Trust

Data & Security

Written for the dioceses, parishes, and ministry leaders evaluating us. Here is how we safeguard your data and who we work with to run the Service.

Encryption

All traffic between your browser and our Service is encrypted in transit over HTTPS/TLS. Data stored in our database is encrypted at rest through our managed Postgres provider (Supabase).

Access controls

We use row-level security so that records are scoped to the account that owns them, and we isolate privileged, service-role credentials to trusted server-side code only. Access to production systems is limited to what is necessary to operate and support the Service.

Where your data is hosted

The application is hosted on Vercel and data is stored with Supabase, both in United States regions.

We do not sell your data

We never sell your personal information or your homily content. We share data only with the subprocessors below, and only as needed to deliver the Service.

Subprocessors

We rely on a small set of established providers to run the Service:

Data Processing Agreement

For diocesan, parish, and other organizational customers, a Data Processing Agreement (DPA) is available on request. Email us at hello@catholichomily.com and we will provide one.

Questions

For security questions or to report a concern, reach us at hello@catholichomily.com.