Manna handles prayer requests, pastoral conversations, visitor details and giving information — data that matters. Here's exactly how that data is protected, who can see it, and what your church controls.
Every conversation, every prayer request, every visitor detail, every sermon and every member record that flows through Manna belongs to your church. M-Chat (Pty) Ltd is the Operator under POPIA; your church is the Responsible Party. That's not just legal phrasing — it's the foundation of how Manna is built.
M-Chat (Pty) Ltd has registered its Information Officer with the South African Information Regulator, as required under Section 55 of the Protection of Personal Information Act, 2013. This is the only POPIA-related document the Regulator officially issues — and it's verifiable on the public register.
POPIA requires us to disclose who else may process your church's personal information on our behalf. Here's the full list. Each one is bound by their commercial data processing terms, and customers can request to be notified of sub-processor changes by emailing privacy@m-chat.ai.
| Service | Purpose | Certifications |
|---|---|---|
|
WotNot
|
Conversational platform & WhatsApp Business orchestration | SOC 2 Type II ISO 27001 GDPR |
|
Meta (WhatsApp)
|
WhatsApp Business Platform — message delivery | ISO 27001 SOC 2 GDPR |
|
Microsoft Azure
|
Email delivery, file hosting, identity | SOC 2 Type II ISO 27001 ISO 27018 |
|
Cloudflare
|
CDN, edge compute, key-value storage | SOC 2 Type II ISO 27001 |
|
Anthropic
|
Language model API for response generation | SOC 2 Type II GDPR |
|
Monday.com
|
Internal church CRM & onboarding pipeline | SOC 2 Type II ISO 27001 |
|
Payfast
|
Payment processing (card & EFT) | PCI-DSS Level 1 |
Some of what flows through Manna is deeply personal — a member writing about a marriage in crisis, a parent asking for prayer over their child, a teenager reaching out at 2AM. POPIA classifies this as Special Personal Information, and we treat it accordingly.
Access to church data inside Manna is restricted to the M-Chat operations team and only when needed to provide support or maintain the service. We operate under a least-privilege access model and protect admin accounts with strong authentication.
Conversation history is retained for as long as your church remains on the platform. If you cancel, your data is held for a reasonable period to support reactivation, then removed from active systems. Backups follow industry-standard retention windows. Specific timelines are available on request, and you can ask for earlier deletion at any time.
Under POPIA, every data subject (every congregant) has the right to request a copy of their personal information, request correction, or request deletion. Pastors can raise these requests on behalf of their members by emailing privacy@m-chat.ai. We respond as soon as reasonably possible, in line with POPIA's timelines.
If a security incident affects your church's data, M-Chat (Pty) Ltd will notify the church and the SA Information Regulator as soon as reasonably possible after discovery, in line with POPIA Section 22's "reasonable grounds" standard. Our incident response approach covers detection, containment, notification, and remediation.
Our Information Officer reads every privacy and security email personally.