Privacy Policy

Effective date: March 11, 2026

Sancto (“we,” “us,” or “our”) operates the Spiritual Gifts Inventory platform (the “Service”). This Privacy Policy explains how we collect, use, and protect information when you use our Service.

1. Information We Collect

Parish Administrators

When a parish registers for the Service, we collect:

  • Name (first and last) of the account holder
  • Email address
  • Parish name, diocese, city, state, and website (optional fields)
  • Payment information (processed by Stripe — we do not store card numbers)
  • Parish logo (if uploaded)

Parishioners

When a parishioner completes the Spiritual Gifts Inventory, we collect:

  • First and last name
  • Email address
  • Responses to the 23-question inventory
  • Calculated spiritual gift scores

Parishioners do not create accounts. Their information is collected solely to generate results and allow their parish administrator to view those results.

Team Members

When a parish administrator invites a team member, we collect the invitee's email address and, upon acceptance, their name and password.

2. How We Use Your Information

  • To provide and operate the Service
  • To generate and display spiritual gifts results to parishioners and administrators
  • To process subscription payments via Stripe
  • To send transactional emails (account confirmation, billing notifications)
  • To respond to support requests

We do not sell your information to third parties.

3. Data Storage and Security

All data is stored in the United States using Supabase (PostgreSQL database and file storage) and Vercel (application hosting). We apply row-level security policies so that each parish can only access its own data.

Parishioner data is accessible only to administrators of the specific parish whose inventory link the parishioner used. No parish can access another parish's data.

We implement reasonable technical and organizational safeguards to protect your information, but no internet transmission is 100% secure.

4. Third-Party Services

  • Stripe — payment processing. Stripe's privacy policy applies to billing data. We receive only a customer ID and subscription status.
  • Supabase — database and file storage hosting.
  • Vercel — application hosting and edge infrastructure.
  • Resend — transactional email delivery.

5. Data Retention

Parish and user account data is retained for the lifetime of the subscription and for 90 days after cancellation, after which it may be permanently deleted.

Parishioner submission data is retained as long as the associated parish account is active.

6. Your Rights

You may request:

  • Access to the personal data we hold about you
  • Correction of inaccurate data
  • Deletion of your account and associated data

To make any of these requests, contact us at support@sanctoapp.com. We will respond within 30 days.

7. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact

If you have questions about this Privacy Policy, please contact us at support@sanctoapp.com.