Privacy Policy

1. Introduction

Welcome to KatholicOS. This Privacy Policy explains how Katholicos Ltd ("we", "us", or "our") collects, uses, and protects data. We are committed to safeguarding the privacy of the parishes we serve and their communities, ensuring full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Our Role in Data Processing

Under UK GDPR, our relationship to data falls into two distinct categories:

• Data Controller: We act as a Data Controller for the personal data of the Parish Administrators (e.g., priests, secretaries) who create an account, visitors who submit website enquiries, and users who opt-in to website analytics.
• Data Processor: We act as a Data Processor for any data uploaded to the platform by the Parish to be displayed on their website (e.g., names in Mass intentions). The Parish remains the Data Controller for this information.

3. The Data We Collect

We deliberately minimise the data we collect to ensure your privacy. We process:

• Account Data: Names, email addresses, and encrypted authentication credentials of Parish Administrators.
• Website Inquiries: If you contact us via our website forms, we collect your name, email address, and any information provided in the message body.
• Analytics & Usage Data: If you explicitly consent via our cookie banner, we collect anonymous, aggregated data regarding how you interact with our website (e.g., page views, approximate geographical region, and device type) to help us improve the platform.
• Publicly Uploaded Data: Information voluntarily uploaded by administrators for public display (e.g., newsletters, staff contact details).

4. Our Lawful Basis for Processing

Under UK GDPR, we process personal data under the following lawful bases:

• Consent: We rely on your explicit, affirmative consent to deploy optional tracking technologies (such as Google Analytics) to analyse website traffic.
• Legitimate Interests: To respond to enquiries submitted via our contact forms, to maintain the security of our platform (using anti-spam tools), and to ensure the reliable operation of our Service.
• Contractual Necessity: To create and manage user accounts, provide access to the Service, and deliver the features requested under a subscription or trial.
• Legal Obligation: To comply with legal requirements such as financial record-keeping, tax obligations, and regulatory reporting requirements.

5. Data Infrastructure & Sub-Processors

To ensure the highest levels of security, availability, and UK GDPR compliance, we utilize enterprise-grade infrastructure from trusted global partners. Your data is encrypted both in transit and at rest.

• Authentication & Security: We utilize specialized identity providers (such as Amazon Web Services) to manage secure login credentials and prevent unauthorized access.
• Cloud Infrastructure: Our primary database and application hosting are provided by industry leaders (including MongoDB Atlas and Vercel), ensuring data is stored in highly secure, UK-compliant data centers.
• Analytics & Optimization: Where explicit consent is provided, we utilize Google Analytics 4 to understand platform performance and improve the user experience.
• Communication & Verification: We use trusted third parties (such as Cloudflare and Resend) for anti-spam verification and secure transactional email routing.

6. Payments

We use third-party payment processors, including Stripe and GoCardless, to handle subscription payments securely.

We do not store or have access to your full payment details. All payment data is processed securely by these providers in accordance with their own privacy policies.

7. Data Retention

We retain personal data only for as long as necessary to provide the Service, comply with legal obligations, and resolve disputes. Analytics data is anonymised and subject to standard retention policies as dictated by the analytics provider.

8. Your Rights & Contact

Under UK GDPR, you have the right to access, correct, erase, restrict the processing of your personal data, or withdraw consent at any time. To exercise any of these rights, or if you have questions regarding this policy, please contact us at:

Katholicos Ltd (Company No. 16946399)
ICO Registration: ZC117610
Email: info@katholicos.com