Skip to main content

Privacy Policy

Last updated: 1 January 2026

1. Introduction

PrayForAPrisoner ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website.

We are registered as a charity in England and Wales (Charity No. [Pending]) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Information You Provide

  • Contact Information: Name, email address, and postal address when you contact us, sign up for our newsletter, or make a donation.
  • Prayer Requests: If you submit prayer requests, we may collect information about your religious beliefs. This is special category data under UK GDPR and is processed only with your explicit consent.
  • Donation Information: When you donate, our payment processor collects your payment details. We receive only confirmation of your donation and contact details for Gift Aid purposes.

Information Collected Automatically

  • Usage Data: Pages visited, time spent on pages, and other analytics data (only if you consent to analytics cookies).
  • Device Information: Browser type, operating system, and device type for site optimization.

3. How We Use Your Information

We use your information for the following purposes:

  • To provide and maintain our services
  • To respond to your enquiries and prayer requests
  • To send newsletters and updates (with your consent)
  • To process donations and comply with Gift Aid requirements
  • To improve our website and services
  • To comply with legal obligations

4. Lawful Basis for Processing

Under UK GDPR, we process your personal data based on:

  • Consent: For newsletter subscriptions, prayer requests containing special category data, and non-essential cookies.
  • Legitimate Interests: For responding to enquiries, improving our services, and fraud prevention.
  • Legal Obligation: For maintaining donation records and complying with charity regulations.

5. Special Category Data

Prayer requests may contain information revealing religious beliefs, which is special category data under UK GDPR. We process this data only with your explicit consent, which you provide when submitting a prayer request.

You can withdraw your consent at any time by contacting us. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

6. Newsletter Subscription

When you subscribe to our newsletter, we collect and process your data as follows:

Data We Collect

  • Email address: Encrypted using AES-256-GCM encryption before storage
  • Consent record: Timestamp of when you gave consent
  • IP address: Hashed (not stored in readable form) for fraud prevention

How We Protect Your Data

  • Your email address is encrypted at rest using industry-standard AES-256-GCM encryption
  • Encryption keys are stored separately from the data
  • Your IP address is cryptographically hashed and cannot be reversed
  • Data is stored on Deno Deploy's secure infrastructure

How to Unsubscribe

You can unsubscribe at any time by visiting our unsubscribe page. When you unsubscribe, all your newsletter data (including your encrypted email, consent record, and hashed IP) is permanently deleted from our systems.

Third-Party Processors

Newsletter data is stored using Deno Deploy (operated by Deno Land Inc.), which provides secure cloud infrastructure. Deno Deploy processes data in accordance with their privacy policy and maintains appropriate security measures.

7. Data Retention

We retain your personal data for:

  • Contact enquiries: 2 years from last contact
  • Newsletter subscriptions: Until you unsubscribe, at which point all data is permanently deleted
  • Donation records: 7 years (legal requirement)
  • Prayer requests: 1 year, unless you request earlier deletion

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us using the details below.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

10. Third-Party Services

We may use the following third-party services:

  • Payment processors for donations
  • Email service providers for newsletters
  • Analytics services (with your consent)

These services have their own privacy policies and process data in accordance with UK GDPR requirements.

11. International Transfers

We primarily store and process your data within the UK/EEA. If we transfer data internationally, we ensure appropriate safeguards are in place.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

PrayForAPrisoner

Email: [privacy@prayforaprisoner.org]

Address: [Registered Address]

13. Complaints

If you are not satisfied with our response to your concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Website: ico.org.uk

Phone: 0303 123 1113

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.