Infrastructure
Manna runs on enterprise-grade cloud infrastructure with automatic scaling, redundancy, and geographic distribution. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Our infrastructure providers maintain SOC 2, ISO 27001, and other industry certifications.
Access control
Access to church data is strictly limited to authorised personnel within each church's account. Manna staff access to production data is restricted to essential support and maintenance purposes only, subject to internal access policies and audit logging.
Messaging security
All WhatsApp messages are protected by WhatsApp's end-to-end encryption between the user and the WhatsApp Business API endpoint. Messages processed through the Manna platform are transmitted over encrypted channels and stored securely. Sensitive conversation data (prayer requests, pastoral care) receives additional handling care in accordance with each church's preferences.
POPIA compliance
Manna is designed to comply with the Protection of Personal Information Act (POPIA). We process personal information lawfully, minimise data collection, provide transparency about data usage, and respect data subject rights including access, correction, and deletion. See our Privacy Policy for full details.
Payment security
All payment processing is handled by PayFast, a PCI-DSS Level 1 certified payment gateway. Manna does not store credit card numbers or banking details on our servers.
Data ownership
Your church owns its data. We do not sell, share, or monetise congregation information. Upon termination, you may request a full export of your data within 30 days.
Incident response
We maintain an incident response plan for potential security events. In the event of a data breach, affected churches will be notified within 72 hours in accordance with POPIA requirements, along with details of the incident and remediation steps taken.
System status
Real-time platform status and uptime history is available at m-chat.instatus.com.
Reporting concerns
If you discover a security vulnerability or have concerns about data protection, please contact us immediately at [email protected].