Privacy Policy

Effective date: June 7, 2026

Operator: Triune Softwares Inc.

1. Who We Are

Stewards is a software platform operated by Triune Softwares Inc. that helps churches and parishes manage their membership, donations, charitable tax receipting, finances, and communications.

Stewards is offered to organizations (each, a “parish” or “tenant”) on a multi-tenant basis. In most cases the parish is the data controller of the personal information it enters about its members, families, and donors, and Triune Softwares is the data processor (service provider) acting on the parish's behalf, plus a limited amount of information we control directly (such as administrator login accounts and operational/security logs).

Members, families, and donors with questions about how their own parish uses their information should also contact that parish directly.

2. Information We Collect

We collect and process the following categories of information. Each corresponds to data the application actually stores.

  • Member and family records (entered by the parish): names (including local-language names), date of birth, gender, blood group, marital/family status; contact details (address, phone, email) and emergency-contact information; profession, residential status, country of origin; church roles, membership dates and status; sacramental records (such as baptism and chrismation dates); profile photos and uploaded family documents.
  • Donations, pledges, and tax receipts: donor identity, amounts, dates, fund/category and payment method; charitable tax receipts including the donor name and address, receipt number, fiscal year, and total — retained to meet Canada Revenue Agency (CRA) requirements.
  • Bank and financial-account data via Plaid: when a parish connects a bank account through Plaid, Plaid returns an access token, item identifier, institution name/logo, account metadata (account name and last four digits), and transactions and balances. The Plaid access token is encrypted at rest (AES-256-GCM). Plaid Link collects the bank credentials and consent; we never see or store online-banking usernames or passwords.
  • Payment data via Stripe: online donation and subscription payments are processed by Stripe. We receive payment-method metadata, customer/subscription identifiers, and the donor email; we do not store full card or bank-account numbers for these payments.
  • Account, authentication, and security data: administrator/staff login accounts (email, hashed credentials managed by our identity provider, role assignments, MFA enrolment status); audit logs of security- and finance-relevant actions (acting user, action, affected record, timestamp, request IP); and operational/error logs with personal information automatically redacted.
  • Documents and communications: documents uploaded to a parish's document vault or family records, digital signatures captured during onboarding, and communication records, preferences, and unsubscribe status.
  • Information collected automatically: essential request metadata needed to operate the service securely (a per-request correlation identifier and IP address for rate-limiting and abuse prevention). Stewards uses only essential, first-party storage required for authentication and security — no third-party advertising or cross-site tracking cookies.

3. Why We Use Your Information

  • To provide the Stewards service: membership and family records, donations and pledges, CRA charitable tax receipts, and parish finances and accounting.
  • To connect and reconcile bank-account activity (via Plaid) and process online payments (via Stripe), where the parish enables those features.
  • To send transactional and parish communications and honour communication preferences and unsubscribe requests.
  • To authenticate users, enforce role-based permissions, and secure the service (fraud/abuse prevention, audit logging, incident response).
  • To meet legal and regulatory obligations, including CRA record-keeping for charitable donations and tax receipts.
  • To maintain, troubleshoot, and improve the reliability and security of the platform.

4. Legal Basis and Consent (PIPEDA)

We process personal information in accordance with PIPEDA. Depending on the situation, our basis is one or more of: consent (members and donors consent through the parish's onboarding and communication-preference flows; the platform records consent, including the policy version accepted, and supports withdrawal at any time); performance of the relationship (processing necessary to deliver the service); and legal obligation (retaining donation and tax-receipt records as required by the CRA).

For commercial electronic messages, we follow Canada's Anti-Spam Legislation (CASL): every commercial email includes a working one-click unsubscribe, and unsubscribe requests are honoured.

5. How We Protect Your Information

We apply layered, industry-standard safeguards (described in full in our Information Security Policy):

  • Encryption in transit: all connections use TLS 1.2 or higher, enforced by HTTP Strict Transport Security.
  • Encryption at rest: tenant data is stored in an encrypted-at-rest managed database, and especially sensitive fields receive additional field-level AES-256-GCM encryption — including Plaid access tokens and employee bank/identifier fields.
  • Access control: role-based access control with least-privilege permissions; multi-tenant isolation enforced at the application layer (fail-closed), with database row-level security provisioned as defense-in-depth.
  • Strong authentication: multi-factor authentication is required for users, with additional step-up verification for privileged and financial actions.
  • Integrity verification: inbound webhooks are cryptographically verified (Plaid via signed ES256 tokens with replay protection; Stripe via signature verification), and file uploads are validated by content signature, not just file extension.
  • Logging and monitoring: security- and finance-relevant actions are recorded in an audit log; errors are monitored; and personal information and credentials are automatically redacted from logs.
  • Secure development: automated dependency monitoring, code scanning, secret scanning, and dependency-audit checks run in our continuous-integration pipeline.

No method of transmission or storage is perfectly secure, but we work to protect personal information using the measures above and to respond promptly to any incident.

6. How Long We Keep Information

We retain personal information only as long as needed for the purposes above or as required by law (full schedule in our Data Retention and Deletion Policy):

  • Charitable donation records and issued tax receipts: retained per CRA requirements — generally seven (7) years from the end of the relevant fiscal year.
  • Bank-connection data (Plaid): minimized to what the feature needs and deletable when the parish disconnects the account.
  • Audit logs: retained for a limited period (a minimum of two years) for security and accountability.
  • Application/session and error logs: short retention (on the order of 90 days), with personal information redacted.
  • Inactive member records: anonymized after a defined period of inactivity, retaining only fields the CRA requires us to keep.

When information is no longer required, it is securely deleted or anonymized.

7. Your Rights

Subject to applicable law, you have the right to access the personal information we hold about you (Stewards supports a complete, machine-readable data-subject access export); to correct inaccurate or incomplete information; to request deletion or anonymization (except where we are legally required to retain certain records, such as CRA-mandated donation and receipt records); to withdraw consent, including unsubscribing from communications at any time; and to complain to us or to the Office of the Privacy Commissioner of Canada (OPC).

Because parishes control their own member data, please direct access, correction, and deletion requests to your parish administrator in the first instance. You may also contact us at admin@triunesoftwares.com and we will assist or route your request appropriately. We respond to verified requests within 30 days, as required by PIPEDA.

8. Cookies and Essential Storage

Stewards uses only essential, first-party cookies and browser storage required to sign you in and keep your session secure. We do not use third-party advertising or cross-site tracking cookies.

9. International Transfers

Stewards is built to keep tenant data in Canada (our database provider's Canadian region). However, some of our service providers (for example hosting, payment, email, and error-monitoring providers) are based in or may process limited data in the United States. Where information is processed outside Canada, it is subject to the laws of the jurisdiction in which it is held, and we require our providers to protect it under contractual data-protection commitments.

10. Children's Information

Stewards is administrative software used by parishes, and parishes may record information about minors who are members or part of a family (for example, sacramental records). Such information is entered and controlled by the parish under its own authority and consent practices. We do not knowingly use children's information for any purpose other than providing the service to the parish.

11. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify parishes. The current version is always available at /privacy.

13. Contact Us

For privacy questions, requests, or complaints, contact our Privacy Contact, Issac Johnson, Director, at Triune Softwares Inc.: admin@triunesoftwares.com.

You may also review Plaid’s end-user privacy policy (for bank-account data accessed via Plaid) and contact the Office of the Privacy Commissioner of Canada.

© 2026 Triune Softwares Inc.. All rights reserved.