Skip Navigation

Privacy and Permissions

Every church should have a privacy policy that describes how it uses staff and members' information online. Whoever administrates this policy should go the extra mile to protect the privacy of users and members and be specific about the intended use of the website. And, of course, we honor each other’s creativity by complying with copyright laws.

Here are five critical responsibilities and practical tips involved in maintaining a website as a part of a dynamic Web ministry.

Terms of Use and Privacy Policy:

First, let’s talk about protecting users and members privacy. Your site should have a terms of use and privacy policy page that has a link on every page of your site. Generally, this link is in the footer navigation or information section. What this page tells a visitor to your site is how you will protect their rights should you gather any information about them from their visit to your site, such as a username and password or other personal information they may share when completing a form on your site. This is standard, boilerplate language, and you can find an example of what we use at United Methodist Communications by clicking on the “Terms of Service” link at the bottom of any page in the footer.

Even though most visitors to websites do not bother to read these statements and policies it is a best practice for ensuring that “an ounce of prevention is worth a pound of protection.” Should a problem ever occur, you would have something to point to on your site that spells out the terms of use as well as how you protect people’s privacy when they share personal information through your website. As with any policy, we recommend that you consult an attorney to review your church’s terms of use and privacy policy so you are fully aware of your risks and responsibilities.

Use of Names

Second, when church members are mentioned on websites, it is best not to provide full names. Use first name and last initial at the most. Also, refrain from posting any personal information that is accessible as public information to everyone who visits your site. Use the “members” area behind a password protected section of the site if the church must post personal information online.

It goes almost without saying not to post home contact info (address, phone, email) for staff and lay leadership. A better option is to set up generic e-mail addresses. In this way, those who need to can make direct contact, but only through the site. You’ve probably seen these kinds of e-mail addresses for lay leadership positions such as "" or "" etc. The email can be set up to automatically forwarded to the preferred address of the person holding that position at any given time.

Keeping personal information private also applies to PDFs linked to your website. If you have an archive of newsletters, for instance, keep in mind that these were often created with an in-house audience in mind. Once you post the archives online (if not password protected), they become public documents. This is true of prayer lists as well.


Third, when posting photos of church events, you can have people sign a release form and/or announce at the beginning of the event (from the podium and/or through signage) that photos will be taken for publicity purposes and anyone who does not want their photo used should speak to the photographer.

Be sensitive when posting photos. What you think of as a fun picture from last summer’s camp may, to the person in the photograph, be an embarrassing snapshot of themselves in a wet bathing suit—not necessarily at their best. When trying to avoid photos that could be embarrassing, objectionable, or hurtful, be especially sensitive about photos taken in the summertime, at camp, around water, or in extreme heat. We never know who is looking at the site or even just flipping through random photos via a Google image search.

Children and Photographs

Fourth, Taking this issue of protecting users’ and members’ privacy further, we turn to the hot topic of the times: children and photographs. Do you need permission to post pictures of children, or anyone else, on your website? Well, that depends. Legally, any picture that you take in public that contains recognizable images of people, regardless of age, can be displayed on your website without obtaining permission. Ethically, and especially as people of faith, it is strongly recommended that you go the extra mile and gain at least verbal, if not written, permission from parents when using a recognizable image of their child up through age 17. Oftentimes, churches simply include a check box on standard permission forms where parents can say yes or no to allowing images or recordings of their children to be displayed on the website or used in print pieces, etc.

If your website is designed specifically for children under the age of 13, there are specific legal requirements under the COPPA law of 1998 that you will want to know and implement. Learn more about cybersafety with children and implementing the COPPA requirements for websites specifically aimed at children under 13:

If you do display recognizable images of children or youth on your website, or adults for that matter, it is a best practice not to identify them by name in the accompanying text, as a caption or as the title of the image file. In this way, you make it more difficult for cyber-predators to exploit this personal information.

If it’s not absolutely necessary to display a particular person’s photograph, like a staff member, consider using stock photos. Generally speaking, you want to convey that your church is child-friendly or has a vibrant youth ministry or is ethnically diverse. If these things are true, then any photo depicting these characteristics will do nicely because most visitors to your site wouldn’t know or care that the photo is of an actual church member.

Copyright Requirements

Finally, we’ve already established that any photograph you take in public can be displayed on your website without permission, but what about photographs, graphics, text, audio and video that are not your original works? You have to obtain permission from the copyright holder. And, if you have a CCLI or CVLI license to cover the use of songs or videos during live worship or other live events or ministries, these do not apply to the Internet.

Recently, announced it can provide a blanket license for Web use of recorded music from dozens of publishing companies. This is similar to the CCLI and CVLI licensing your church may already have for live worship or other ministry purposes. However, you have to be a part of OneLicense’s general copyright license program in order to add the audio or video sharing option.

The full extent of copyright law, fair use and other issues related to the Internet is well beyond the scope of this page. Listed below are additional links for more information, and we recommend you consult a copyright attorney with specific questions or concerns. Suffice it to say that if it’s copyrighted material, you must obtain permission from the copyright holder in order to legally display it on your website.

Sample Policies, Tips and Helps:

Suggested services and websites are for example only. United Methodist Communications neither endorses or guarantees the reliability or terms of use and services for these suggestions nor does it benefit in any way from listing the service or website as an example or by subsequent use of a third party directed from this site.