Trust
Data & Security
Written for the dioceses, parishes, and ministry leaders evaluating us. Here is how we safeguard your data and who we work with to run the Service.
Encryption
All traffic between your browser and our Service is encrypted in transit over HTTPS/TLS. Data stored in our database is encrypted at rest through our managed Postgres provider (Supabase).
Access controls
We use row-level security so that records are scoped to the account that owns them, and we isolate privileged, service-role credentials to trusted server-side code only. Access to production systems is limited to what is necessary to operate and support the Service.
Where your data is hosted
The application is hosted on Vercel and data is stored with Supabase, both in United States regions.
We do not sell your data
We never sell your personal information or your homily content. We share data only with the subprocessors below, and only as needed to deliver the Service.
Subprocessors
We rely on a small set of established providers to run the Service:
- Supabase — database and secure data storage.
- Anthropic (Claude) — AI generation of homily drafts.
- Stripe — payment and subscription processing.
- Resend — transactional email delivery.
- Vercel — application hosting and delivery.
Data Processing Agreement
For diocesan, parish, and other organizational customers, a Data Processing Agreement (DPA) is available on request. Email us at hello@catholichomily.com and we will provide one.
Questions
For security questions or to report a concern, reach us at hello@catholichomily.com.