Skip to content
English - Canada
Contact us
  • There are no suggestions because the search field is empty.

Security and privacy overview

Summary

Safeguarding records include some of the most personal information a church holds, so it is fair to ask how Safe Pathways treats them. This is the plain-language overview: what data is held, how it is protected, how long it is kept, and the rights you have. The full Privacy Policy is the authoritative word, and this article links to it rather than replacing it.

Who this is for

  • Volunteers wondering what happens to their information
  • Church Administrators and boards answering privacy questions
  • Parents and guardians

What you’ll need

Make sure you have:

  • Nothing to read this. For the legal detail, the full Safe Pathways Privacy Policy (updated May 19, 2026) is linked from safepathways.com and the Web App.

Before you start

One framing helps everything below make sense: keeping records is not a side effect of Safe Pathways, it is the point. Safeguarding only protects people when there is a trustworthy record of who was trained, screened, and approved. The privacy commitments are built around holding those records carefully, for as long as safeguarding genuinely needs them, and no longer.

What this covers

What information is held

Three broad kinds. Account basics: names, dates of birth, contact details, language, and login credentials. Safeguarding Records: Police Check results, reference responses, participation confirmation, and administrative notes. And the operational layer: training and acknowledgement records, billing information for the church, and the usual technical data (such as browser and IP details) that keeps a web application running.

Where it lives

Personal information processed through the Services is primarily stored and hosted in Canada, and Safe Pathways complies with Canadian privacy law, including PIPEDA and provincial legislation such as Québec’s Law 25. In limited circumstances, certain service providers may process information outside Canada, with contractual and technical safeguards in place when they do.

How it is protected

Safe Pathways uses administrative, physical, and technological safeguards appropriate to the sensitivity of the information, following generally accepted industry standards. Access is limited to personnel who genuinely need it, and they are bound by confidentiality. No electronic system can promise perfection, and the policy says so honestly; if a breach ever affected your information, Safe Pathways would notify affected individuals and authorities as the law requires.

How long it is kept

While your church subscribes, your records live in the platform and are kept current. If a church leaves Safe Pathways, its content remains available for export for three years after termination, after which it may be deleted. The Audit Report is the deliberate exception. It is archived for 50 years after termination.

That number is not arbitrary. Most people who were harmed as children do not say so until decades later. Research on delayed disclosure puts the average age at which survivors report child sexual abuse at around 52. [Source] Because so many survivors were harmed as teenagers, the window between when the abuse happened and when it is finally reported often stretches 35 to 40 years. A 50-year retention period from termination is long enough to cover the majority of those cases, so the record is still there on the day it is finally needed.

There is a second reason the Audit Report sits apart, held in our archive rather than living only inside a church's own systems. A record only protects people if it cannot be quietly changed or made to disappear. If the sole copy lived with the church, someone who later had a reason to hide what happened, including a leader or board member, could terminate the service, export the data, alter or delete the records, and simply claim they were lost. That would defeat the entire purpose of keeping the record at all.

The archived Audit Report holds the trail that matters: who was screened, who was trained, which policies were acknowledged, and the administrator notes recorded along the way. If an investigation is ever opened, years or even decades later, because there is no statute of limitations on child abuse in Canada, that trail is still intact, independent of staff changes, software subscriptions, and filing systems. It is there to side with the truth, and with the survivor.

Children and minors

Because the platform exists to protect children and youth, it does hold information about minors. Verifiable parental or guardian consent is required below the applicable age of digital consent (under 14 in Québec, under 13 elsewhere in Canada), and each church is responsible for obtaining that consent before uploading a minor’s information or assigning them a pathway.

Your rights, and who to ask

Subject to applicable law, you can ask to access and receive a copy of your personal information, have it corrected, request deletion where keeping it is no longer justified, and withdraw consent. One practical wrinkle: your church administers its own account, so day-to-day corrections (a wrong email, an outdated phone number) are usually fastest through your church. For everything else, Safe Pathways has a Privacy Officer who can be reached at privacyofficer@safepathways.com.

What happens next

If this overview answered your question, you are done. If you need the precise legal commitments, read the full Privacy Policy, and direct anything unresolved to the Privacy Officer. Nothing in this article goes beyond what the policy commits to.

Troubleshooting

I want my information corrected

  • Start with your church administrator; they manage your record and can fix most details on the spot.
  • If your church is connected to Planning Center, identity details may need correcting there.
  • For anything your church cannot resolve, contact the Privacy Officer.

Our church is leaving. What happens to our data?

  • Your content stays available for export for three years after termination; after that it may be deleted.
  • The Audit Report is archived for 50 years, so the safeguarding record survives.

I’m a parent and I have questions about my child’s information

  • Your church is responsible for obtaining consent before a minor’s information is uploaded; ask them first.
  • You can exercise access and correction rights on your child’s behalf; the Privacy Officer can help.

Notes

  • Data is primarily stored and hosted in Canada, in compliance with PIPEDA and provincial privacy law.
  • Safeguarding Records exist on purpose: protection depends on trustworthy records.
  • After a church leaves: content is exportable for three years, then may be deleted; the Audit Report is archived for 50 years.
  • Your rights include access, correction, deletion, and withdrawing consent, subject to law.
  • Day-to-day corrections go through your church; everything else goes to privacyofficer@safepathways.com.

Last reviewed

June 11, 2026