Square & Compass โ€” Lodge Management

Privacy Policy

Last updated: May 13, 2026

Square & Compass Lodge Management ("the Service") is a multi-tenant administration platform for Masonic lodges. This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, and what rights you have under the EU General Data Protection Regulation (GDPR) and equivalent laws.

1. Controller

The Service is operated by Square & Compass ("we", "us"). For matters concerning the processing of your personal data, contact us at contact@squareandcompass.store.

2. Data we collect

When you create or are added to a lodge account, we process the following categories of personal data: full name, email address, phone number, date of birth, date of initiation, masonic degree, lodge affiliation, masonic passport number, profile photograph, NFC token, scanned documents (passport, diplomas, transfer letters), and chat messages exchanged within the lodge. We also collect technical data automatically: IP address, device type and OS, timestamps of access, app version. We do NOT collect biometric data (Face ID / Touch ID is verified locally on your device and never transmitted to our servers).

3. Why we process it (lawful basis)

We process personal data on the following lawful bases: (a) contract โ€” to provide the lodge management features you request, including dues, attendance, transfers, and online meetings; (b) legal obligation โ€” to comply with applicable accounting and audit laws; (c) legitimate interests โ€” to protect our service against fraud and unauthorised access; (d) consent โ€” where you explicitly opt in to features such as push notifications or voice journal transcription.

4. Encryption & security

Personally Identifiable Information (PII) โ€” including name, email, phone number, and contact data โ€” is encrypted at the database field level using AES-256 with a per-tenant key. Passwords are hashed with bcrypt (cost factor 12). Multi-Factor Authentication (TOTP) is mandatory for administrative roles. All network traffic between you and our servers is encrypted with TLS 1.3 (HTTPS), and our domain is enrolled in the HSTS preload list. Every document generated by the Service (diplomas, certificates, transfers) is signed with a SHA-256 hash that includes the issuer's IP and timestamp, creating an immutable audit trail.

5. Who has access

Your data is visible only to: (i) you; (ii) the officers of the lodge you belong to (in roles strictly necessary, such as the Secretary or Treasurer); (iii) the SuperAdministrator of your Grand Lodge, if any; (iv) our infrastructure providers (MongoDB Atlas, hosting provider Emergent) acting strictly as data processors under signed DPAs. We never sell or rent personal data, and we do not share it with advertisers.

6. International transfers

Data is stored in the European Economic Area. If we ever transfer data outside the EEA, we will rely on European Commission adequacy decisions or Standard Contractual Clauses and notify you in advance.

7. Retention

We retain your data for as long as your lodge account is active. When your membership ends or you request deletion, we delete or fully anonymise your data within 30 days, except where retention is required by accounting or audit law (typically 5โ€“10 years for financial records), in which case the data is moved to a restricted archive accessible only for legal compliance.

8. Your rights

Under GDPR you have the right to: (a) access your personal data; (b) request rectification of inaccurate data; (c) request erasure ("right to be forgotten"); (d) request restriction of processing; (e) data portability โ€” receive a copy of your data in a machine-readable format; (f) object to processing; (g) withdraw consent at any time; (h) lodge a complaint with a supervisory authority (in Romania: ANSPDCP). To exercise any of these rights, write to contact@squareandcompass.store. We respond within 30 days.

9. Push notifications & analytics

Push notifications are optional and require your explicit consent at first launch. You can revoke this consent at any time in your phone settings. The Service uses minimal first-party analytics (counts of feature use, error logs) โ€” we do NOT use Google Analytics, Facebook Pixel, or any third-party advertising tracker.

10. Children

The Service is not intended for users under 18 years of age. Masonic lodges are by their nature adult organisations. We do not knowingly collect data from minors.

11. Changes to this Policy

We will notify you of material changes to this Policy through an in-app notice or email at least 14 days before they take effect. The date of the latest revision is shown at the top of this page.

12. Contact

Square & Compass Lodge Management ยท contact@squareandcompass.store ยท https://www.squareandcompass.store