ChurchConnect
200+
PHP files
29
Domain service classes
71
Dashboard pages
9
Engineering phases delivered

The Problem

West African churches needed a management platform that could handle membership, attendance, giving, communications, and small-group management — all with multi-tenant isolation, compliance with local and international data protection requirements, and an AI assistant that could answer member questions and assist church administrators.

The compliance requirement was non-trivial: the Ghana Data Protection Act requires explicit consent capture, data export capability, and account deletion — all of which needed to be built into the platform architecture from the start, not added later.

The Solution

ChurchConnect was built as a multi-tenant SaaS with clean tenant isolation at every layer. The architecture uses 29 domain service classes to keep business logic out of controllers and maintain a clean separation of concerns across 71 dashboard pages.

A full OWASP Top-10 self-audit was conducted with documented P0/P1 critical findings, all of which were remediated before launch: hardcoded secrets removed, missing database indexes added, predictable PIN logic replaced with cryptographically random values.

The Claude AI assistant uses a tool-use loop architecture with a write-confirmation safety gate — the AI can read church data and answer questions, but any write operation (adding a member, sending a communication) requires explicit confirmation before execution. WebAuthn biometric attendance replaces manual roll-calls. The offline-first PWA works in churches with unreliable connectivity.

What Was Delivered

  • Multi-tenant SaaS with clean data isolation
  • 200+ PHP files organised around 29 domain service classes
  • 71 dashboard pages across all user roles
  • Full OWASP Top-10 self-audit with documented P0/P1 remediation
  • WebAuthn biometric attendance (fingerprint/facial)
  • Claude AI assistant with tool-use loop and write-confirmation safety gate
  • Ghana Data Protection Act / GDPR-aligned compliance: consent capture, data export, account deletion
  • Offline-first PWA
  • 9 engineering phases delivered, built solo

Outcome

ChurchConnect is a production-ready, OWASP-audited, GDPR-aligned church management SaaS. The AI assistant has reduced administrative overhead for church staff. The biometric attendance system has replaced manual attendance taking. The compliance features satisfy Ghana Data Protection Act requirements for organisations handling member personal data.

Back to all case studies

Need something similar?

Tell us about your project. We'll tell you what it would take to do it properly.