Privacy Policy

Who We Are

Joan Ministry is a private, faith-based digital ministry service. The service is operated by Samsian Pty Ltd (ACN 144 465 903, Australia), to which all references to "we", "us", and "our" in this policy refer, and which is the Responsible Party as defined under POPIA. Samsian Pty Ltd is registered with the South African Information Regulator under registration number 2026-010529 (issued 24 April 2026). Our Information Officer — contactable for all privacy-related matters — can be reached at joan@joanministry.com.

What We Collect

We collect your WhatsApp phone number when you initiate contact with Joan — this is the minimum required to operate the service. We collect the content of your conversations (text, voice notes, and any images or files you send) in order to provide the service and maintain continuity across sessions. Where you voluntarily share your name, age, location, relationship status, occupation, faith background, or other personal details during a conversation, that information is retained to improve the quality and relevance of Joan's guidance to you personally. We collect transaction records when you purchase credits — your card details are processed and held by our payment processor (Stripe) and are never stored by us directly. We collect basic technical metadata (message timestamps, message identifiers, and IP address for rate-limiting) necessary to operate the service securely.

Lawful Basis for Processing

We process your personal information on the following lawful grounds under POPIA: Performance of a service — processing is necessary to provide the Joan digital ministry service you have requested. Legitimate interest — maintaining conversation continuity, improving service quality, and defending against civil or legal claims. Legal obligation — where required by South African law (including tax record retention). Consent — by initiating contact with Joan and continuing to use the service, you consent to the collection, processing, and cross-border transfer of your information as described in this policy. You may withdraw consent at any time by requesting account deletion.

How We Use Your Data

Your data is used solely to provide, maintain, and improve the Joan service. This includes generating responses to your messages, maintaining your conversation history across sessions, processing payments and credit balances, detecting safety-critical events (such as references to self-harm or abuse), and understanding aggregate usage patterns to improve the quality of the service. Aggregate and anonymised data — from which no individual can be identified — may be used to develop and improve the service. We do not use your data for advertising, profiling for commercial purposes, or any purpose unrelated to the operation of Joan Ministry.

Important — What Joan Is

Joan is a digital service. Her responses are generated by software from the information you share with her. She is warm, faith-rooted, and designed to guide people through difficult moments with care — but she is not a human person, not a licensed therapist, counsellor, medical professional, or lawyer, not a prophet, and not a medium for divine communication. Treat your conversations with her as you would a private digital journal that talks back.

No decision that has a legal or similarly significant effect on you is made solely by automated processing. Safety-critical interventions (for example, temporarily restricting an account after severe policy breaches) may be triggered automatically but are reviewed by a human operator. If you believe an automated decision has affected you unfairly, you may request human review by contacting appeal@joanministry.com.

Third-Party Service Providers

We share your data only with third-party service providers who are strictly necessary to operate the platform. These providers fall into the following categories: our messaging infrastructure provider (to deliver text, voice, and media messages between you and Joan), our cloud hosting and database provider (to run the service and store your conversations securely), our speech-to-text and voice-synthesis providers (to transcribe inbound voice notes and generate Joan's spoken responses), and our payment processor (to handle credit purchases — we never see or store your card details). Each provider is bound by their standard data-processing terms or a dedicated agreement requiring them to handle your data securely and only for the purposes we specify. We do not grant any third party the right to use your personal information for their own purposes.

In the event of a business transfer, merger, or acquisition, user data may be transferred as part of that transaction, subject to privacy protections equivalent to those described in this policy, and users will be notified via WhatsApp message before the transfer takes effect.

Conversation Privacy

Your conversations with Joan are private. Joan Ministry operators do not routinely read individual conversations. In exceptional circumstances — including a credible and imminent threat to life, a legal obligation, a binding court order, or the investigation and defence of a civil or criminal claim — we reserve the right to review conversation data and act in accordance with applicable South African law, including reporting to relevant authorities where legally required.

Linked Partners (Couples Feature)

Joan offers an optional feature that lets you link your account with one other person close to you — a spouse, partner, parent, adult child, or close friend. When linked, Joan understands each of your situations more fully and can guide more sharply. Your 1-on-1 conversations with Joan remain private: she never discloses the specific words either of you has shared directly with her to the other partner.

Notes generated from linked conversations: While you are linked, Joan maintains separate notes about each partner, derived from what that partner tells her in their own 1-on-1 conversations. For clarity: notes generated from your conversations with Joan are your personal data. Notes generated from your partner's conversations with Joan — which may include references to, characterisations of, or observations about you — are your partner's personal data, not yours. This follows the ordinary POPIA principle that personal data is the data held about a data subject, not data held about someone else that happens to mention the data subject.

Unlinking: Either partner can end the link at any time by saying "unlink" to Joan on WhatsApp. Unlinking is bilateral — the link record is removed for both of you immediately. Your separate 1-on-1 histories with Joan remain intact, and nothing that was ever shared between you via the linked feature is lost on either side.

Deletion and the link: If you exercise your right to deletion (see Data Retention below), the link record between you and your partner is removed bilaterally and the notes you generated about your partner during the link are erased as part of your own data. Notes that your partner generated about you during the link are not erased by your request, because under POPIA those notes are your partner's personal data. If you want those notes removed, your partner would need to submit their own deletion request, or you can raise the matter with our Information Officer at joan@joanministry.com and we will review the specific circumstances with the partner concerned.

Safety: Linking requires both partners to opt in via a 6-digit code that expires in 24 hours. You cannot be linked without your explicit consent. If you ever feel the feature is being used to pressure, coerce, or surveil you, unlink immediately and — if needed — contact appeal@joanministry.com.

Data Retention

We retain personal information only for as long as necessary for the purposes for which it was collected, consistent with section 14 of POPIA:

Active account conversation data: retained for the lifetime of your active use of the service, since conversation continuity is a core feature of Joan. Older conversations are periodically summarised and archived to reduce the amount of raw text stored.

Inactive accounts: if you do not interact with Joan for 24 consecutive months, your full message history will be archived and any voice-note media deleted. After a further 12 months of continued inactivity (36 months total), archived records are deleted unless you have opted to reactivate.

Payment and transaction records: retained for a minimum of five years from the date of the relevant transaction, as required by the South African Income Tax Act and the Tax Administration Act.

Safety and risk records (legal-defence retention): records of safety interventions, risk flag events, moderation actions, abuse reports, and any messages associated with an open or reasonably anticipated civil, disciplinary, or criminal matter are retained for up to three years from the date of the event. This period aligns with the ordinary prescription period under the South African Prescription Act 68 of 1969 for most civil claims. During this retention window these records are held in pseudonymised form where practical and access is restricted to the Information Officer and authorised operators. This retention applies to specific records only — it is not a blanket exemption from deletion.

Deletion on request: you may request deletion of your personal data at any time by sending any of the keywords "delete my data", "erase my data", "POPIA deletion", or "right to be forgotten" to Joan on WhatsApp, or by emailing joan@joanministry.com. We will action all deletion requests within 30 days, subject only to the legal-hold carve-outs above and any statutory retention obligations. You will receive written confirmation once deletion has been executed.

Cross-Border Transfers

Joan Ministry uses cloud infrastructure and service providers that may process data outside the Republic of South Africa. Cross-border transfers are performed on the lawful grounds permitted under section 72 of POPIA — principally your explicit consent (which you grant by initiating contact with Joan and continuing to use the service after being informed through this policy) and the necessity of the transfer for the performance of the service you have requested. Our service providers either operate under data-protection law comparable to POPIA or are bound by their standard contractual data-protection terms, which impose equivalent safeguards.

Breach Notification

If we become aware of a security compromise affecting your personal information, we will notify the South African Information Regulator and you, as the affected data subject, as soon as reasonably possible and within the timelines required by section 22 of POPIA. Notifications will describe the nature of the compromise, the measures we have taken or intend to take to address it, and — where relevant — steps you can take to protect yourself.

Security

We implement the following technical and organisational measures to protect your personal information:

Encryption in transit: all messages to and from Joan are carried over the encrypted transport provided by the WhatsApp platform, and all communication between Joan's servers and supporting services uses TLS.

Encryption at rest: database storage, object storage, and backup storage are encrypted at rest by our cloud hosting provider using provider-managed keys.

Access controls: operational systems and the administrative dashboard are protected by password-based authentication using a slow key-derivation function, signed session cookies, rate-limited login attempts, and — where enabled — IP allowlisting. Administrative deep links are cryptographically signed and carry a short expiry.

Least privilege: the number of operators with access to personal information is kept to the minimum necessary to run the service.

Secrets management: credentials, API keys, and cryptographic secrets are stored exclusively in a managed secrets vault and are never committed to source code repositories.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security — your use of the service is at your own risk in this regard.

Age Restriction

Joan is strictly for users aged 18 and over. By using the service you warrant that you are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that a minor has used the service, we will terminate that account and delete associated data promptly, subject only to any legal obligations to retain specific records in connection with a safeguarding concern.

Crisis & Safety

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via WhatsApp message prior to those changes taking effect. Continued use of Joan after notification constitutes acceptance of the updated policy. The current version is always available at joanministry.com/privacy.

Governing Law

This Privacy Policy is governed by the laws of the Republic of South Africa, including the Protection of Personal Information Act 4 of 2013 (POPIA). Any disputes arising from this policy or our data processing practices will be subject to the jurisdiction of the South African courts.

Contact

For all privacy-related questions, requests, or concerns — including the exercise of your POPIA rights — contact our Information Officer: joan@joanministry.com