Privacy Policy

Effective Date: May 11, 2026 · Last Updated: May 11, 2026

Santo Mission Inc., operating as Santo Catholic Mission (“we”, “us”, “our”, or the “Company”), respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, share, and safeguard personal information when you access or use santomission.com, the Santo Catholic App (also “Santo App”), or any related product or service (collectively, the “Services”).

This Privacy Policy is governed by the Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA) and Quebec’s Act respecting the protection of personal information in the private sector (Law 25). Where applicable to users in their respective jurisdictions, we also seek to comply with the European General Data Protection Regulation (GDPR), the United Kingdom Data Protection Act, and the privacy laws of certain United States states (including California, Colorado, Connecticut, Virginia, and others).

By using the Services, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, password, and (optionally) profile photo and language preferences.
• Communication and notification preferences (email, SMS, push).
• Voluntary Offering and Membership information processed by our payment processors and the relevant Marketplace (we do not store full payment-card numbers on our systems).
• Private content you submit, including prayer intentions, journal entries, reflections, and AI Inputs (collectively, “Private Content”). Private Content is treated with additional care as described in Section 4 and Section 9.
• Information you submit through contact forms, surveys, or community features.
• Information provided by a parent or guardian for the consent of a minor (see Section 7).

1.2 Information Collected Automatically

• Device and technical information: device model, operating system, app version, browser type, language settings.
• Network information: IP address (which may be used to infer approximate, non-precise location for service-delivery purposes).
• Usage information: features used, sessions started, content viewed, prayer minutes, in-app navigation, dates and times of access.
• Push notification tokens (where you have enabled notifications on your device).
• Cookies and similar technologies on the website (see Section 6).

1.3 Information from Third Parties

• Third-party sign-in providers (such as Apple or Google), if you choose to sign in using a third-party account. We receive the limited profile information that provider makes available to us, in accordance with your settings.
• Payment processors and Marketplaces (Apple App Store, Google Play Store, Stripe, and other authorised processors) confirm transaction details and limited account information necessary to operate Memberships and process Voluntary Offerings.
• Public sources or referrals, where lawful and relevant to the Services.

2. How We Use Your Information

We use the personal information we collect to:

• Provide, operate, and maintain the Services, including delivering devotional content, prayers, multimedia, AI Features, and community features;
• Create and manage your Account and process Voluntary Offerings and Memberships;
• Send transactional communications (account, security, payment, legal) and, with your consent, marketing communications;
• Personalize and improve the Services, including suggesting content relevant to your interests and language preferences;
• Operate AI Features, as further described in Section 4;
• Conduct aggregated and anonymized analytics to understand usage patterns and improve quality;
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms;
• Comply with legal, regulatory, audit, tax, and accounting obligations; and
• Establish, exercise, or defend legal claims.

3. Legal Bases for Processing

Where required by applicable law (including GDPR and Quebec Law 25), we rely on the following legal bases for processing your personal information:

• Performance of a contract: to provide the Services you have requested (such as your Membership or Account).
• Consent: for marketing communications, optional features, the processing of Private Content, and the personal information of minors.
• Legitimate interests: to operate, secure, personalize, and improve the Services, provided such interests are not overridden by your rights.
• Legal obligation: to comply with applicable laws, regulations, and lawful requests.

4. AI Features and AI-Generated Content

The Services include AI Features that generate content automatically. When you use an AI Feature, the text or input you submit (“AI Input”) is processed by our AI systems and (where applicable) by third-party AI service providers under contract with us, to generate the requested AI Output. AI Inputs may include questions, intentions, or other text you submit, and may also include excerpts of devotional or scriptural content.

We treat AI Inputs as Private Content. We do not sell AI Inputs or AI Outputs, and we do not use AI Inputs or AI Outputs for behavioural advertising. Where AI Inputs or Outputs are used to improve the quality, safety, or doctrinal alignment of the AI Features, we do so on an aggregated and anonymized basis to the extent reasonably practicable.

Please remember that AI Output may be inaccurate, incomplete, or inconsistent with Catholic teaching, and is not magisterial or authoritative. Please consult your parish priest, spiritual director, or competent ecclesiastical authority for matters of doctrine or spiritual direction, and qualified professionals for medical, psychological, or legal advice.

5. How We Share Information

We share personal information only in the limited circumstances set out below:

5.1 Service Providers

We share information with third-party service providers under contract to provide hosting, infrastructure, customer support, email delivery, analytics, and similar services on our behalf. Service providers are required by contract to use personal information only as necessary to provide their services and to maintain reasonable security measures.

5.2 Payment Processors and Marketplaces

Voluntary Offerings and Memberships are processed by third-party payment processors (such as Stripe) and, for In-App Memberships, by the Apple App Store or Google Play Store. These processors handle payment-card information directly and are bound by their own privacy policies and applicable card-industry standards.

5.3 Other Users (Community Features)

If you choose to use community or sharing features within the Services, the information you choose to share — such as your display name, profile photo, or shared prayer intentions — will be visible to the audience you select. You control what you share and with whom.

5.4 Legal and Regulatory

We may disclose personal information where we believe in good faith that disclosure is required to comply with applicable law, regulation, court order, or lawful government request, or to protect the rights, property, or safety of the Company, our users, or others.

5.5 Business Transactions

In connection with a merger, acquisition, financing, reorganisation, or sale of all or part of our business or assets, we may share or transfer personal information to the relevant counterparty, subject to appropriate confidentiality and privacy commitments.

5.6 With Your Direction or Consent

We may share personal information with third parties at your direction or with your express consent.

5.7 We Do Not Sell Personal Information

We do not sell or rent your personal information. We do not share Private Content (journal entries, prayer intentions, AI Inputs) with advertising partners.

6. Cookies and Similar Technologies

Our website uses cookies and similar technologies to operate, secure, and analyse the Services. The Santo Catholic App generally does not use third-party tracking cookies for advertising. We use:

• Essential cookies — required for the website to function (for example, authentication and session management).
• Analytics cookies — to help us understand how visitors use the website on an aggregated basis (for example, Google Analytics or a similar provider).
• Preference cookies — to remember your settings and preferences.

You can control or disable non-essential cookies through your browser settings or, where available, through the cookie preference centre on the website. Disabling essential cookies may prevent the website from functioning correctly.

7. Children’s Privacy

We are committed to safeguarding children and respecting the responsibility of parents and legal guardians to direct the spiritual formation of their children. We do not knowingly collect personal information from minors below the age of digital consent in their jurisdiction without verifiable parental consent. The age of digital consent generally includes:

• Under 13 in the United States (Children’s Online Privacy Protection Act);
• Under 14 in the Province of Quebec, Canada;
• Under 16 in the European Union and United Kingdom (with lower thresholds in certain member states);
• Under 18 in India and in other jurisdictions that have set 18 as the threshold; and
• Under the local age of majority elsewhere.

If you are a parent or legal guardian and you believe that we may have collected personal information from a minor without proper consent, please contact us at hello@santomission.com and we will take prompt action to delete it. Parents and legal guardians may also request access to, correction of, or deletion of their child’s personal information by contacting us at the same address.

8. International Data Transfers

We are based in Canada. Our servers, service providers, and contractual partners may be located in Canada, the United States, the European Union, India, or other countries. When personal information is transferred outside the jurisdiction in which it was collected, we use appropriate safeguards, including contractual commitments with recipients to protect personal information in a manner consistent with applicable privacy laws.

If you are located in a jurisdiction outside Canada and use the Services, you acknowledge and consent that your personal information will be transferred to, processed in, and stored in Canada and other countries where our service providers operate.

9. Data Security and Retention

9.1 Security

We implement reasonable physical, technical, and organisational measures designed to protect personal information against unauthorised access, loss, alteration, and disclosure. These measures include encryption in transit (TLS) and, where appropriate, at rest, access controls, authentication, logging, and periodic security reviews. We treat Private Content with additional safeguards. No method of transmission or storage is completely secure; you are responsible for maintaining the confidentiality of your account credentials.

9.2 Retention

We retain personal information for as long as your Account is active, as needed to provide the Services, or as necessary to comply with our legal, financial, audit, accounting, security, and dispute-resolution obligations. Following Account deletion, we may retain limited information for a reasonable period to satisfy legal, regulatory, or fraud-prevention requirements, or in anonymized or aggregated form that does not identify you. Voluntary Offering and Membership records may be retained for periods required under applicable financial, tax, and accounting laws.

9.3 Aggregated and Anonymized Information

We may create aggregated, de-identified, or anonymized information from personal information and use such information for any lawful purpose, including to improve the Services and our mission, provided such information cannot reasonably be used to identify you.

10. Your Privacy Rights

Depending on the jurisdiction in which you reside and subject to applicable law and reasonable verification, you may have the following rights:

• Access — request confirmation of, or a copy of, the personal information we hold about you;
• Correction — request that inaccurate or incomplete information be corrected;
• Deletion — request that we delete your personal information, subject to limited legal exceptions;
• Withdrawal of consent — withdraw any consent you have given for processing based on consent;
• Portability — request a copy of certain personal information in a structured, machine-readable format, where technically feasible;
• Objection or restriction — object to or request restriction of certain processing activities;
• Lodge a complaint — file a complaint with the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’information du Québec, or another competent supervisory authority in your jurisdiction; and
• Information regarding automated decision-making — request information about, and to object to, any solely automated decisions producing legal or similarly significant effects (we generally do not make such decisions through the Services).

To exercise any of these rights, please contact our Privacy Officer at hello@santomission.com with the subject line “Privacy Request”. We may require reasonable information to verify your identity before responding to your request. We will respond within the time periods required by applicable law. We will not discriminate against you for exercising your rights.

11. Marketing Communications

We send commercial electronic messages only with your consent, in accordance with Canada’s Anti-Spam Legislation (CASL) and other applicable laws. You may withdraw your consent at any time by using the unsubscribe link in any marketing email, replying STOP to SMS messages, adjusting your in-app or device settings, or writing to hello@santomission.com. Transactional and administrative messages (account, security, payment, legal) are not subject to opt-out while you continue to use the Services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes are effective on posting to santomission.com, with the “Last Updated” date revised. For material changes, we will make reasonable efforts to notify you in advance through the Services or by email. Your continued use of the Services after the effective date means you accept the updated Privacy Policy.

13. Contact and Privacy Officer

We have designated a Privacy Officer responsible for our compliance with applicable privacy laws, including Quebec’s Law 25. You may contact our Privacy Officer with any questions, requests, or concerns regarding this Privacy Policy or the handling of your personal information.

Santo Mission Inc. (operating as Santo Catholic Mission)

Attention: Privacy Officer

Edmonton, Alberta, Canada T5J 3R8

Thank you for trusting us with your personal information.