Privacy Policy
Effective Date: May 11, 2026 Last Updated: June 30, 2026
LiveSaintly ("we," "our," or "the App") is a Catholic prayer and devotion app published by LiveSaintly. This Privacy Policy explains how we collect, use, share, and protect your information when you use the LiveSaintly mobile application.
If you do not agree with this policy, do not use the App.
1. Information We Collect
1.1 Information You Provide
When you create an account or use the App, we collect:
- Account information: email address, password (hashed; we never store your plain-text password), name, chosen username
- Profile fields: gender, liturgical rite preference (Roman, Tridentine, Maronite, etc.), date of birth (optional), bio, patron saint, favourite verse, parish, confirmation name, profile photo
- Prayer activity: which prayers you mark complete, your prayer streak, custom daily prayer list, mass-prayer additions, novena progress, examination-of-conscience selections, indulgence-claim history
- Community content: messages you send in direct messages and groups, friend requests, group memberships, prayer-chain participation
- Push notification token: an opaque device identifier from Expo / Apple / Google that lets us send notifications to your device
1.2 Information Collected Automatically
- Diagnostic / crash data: if you opt in to crash reporting (Sentry), we collect anonymous crash logs and the route the app was on when it crashed. No personal data is included.
- API request metadata: Railway logs each request with an IP address and timestamp for security and abuse prevention (kept ~30 days).
1.3 What We Do NOT Collect
- We do NOT collect your precise location
- We do NOT access your contacts, calendar, camera roll (except photos you explicitly upload as a profile picture), microphone, or health data
- We do NOT track you across other apps or websites
- We do NOT collect data on minors under 13 (see §6)
2. How We Use Your Information
We use the information collected to:
- Operate the core app features: account login, prayer tracking, daily liturgical content, friend graph, direct messages, groups, push reminders
- Send transactional email (verification codes, password resets, payment receipts) — these are always sent because they are essential to your account
- With your consent, send non-essential email (welcome messages, occasional news and tips). Every such message identifies us, includes our mailing address, and carries a one-click unsubscribe link. Email is delivered via Resend (primary) with Gmail SMTP as a fallback
- Surface today's mass readings tailored to your selected rite. Our server checks public sources (USCCB.org for the modern Roman calendar, missalemeum.com for the 1962 calendar) to determine which passages fall today, sending only the date and your rite and no personal data; the scripture text shown is the public-domain Douay-Rheims
- Send push notifications you've consented to (verse-of-the-day, prayer-chain reminders, friend requests, DM previews)
- Investigate abuse, troubleshoot bugs, comply with legal obligations
We do NOT use your data to train AI models, sell advertising, or share with brokers.
3. How We Share Information
We share your data only with the third-party services strictly required to run the App. We do not sell or rent your data to anyone.
| Provider | Purpose | Data Shared |
|---|---|---|
| Railway (Railway Corp) | Hosts our backend and database | All app data |
| MongoDB (hosted via Railway) | Database storage | All app data |
| Expo / EAS (Expo, Inc.) | Push notification delivery + over-the-air JS updates | Push tokens, device platform |
| Resend (Resend, Inc.) | Sending account + notification email (primary provider) | Recipient email, name, message content |
| Gmail SMTP (Google) | Sending email when the primary provider is unavailable (fallback) | Recipient email, name, message content |
| USCCB.org | Roman-rite daily readings | Date only |
| Missalemeum.com | Tridentine 1962 Missal daily readings | Date only |
| Squarespace | Domain DNS + landing page hosting | None (DNS only) |
Other than the providers above, we share data only when:
- Required by law (subpoena, warrant)
- Required to prevent fraud or imminent harm
- You explicitly direct us to (e.g., sharing a prayer card on social media via the OS share sheet)
4. Data Retention
- Account data: kept until you delete your account
- Direct messages and group posts: kept until you delete the message OR delete your account
- Diagnostic logs: kept ~30 days, then deleted
- Email verification codes: valid for 10 minutes, deleted after expiry
To delete your account, go to Settings → Account → Delete Account, or email us (see §10).
5. Your Rights
Depending on where you live, you may have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Delete your data
- Export your data (we'll provide a JSON dump)
- Object to certain processing
- Withdraw consent for non-essential email and push notifications at any time — see §5a (email) and Settings → Notifications (push)
To exercise any of these rights, email us (see §10). We respond within 30 days.
California residents: under CCPA, you have additional rights including the right not to be discriminated against for exercising any privacy right. We do not sell personal information.
EU/UK residents: under GDPR, our lawful basis for processing is (a) consent for marketing communications, (b) contract performance for account and core features, (c) legitimate interest for fraud prevention.
5a. Commercial Email & Your Consent (CASL)
We comply with Canada's Anti-Spam Legislation (CASL) and comparable laws (e.g. CAN-SPAM in the United States).
- Consent. When you create an account you give us consent to send you non-essential ("commercial") email about LiveSaintly, on the basis of our ongoing relationship with you. We record the date and source of that consent so it is auditable and revocable. Essential, transactional email — verification codes, password resets, and payment receipts — is sent regardless of this setting because it is required to operate your account.
- Sender identification. Every commercial email identifies us by name and includes a valid postal mailing address and a reply/contact address, as required by law.
- Unsubscribe. Every commercial email contains a working one-click unsubscribe link that takes effect promptly and without any further action on your part. You can also change your preference any time by signing in at besaintlyapp.com/account → email preferences, or in the app under Settings.
Our sender details:
LiveSaintly (published by LiveSaintly)
[POSTAL MAILING ADDRESS — to be supplied by the owner]
Contact: support@besaintlyapp.com
6. Children's Privacy
The App is not directed to children under 13. We do not knowingly collect personal information from children under 13. If a parent or guardian believes their child has provided us with personal information, please contact us (see §10) and we will delete the information.
Users between 13–18 should use the App only with parental consent.
7. Security
We use industry-standard measures to protect your data:
- Passwords are hashed with bcrypt before storage
- All API traffic uses HTTPS / TLS 1.2+
- JWT tokens for session authentication
- Database access requires authenticated connection strings
- Backups stored encrypted at rest
- Access to, and export or deletion of, personal data is recorded in an internal audit log so we can detect and investigate misuse
No system is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours of discovery as required by applicable law.
8. Cookies and Tracking
The mobile App does not use cookies. The website at livesaintlyapp.com may use minimal cookies for session management. We do not use analytics that track you across other sites.
9. Changes to This Policy
We may update this policy from time to time. When we do, we'll:
- Update the "Last Updated" date at the top
- Notify you via in-app banner if the change is material
- Post a changelog at
livesaintlyapp.com/privacy/changelog
Continued use of the App after a material change indicates acceptance.
10. Contact Us
For privacy questions, data requests, or to delete your account:
Email: besaintlyapp.com@besaintlyapp.com
Website: https://livesaintlyapp.com
We acknowledge receipt within 7 days and resolve within 30 days.
11. Jurisdiction
This Privacy Policy is governed by the laws of the Province of British Columbia and the federal laws of Canada applicable therein, without regard to conflict-of-laws principles. Disputes will be resolved in the courts of British Columbia, located in Vancouver, British Columbia, Canada.
12. AI-Assisted Content
Some written content in LiveSaintly, including saint biographies, reflections, and study material, was drafted or edited with the assistance of AI tools, working from public-domain and Church-approved sources (such as the Douay-Rheims Bible, the Baltimore Catechism, and Butler's Lives of the Saints). All such content is reviewed for fidelity to Catholic teaching. LiveSaintly does not present AI-generated text as the words of any living person, and does not use AI to make decisions about your account.
13. Sensitive (Religious) Data & Your Consent
LiveSaintly is a Catholic app, so by its nature it processes information that can reveal your religious beliefs. Under the GDPR and similar laws this is treated as a "special category" of personal data deserving extra protection.
- We process this data only to provide the prayer, devotional, and community features you ask for.
- By creating an account and using these features, you give your explicit, informed consent to this processing.
- You may withdraw your consent at any time by deleting the relevant content or your account.
14. Your Privacy Rights and How to Download Your Data
Wherever you live, you can ask us to honor the rights below over your personal data. If you are in the EU, the UK, or a region with comparable laws (such as Canada or California), these rights are guaranteed to you by law.
- Access and a copy of your data. You can download a complete copy of your account data at any time. In the app, open Settings → Export my data. On the web, sign in at livesaintlyapp.com/account and tap Download my data. We provide it as a machine-readable JSON file, which also satisfies your right to data portability.
- Correction. Edit your profile in the app, or email us to correct anything you cannot change yourself.
- Deletion. Delete your account and all associated data in the app under Settings → Account → Delete, or by emailing us. Deletion completes within 30 days; backups age out on their normal cycle.
- Restriction and objection. You may ask us to limit or stop certain processing of your data.
- Withdraw consent. Because LiveSaintly processes religious data on the basis of your consent, you may withdraw that consent at any time by deleting the relevant content or your account.
- No retaliation. We will never degrade your experience for exercising any of these rights.
For any request you cannot complete in the app, email privacy@besaintlyapp.com. We confirm receipt within 7 days and respond within 30 days. We never sell your personal data.