from law enforcement or regulatory authorities

3. Data Storage and Security

3.1 Where We Store Your Data

Your information is stored using the following secure cloud services:

3.2 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: All data transmission is encrypted using HTTPS/TLS protocols
• Access Controls: Strict authentication and authorization for admin functions
• Database Security: Row-level security policies and encrypted connections to databases
• QR Code Verification: Digital signatures on tickets to prevent forgery
• Rate Limiting: Protection against brute-force attacks and abuse
• Regular Monitoring: Continuous monitoring for security threats and anomalies
• Secure Coding Practices: Input validation, sanitization, and protection against XSS and injection attacks

4. Third-Party Services

We use trusted third-party services to operate our platform. These services may collect and process your information according to their own privacy policies:

4.1 Cloud Infrastructure and Hosting

• Vercel: Application hosting and deployment - Privacy Policy
• Amazon Web Services (AWS): Cloud storage (S3), content delivery (CloudFront), and email services (SES) - Privacy Policy

4.2 Database and Authentication

• Supabase: Database and real-time data synchronization - Privacy Policy
• Firebase (Google): Authentication and document storage - Privacy Policy
• Upstash: Redis caching and rate limiting - Privacy Policy

4.3 Email Services

• Resend: Transactional email delivery - Privacy Policy
• Amazon SES: Email sending and bounce handling - Privacy Policy

4.4 Analytics and Performance

• Vercel Analytics: Website usage analytics - Privacy Policy
• Vercel Speed Insights: Performance monitoring - Privacy Policy

4.5 Additional Services

• Google APIs: Google Photos integration, authentication - Privacy Policy
• Appwrite: Backend services - Privacy Policy
• QStash (Upstash): Scheduled task management - Privacy Policy

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services. We use both session cookies (deleted when you close your browser) and persistent cookies (remain on your device for a set period).

5.2 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and core website functionality
• Performance Cookies: Help us understand how visitors use our website (Vercel Analytics)
• Functional Cookies: Remember your preferences and settings
• Session Cookies: Maintain your login state and shopping cart

5.3 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our website, including login functionality and ticket purchasing.

5.4 Local Storage

Our Progressive Web App (PWA) scanner uses local storage to cache ticket data for offline scanning. This data is stored locally on your device and synced when you're back online.

6. Data Sharing and Disclosure

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 When We Share Information

We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who help us operate our platform (as listed in Section 4)
• Event Organizers: Event-specific information with authorized CYP ministry teams and volunteer coordinators
• Legal Requirements: When required by law, court order, or government regulation
• Safety and Fraud Prevention: To protect the safety of our users or prevent fraud and abuse
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified and given choices)
• With Your Consent: When you explicitly authorize us to share your information

6.3 Public Information

Certain information may be publicly visible:

• Content you post in public forums or community sections
• Photos you upload to shared galleries (with your permission)
• Testimonials or reviews you choose to make public

7. Your Privacy Rights

You have the following rights regarding your personal information:

7.1 Access and Portability

• Request a copy of the personal information we hold about you
• Download your data in a portable format

7.2 Correction and Update

• Update or correct inaccurate personal information through your account settings
• Request corrections if you cannot make changes yourself

7.3 Deletion

• Request deletion of your personal information (subject to legal retention requirements)
• Note: We may retain certain information for legal, security, or operational purposes

7.4 Opt-Out of Communications

• Unsubscribe from marketing emails via the unsubscribe link in each email
• Manage email preferences in your account settings
• Note: You cannot opt out of essential transactional emails (e.g., ticket confirmations)

7.5 Object to Processing

• Object to certain types of data processing
• Request restriction of processing in specific circumstances

7.6 Exercising Your Rights

To exercise any of these rights, please contact us at the information provided in Section 12. We will respond to your request within 30 days.

8. Children's Privacy

Our services are designed for a general audience and may be used by minors as part of youth ministry activities. We are committed to protecting children's privacy:

• We do not knowingly collect personal information from children under 13 without parental consent
• For participants under 18, we may require parental/guardian consent for certain activities
• Parents have the right to review, delete, or refuse further collection of their child's information
• Emergency contact information is collected for minors attending events

If you believe we have inadvertently collected information from a child under 13 without proper consent, please contact us immediately, and we will delete such information.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

9.1 Retention Periods

• Account Information: Retained while your account is active and for up to 2 years after account closure
• Transaction Records: Retained for 7 years for accounting and legal compliance
• Event Registration: Retained for 3 years for historical records and participant tracking
• Form Responses: Retained based on the specific purpose (typically 1-3 years)
• Email Communications: Bounce records retained to maintain email reputation
• Analytics Data: Aggregated data may be retained indefinitely

9.2 Deletion Process

When data is no longer needed, we securely delete or anonymize it. Backups may be retained for disaster recovery purposes for up to 90 days.

10. International Data Transfers

Our services are hosted on cloud infrastructure that may process data in multiple regions. Your information may be transferred to and processed in countries other than your country of residence, including the United States and other locations where our service providers operate.

We ensure appropriate safeguards are in place for international transfers, including:

• Using service providers that comply with international data protection standards
• Implementing standard contractual clauses where applicable
• Ensuring encryption of data in transit and at rest

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominently on our website
• Provide you with an opportunity to review the changes

Your continued use of our services after the effective date of changes constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.