Legal
Privacy Policy
Last updated: 20 March 2026
1. Who We Are
Campus Revival Movement (“we”, “us”, or “our”) operates the Campus Revival prayer platform at campusrevivalmovement.org. We are the data controller for personal information collected through this service.
To contact us about data matters: privacy@campusrevivalmovement.org
2. Personal Data We Collect
| Category | Data elements | Why we collect it |
|---|---|---|
| Account data | Name, email address, hashed password, account creation date | To authenticate you and provide the service |
| Prayer & journal content | Submitted prayer requests, journal entries, campus adoptions | To enable the core intercessory mission of the platform |
| Verification data | University email address (campus leaders only) | To verify institutional affiliation for the leader role |
| Technical data | IP address (rate limiting only, not stored permanently), browser session tokens | Security, fraud prevention, and service stability |
We do not collect payment data, sell data, or use data for advertising.
3. Lawful Basis for Processing (UK GDPR Art. 6)
- Contract — processing your account data and content is necessary to provide the service you signed up for.
- Legitimate interests — security logging, rate limiting, and fraud prevention, balanced against your rights.
- Consent — where we ask you before processing (e.g. making a prayer request public).
4. Third-Party Data Processors
We use the following sub-processors to operate the platform. Each is contractually bound to process data only on our instructions:
| Processor | Purpose | Location |
|---|---|---|
| MongoDB Atlas | Primary database — stores all user and content data | EU / UK (cluster-configurable) |
| Upstash Redis | Session caching, rate limiting, token denylist | EU |
| Vercel | Application hosting and CDN edge network | Global Edge / UK region available |
| Resend | Transactional email (verification, password reset) | US (SCCs in place) |
| Sentry | Error monitoring — logs may contain request metadata | US (SCCs in place) |
5. Data Retention
- Account & content data: retained for the lifetime of your account, then deleted within 30 days of account closure.
- Session tokens: expire after 1 hour (access) / 7 days (refresh). Revoked tokens are denylist-cached until natural expiry.
- Security logs: retained for up to 90 days.
6. Your Rights Under UK GDPR
You have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data via your profile settings
- Erasure — delete your account and all associated data instantly from your profile settings, or by emailing us
- Restriction — ask us to pause processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
To exercise any right, email privacy@campusrevivalmovement.org. We will respond within 30 days. You may also lodge a complaint with the ICO.
7. Cookies
We set the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| authToken | Authentication — strictly necessary to log you in | 1 hour |
| refreshToken | Session renewal — strictly necessary to keep you logged in | 7 days |
The authentication cookies are strictly necessary for the service to function and do not require consent under PECR. We set no analytics, tracking, or advertising cookies.
8. Security
We protect your data using industry-standard measures: bcrypt password hashing, JWT authentication with short expiry windows, HTTPS-only transmission, and access controls limiting data access to authorised personnel. No security measure is absolute; in the event of a breach affecting your rights we will notify you within 72 hours as required by UK GDPR Article 33.
9. Changes to This Policy
We will notify registered users of material changes to this policy by email at least 14 days before the change takes effect. Continued use of the platform after the effective date constitutes acceptance.
Campus Revival Movement Privacy Policy — Effective 20 March 2026
For data requests: privacy@campusrevivalmovement.org