Monstrance is a Catholic prayer companion. We hold ourselves to the data-practice norms appropriate for that purpose — collecting the minimum necessary, sharing none, and treating prayer as the private act it is. This policy describes exactly what we do.

1. Who We Are

Monstrance is a Catholic prayer-companion application operated by Jeff Neumeier (the "Operator"), based in Mendocino County, California, United States. This Privacy Policy applies to monstrance.app, the Monstrance progressive web app, and any future native mobile applications published under the Monstrance name (collectively, the "Service").

2. What Information We Collect

2.1 Information You Provide Directly

At present, the Service does not require an account, login, or any user registration. You can use Monstrance without providing any personal information. If you contact us by email (for support, legal notice, or feedback), we receive the email address and message contents you send.

When user accounts and synchronization features are added in the future, this section will be updated. We will require renewed consent for any new data collection.

2.2 Information Collected Automatically

When you visit monstrance.app, our infrastructure provider (Cloudflare) automatically logs standard web access information for security and operational purposes:

• Internet Protocol (IP) address (typically retained for 30 days for abuse prevention)
• Browser type and operating system (user-agent string)
• Pages requested and timestamps
• Referring URL, if any

We do not currently use this information for analytics, marketing, or profiling. It is generated and held by Cloudflare under Cloudflare's standard terms of service.

2.3 Information Stored Locally on Your Device

The Service caches reading data (daily Mass readings, saint biographies, Catholic art) on your device to enable offline use and fast loading. This data is stored entirely on your device, never transmitted back to us, and you can clear it at any time through your browser's site-data controls or by uninstalling the app.

2.4 Information We Do Not Collect

To be explicit, the Service currently does not:

• Use Google Analytics, Facebook Pixel, or any third-party analytics service
• Use advertising trackers or behavioral profiling
• Sell, rent, or share any user data with marketing partners
• Record prayer intentions, examination-of-conscience entries, or any personal spiritual content (no such features currently exist; if added, they will be stored locally on your device with explicit user consent for any sync)
• Track location beyond the country-level inference available from your IP address

3. How We Use Information

The limited information we do collect is used solely to:

• Operate, maintain, and secure the Service
• Diagnose technical issues and respond to abuse reports
• Respond to your inquiries when you contact us by email
• Comply with applicable legal obligations

4. How We Share Information

We do not sell, rent, trade, or share your personal information with any third party for marketing purposes. The only circumstances under which we may share information are:

• Service providers acting on our behalf — currently Cloudflare (web hosting and DNS) and Fastmail (email). These providers are bound by their own privacy policies and process data only as needed to deliver their services to us.
• Legal requirement — if compelled by valid legal process (subpoena, court order) issued by a court of competent jurisdiction. We will challenge overly broad requests and notify affected users where legally permitted.
• Protection of rights — to investigate suspected fraud, security violations, or abuse of the Service.

5. Data Retention

Server logs are retained for approximately 30 days by Cloudflare, then automatically purged. Email correspondence is retained for as long as necessary to respond to your inquiry and meet any record-keeping obligations.

6. Your Rights

6.1 Universal Rights

Because we collect minimal personal information and operate no user accounts, most data-protection requests amount to one of the following actions which you can take yourself:

• Delete locally cached data: use your browser's site-data controls or uninstall the application from your device
• Stop receiving email: simply do not initiate further email contact
• Request access to data we hold about you: email [email protected]

6.2 California Residents (CCPA / CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, California residents have the right to:

• Know what personal information we collect and the categories of sources
• Request deletion of personal information we hold about you
• Request correction of inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell or share)
• Non-discrimination for exercising these rights

To exercise any of these rights, email [email protected]. We will respond within 45 days as required by law.

6.3 European Residents (GDPR)

If you are a resident of the European Economic Area or United Kingdom, you have rights under the General Data Protection Regulation including access, rectification, erasure, restriction of processing, data portability, and objection. Contact [email protected] to exercise these rights.

7. Children

The Service is intended for a general audience aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact [email protected] and we will delete it.

8. Security

We take reasonable measures to protect information we hold from unauthorized access, disclosure, alteration, or destruction. The Service is delivered over HTTPS. However, no method of transmission over the internet or electronic storage is perfectly secure, and we cannot guarantee absolute security.

9. International Users

The Service is operated from the United States. If you access the Service from outside the United States, you understand that your information may be transferred to and processed in the United States, where data protection laws may differ from those of your country.

10. Third-Party Links and Services

The Service may contain links to external resources (Catholic publications, USCCB lectionary references, art-source attributions on Wikimedia Commons, etc.). We are not responsible for the privacy practices of those third-party sites. We encourage you to review the privacy policies of any external sites you visit.

11. Future Features and Material Changes

As Monstrance develops, we may add features that involve additional data processing — for example, optional user accounts for cross-device sync of prayer settings, opt-in usage analytics for product improvement, or in-app purchase support through Apple or Google's standard billing systems. When such features are introduced, this Privacy Policy will be updated and material changes will be communicated prominently within the Service before they take effect.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the most recent revision. Continued use of the Service after updates constitutes acceptance of the revised policy. For material changes, we will provide additional notice.

13. Contact

Privacy questions, requests, and concerns should be directed to:

Email: [email protected]
Subject line: Privacy inquiry