Privacy Policy
Last updated: April 27, 2026
1. Overview
This Privacy Policy describes how Catholic Church Times ("we", "us", "our") collects, uses, and shares information when you visit catholicchurchtimes.com (the "Service"). We are committed to handling your data responsibly and transparently. By using the Service you agree to this policy.
2. Who We Are (Data Controller)
Catholic Church Times is the data controller for the personal information processed through the Service. You may contact us at support@catholicchurchtimes.com.
3. Information We Collect
We collect the following categories of information:
- Information you provide — when you submit a parish, request a correction, or email us, we receive your email address, IP address, browser user-agent, and the content of your submission.
- Automatically collected information — when you visit the Service, our hosting provider and analytics tools automatically receive your IP address, browser type and version, device type, operating system, the pages you view, the referring URL, and timestamps.
- Approximate location — derived from your IP address, used to suggest nearby parishes. We do not use precise GPS unless you explicitly grant location permission via your browser.
- Cookies and similar technologies — see Section 6.
4. How We Use Information
We use the information described above to:
- Operate, maintain, and improve the Service;
- Show you Mass times and parish data near your approximate location;
- Respond to your inquiries, submissions, and corrections;
- Monitor for fraud, abuse, and security incidents;
- Measure aggregate site usage and performance;
- Display advertising and measure ad performance (see Section 6).
5. Legal Bases (GDPR / UK GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under Articles 6 and 9 of the GDPR: (i) legitimate interests — operating the Service, security, and basic analytics; (ii) consent — for advertising cookies, personalized advertising, and any optional cookies, where required by your jurisdiction; (iii) contract — to respond to submissions or correspondence you initiate; and (iv) legal obligation — where law requires us to retain or disclose information.
6. Cookies, Analytics & Advertising
We use first- and third-party cookies and similar technologies (web beacons, local storage, device identifiers) for the following purposes:
- Strictly necessary — site functionality, fraud prevention.
- Analytics — Google Analytics 4 (Google Ireland Ltd. / Google LLC) to measure aggregate site usage. We use IP-anonymization where supported.
- Performance — Vercel Speed Insights and Vercel Analytics to monitor performance.
- Advertising — third-party advertising networks (including Mediavine and other IAB TCF v2.2 vendors) may set cookies and use device identifiers to deliver and measure advertising. These vendors may collect data including IP address, device identifiers, browsing activity, and inferred interests, and may share that data with their partners. A complete list of advertising vendors and their purposes is available through our consent management platform.
Where required by law (e.g., the EEA, UK, or US states with opt-out rights), we present a consent or opt-out notice. You can also signal your preference using the Global Privacy Control (GPC); we honor GPC for "do not sell or share my personal information" requests as required under California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and other applicable state laws.
7. How We Share Information
We share information only with the following categories of recipients:
- Service providers — hosting (Vercel), database (Supabase), email (Resend), analytics (Google), advertising networks (Mediavine and IAB TCF vendors), DNS (Cloudflare), all under contractual obligations to protect your data.
- Legal authorities — when required by law, court order, or to protect rights, safety, or property.
- Successor entities — in the event of a sale, merger, or asset transfer (with notice to affected users).
We do not sell your personal information for monetary consideration. Some advertising-related data sharing may qualify as "sharing" or "selling" under certain US state privacy laws; you can opt out via the controls described in Section 6.
8. Data Retention
We retain submissions and correspondence for as long as needed to operate the Service or comply with legal obligations, typically up to 24 months. Server logs are retained up to 30 days. Analytics data is retained per Google Analytics' default settings (currently 14 months for user-level data). Advertising-related data retention follows each vendor's policy.
9. Your Rights
Depending on where you live, you may have rights to (i) access the personal data we hold about you; (ii) correct inaccurate data; (iii) delete your data; (iv) restrict or object to processing; (v) data portability; (vi) opt out of targeted advertising or "sale/share" of personal data; (vii) withdraw consent at any time. To exercise any right, email support@catholicchurchtimes.com with the subject line "Privacy Request" and we will respond within 30 days (or 45 days for complex requests under CPRA).
EEA/UK residents have the right to lodge a complaint with their local supervisory authority. California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, opt out of sale/share, and limit use of sensitive personal information.
10. International Data Transfers
The Service is hosted in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our service providers operate. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms where applicable.
11. Children's Privacy
The Service is not directed to children under 13 (or 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided personal data to us, contact us and we will delete it.
12. Security
We use industry-standard technical and organizational measures (HTTPS encryption in transit, access controls, principle of least privilege) to protect personal data. No system is 100% secure; we cannot guarantee absolute security.
13. Third-Party Links
The Service contains links to third-party websites (parish websites, official Church sites, etc.). We are not responsible for those sites' privacy practices. Review their privacy policies before providing them with personal data.
14. Changes to This Policy
We may update this policy. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated through a banner on the Service for at least 30 days.
15. Contact
Questions or privacy requests:
Catholic Church Times