ChurchInsight  is now  
Hubb.church
 
 
CONTACT SUPPORT
 
 

How can we help you today?

Customer Support > Legal > Safe Messaging: Hubb compliance record

Hubb · Safe Messaging

Safe Messaging: Hubb compliance record

Hubb's provider-side assessments for the Messaging and Safe Messaging features: the Online Safety Act position and governance, and the Data Protection Impact Assessment. A working record to brief a qualified adviser and relying churches. Not legal advice.

1 Online Safety Act — assessments and governance Children's Access Assessment, Children's Risk Assessment, governance and reporting

Working document · 2026 · Not legal advice

About this pack

Hubb is most likely the provider of a regulated user-to-user service and carries Online Safety Act duties directly. This pack records the assessments and the governance proportionate to a small, tightly controlled, one-way, text-only service.

1. Children's Access Assessment

Determination: the service is likely to be accessed by children. Safe Messaging is designed for contact with children; Messaging and the wider app are used within congregations that include under-18s. No "highly effective age assurance" prevents children from normally accessing the service, so the child-user condition is met and the child-safety duties apply. This determination is recorded and reviewed annually and on material change.

2. Children's Risk Assessment (Safe Messaging)

Assessed against the kinds of harm relevant to a one-way, text-only messaging feature. Image-based harms (including child sexual abuse material) have a much-reduced vector because no images or video can be sent.

Harm / risk Assessment for this feature Measures
Grooming / illegal contact Reduced by one-way design and vetting, but cannot be excluded Authorised/DBS leaders only; parental approval; standing Safeguarding Lead oversight across all leaders/children; full audit log
Child sexual abuse material Low vector — text-only, no image/video upload in chat No media in chat; platform-wide image scanning is run elsewhere on the platform
Other illegal content Low; short purposeful text only Report route (below); content removal and audit
Bullying / abusive content Low; one-way from vetted leaders, parent-approved Approval step; rejection-with-note review; offboarding
Contact / data risks to children Managed via parent-mediated under-13 access No under-13 self-login; minimisation; see DPIA

3. Governance and accountability

  • Named accountable individual: Adam Johannes (CEO) is the single named individual accountable for compliance with both the children's-safety duties and the illegal-content, reporting and complaints duties. This is the all-services governance measure that applies to Hubb; it is a provider role, distinct from each church's Safeguarding Lead.
  • Most senior governance body: Adam Johannes (CEO and director) is accountable for the service and reports to Brandan Neville, the company's owner, who provides senior oversight above the named individual.
  • Annual review: a recorded annual review of risk-management activities is a measure for large services, which Hubb is not, so it is not mandatory here, but Hubb adopts it as good practice. The named individual provides the owner with an annual review of the assessments, measures and any incidents.
  • Records of the assessments, decisions and complaints are kept and dated.

4. Reporting, complaints and illegal-content response

  • Parent-side control: parents review every message and may reject with a note; every rejection is actively reviewed by the church and acted on.
  • Platform report route: anyone can raise a safety or content concern about the platform using the reporting form at the foot of this page, which routes to the named person and is kept on record.
  • Church-side route: churches use the platform's reporting and moderation features and their own safeguarding contact and procedures.
  • Illegal content: on a credible report, Hubb will remove or disable the content, preserve the audit record, and escalate to the appropriate statutory agency through the relevant church's safeguarding procedures.
↑ Back to contents
2 Data Protection Impact Assessment (DPIA) Hubb Messaging and Safe Messaging — children's and special-category data

Working document · 2026 · Not legal advice

About this DPIA

This DPIA assesses the data-protection risks of Hubb's Messaging (adult-to-adult) and Safe Messaging (leader-to-child) features. A DPIA is mandatory here because the processing combines several high-risk markers: children's data, special-category (religious) data, and ongoing review of messages. It is a working assessment to brief the relying churches; it is not legal advice and not a sign-off.

Owner: Adam Johannes (CEO), who is Hubb's data-protection lead and its named accountable individual for online safety. Reviewed with: church DPOs as controllers. Review cycle: at least annually and on any material change to the feature.

1. Description of the processing

What the feature does. Authorised church leaders send short, text-only pastoral messages to a child through the church's own Hubb app. Messages are one-way by default — children cannot reply through the tool. Each message is routed to the child's parent or guardian, who must approve it before delivery; an unapproved message expires. An appointed church Safeguarding Lead has standing visibility of messages across all leaders and children in their church. The adult Messaging feature provides one-to-one and group messaging for teams and ministries.

Personal data processed. Names and contact records of leaders, parents and children; family/guardian relationships; the message content; and an audit record of who sent each message, what was said, when, and which parent approved or rejected it (with any rejection note). Children's date of birth is held on the platform, entered by a guardian or church administrator — never by the child.

Special-category data. Participation in a church app and the content of faith-based messages will in many cases reveal a child's religious belief, which is special-category data under Article 9. See the accompanying Appropriate Policy Document.

Children's access. Own-login access for children is controlled by site administrators (controllers). Under-13 self-login is off by default and can be enabled only by a deliberate site-admin choice, with that church taking responsibility for the additional safeguards required — including verified parental consent for an online service offered to a child. By default, under-13s have no login of their own and a parent views the child's messages through the parent's own account. Whether 13–17s have their own login is a site-admin configuration choice. Either way, the service is by design likely to be accessed by children, so the Children's Code and the Online Safety Act child-safety duties apply (assessed separately in the OSA pack).

Hosting. Data is hosted in the UK with no international transfer. Chat is text-only (no image or video), which removes the image-upload vector for child sexual abuse material from this feature.

2. Roles and responsibilities

  • Churches are controllers of their members', leaders' and children's data; each church has a named DPO.
  • Hubb is the processor providing the platform, acting on documented controller instructions under Article 28 contract terms.
  • Hubb is also the "provider" for Online Safety Act purposes — those duties, and the Children's Code design duties, fall on Hubb directly regardless of the processor classification.
  • Each church appoints a Safeguarding Lead (assignable in Hubb) who exercises the standing oversight described above.

3. Necessity and proportionality

Purpose. To let vetted leaders give purposeful pastoral encouragement to young people during the week, under parental approval and independent safeguarding oversight, using an official church channel rather than personal accounts or phone numbers.

Lawful basis (to be confirmed by each controller). For the church's own members, the not-for-profit religious-aim condition (Article 9(2)(d)) is the natural route for religious-belief data; the safeguarding activity engages the "safeguarding of children" substantial-public-interest condition (DPA 2018 Schedule 1, paragraph 18), which requires an Appropriate Policy Document. The ordinary lawful basis is likely legitimate interests or consent depending on the controller's configuration.

Data minimisation. Messages are short and purposeful; no images or video; no profiling; no use of children's data for marketing. The Safeguarding Lead's standing access is the most significant minimisation question: it is justified because a single parent cannot detect grooming patterns that only become visible across multiple leaders and children, and because the codes expect a second, trained church adult to have sight of individual contact. That access must be active and recorded, limited to appointed leads, and not extended to anyone without a safeguarding role.

Children's privacy trade-off. A parent plus a Safeguarding Lead reading messages reduces an older child's own privacy. This is proportionate for a one-way, purposeful pastoral channel.

4. Risks and mitigations

Risk Mitigation built in Residual action
Grooming via individually-innocuous messages that a parent cannot detect One-way design; Safeguarding Lead has cross-cutting visibility of all leaders/children to spot patterns; vetted/DBS leaders only; audit log Oversight must be active not nominal; set review expectations for the Safeguarding Lead
Safeguarding Lead over-access to children's data Access limited to appointed lead(s); justified and recorded here under data minimisation; no wider staff access Record who holds the role; review annually
Under-13 consent / verifying parental responsibility Under-13 self-login off by default; parent-mediated via the parent's own account; family units set by church admin or parent at registration Where a controller enables under-13 self-login it must obtain and verify parental consent and add the extra safeguards; confirm parental responsibility
Special-category (religious) data exposure UK-only hosting; access controls; Appropriate Policy Document for the safeguarding condition Each controller to confirm its Article 9 condition
Retention / erasure of a child's records All messages stored and auditable Implement deletion on leaving and a data-subject-rights route (see Retention procedure)
Message approved by wrong adult / mis-set family unit Parent-approval step; rejection-with-note actively reviewed by the church Church to verify guardian links at registration
Illegal content / disclosure of harm Text-only (no image upload); rejection-with-note review; church safeguarding procedures apply Platform reporting route available (see OSA pack); includes escalation to statutory agencies

6. Children's Code — standards most engaged

Best interests of the child as a primary consideration; DPIA completed (this document); age-appropriate settings; data minimisation; high privacy by default; transparency in age-appropriate language; profiling off; no nudge techniques; and care over data sharing — which directly covers the Safeguarding Lead's access, addressed in section 3. Birthday messages are a flagship use: these are pastoral, not promotional, and must not be used to push offers or marketing.

7. DUAA — children's higher protection matters

Recorded as a design input (in force 5 February 2026): how the feature protects and supports children; that children may not appreciate data risks; and that children have different needs at different ages — reflected in the parent-mediated under-13 model and the option of tighter defaults for primary-age children.

8. Outcome and sign-off

Residual risk: assessed as low-to-medium for a tightly controlled, one-way, text-only service, conditional on the residual actions above being completed and a qualified legal review before scaling. Approved by: Adam Johannes (CEO) — date [1-June-2026]. Controller adoption: each church to record adoption via its DPO.

↑ Back to contents

Report a safety or content concern

Use this form to raise a safety or content concern about the Hubb platform, for example illegal content, misuse of messaging, or a worry about a child's safety. It goes to Hubb's named person for online safety, who will review and respond.

If a child is at immediate risk of harm, contact the police on 999 now. Concerns about a specific child should also be raised with your church's safeguarding contact, following your church's safeguarding procedures.

Nature of concern:
Which church or app does this relate to?
Details of your concern:
Your name (only needed if you'd like a response):
Telephone:
Email address:
 

These are Hubb working documents (2026) to inform a church's own risk assessment. They are not legal advice and not a safeguarding sign-off; for binding views, consult a qualified data-protection / Online Safety Act adviser and your denomination's safeguarding team.