Privacy Policy

# Via Sanctum Privacy Policy

Last updated: 12 March 2026

## 1. Who we are
Via Sanctum is a Catholic study app with optional, controlled community event features, operated by Tony Kero in New South Wales, Australia.

This Privacy Policy explains how Via Sanctum collects, uses, stores, and discloses personal information.

## 2. Contact us
- Website: https://viasanctum-legal.onrender.com/
- Support: https://viasanctum-legal.onrender.com/support/
- Privacy and support: support@viasanctum.app
- Safety and moderation fallback: safety@viasanctum.app

## 3. What we collect
Depending on how you use Via Sanctum, we may collect:

- Account information: username, email address, password hash, password salt, email verification status, and related account security records.
- Age-gate information: date of birth entered by you, 18+ eligibility result, and age-confirmation timestamps.
- Profile information: selected preset profile avatar and optional patron saint or favourite saint selection.
- App activity and settings: Bible progress, streaks, scores, rewards, feature settings, notification preferences, onboarding progress, and other in-app preferences.
- Events and moderation data: host applications, event listing submissions, event RSVP status, support submissions, and moderation reports.
- Faith-reflection content: journal/reflection content (including Pilgrim Card reflections).
- Device and service information: app version, basic service logs, device/service identifiers used for security and abuse-prevention requests, on-device diagnostic/performance information used for reliability and troubleshooting, locally stored notification registration information when remote notifications are enabled, and any diagnostics you choose to include in a support report.
- Location-related information: your device location, which may be approximate or more precise depending on your iOS permission/settings, when you use Pilgrim Cards nearby unlock checks or the nearby church finder.

We aim to collect only personal information reasonably needed to operate, secure, improve, and moderate the service.

In the current release, MetricKit diagnostic payloads and APNs registration data are stored on-device by default. They are not uploaded off-device unless a future release adds token upload or you choose to submit diagnostics through an in-app support request.
In the current release, date of birth entered for age checks is evaluated in-app and is not stored in the account snapshot or synced off-device by default. Stored account metadata is limited to the age-confirmation result/timestamps needed to enforce the 18+ policy.
In the current release, cross-device cloud sync is limited to reading progress, verse notebook content, event/RSVP and host-review state, and moderation state stored through the user's Apple iCloud sync environment. Full account snapshots are not synced off-device by default.
In the current release, Pilgrim Cards and nearby church discovery use foreground, user-initiated location checks only. Via Sanctum does not use continuous background location tracking.
In the current release, those location checks are performed on-device and are not uploaded to the backend or other off-device services by default.

## 4. Sensitive information
Faith-related information, including religious beliefs, spiritual reflections, and similar content, may be sensitive information under Australian privacy law.

Where Via Sanctum handles faith-related information, it aims to use privacy-conscious settings, clear feature choices, and access limits based on how the feature works.

Where you choose to submit optional faith-related reflections, journal entries, or similar content, you consent to Via Sanctum collecting and handling that information for the feature you selected, in line with this Privacy Policy.

## 5. How we collect information
We may collect personal information:

- directly from you when you sign up, verify your email, update your profile, use app features, submit host applications, submit event listings, run Pilgrim Cards nearby checks, submit support requests, or make reports;
- automatically through normal operation of the app, such as syncing, notifications, diagnostics, security logging, and saving feature settings;
- from service providers who support core app functions, such as email delivery, cloud services, infrastructure, notifications, and technical support tools.

## 6. Why we collect and use information
We may collect, hold, use, and disclose personal information to:

- create and manage user accounts (account access is required to use Via Sanctum features);
- verify email addresses and support password reset and account recovery;
- apply and enforce the adults-only 18+ age policy;
- provide core app features, including Bible study tools, education tools, games, Pilgrim Cards (location-based church card unlocks), approval-based event listings, RSVP records, and safety systems;
- keep Pilgrim Card visit history private by default unless you manually choose to share;
- review host applications and moderate event listings before publication through internal moderator-admin workflows;
- sync progress, settings, reminders, and activity across supported services;
- respond to support requests, abuse reports, and safety incidents;
- record legal acceptance, policy versions, and consent timestamps;
- protect users, investigate misuse, and prevent fraud, spam, abuse, or unauthorised access;
- maintain service reliability, backups, diagnostics, and operational security;
- comply with applicable legal obligations.

Current release clarification:
- Via Sanctum does not provide in-app friend discovery, direct messaging, challenge invites, multiplayer or co-op gameplay, prayer-request walls, event chat, comments, open public posting feeds, or anonymous user-to-user communication features.

## 7. Direct marketing
Via Sanctum does not sell personal information.

Via Sanctum may send service-related messages needed to operate your account or the app, such as verification emails, password reset emails, security notices, and operational notifications you enable.

Via Sanctum does not send marketing emails, marketing SMS, or promotional push campaigns.

Via Sanctum does not operate paid subscriptions or recurring billing at this time.

## 8. Disclosure of personal information
We may disclose personal information to service providers and technical partners that help operate Via Sanctum, such as providers supporting:

- cloud storage and sync;
- infrastructure and hosting;
- email delivery;
- notifications;
- diagnostics and reliability monitoring;
- security and abuse-prevention functions.

We may also disclose information where reasonably necessary for moderation, safety enforcement, incident response, fraud prevention, or where required by law.

## 9. Overseas handling
Some service providers used to operate Via Sanctum may handle personal information outside Australia.

Likely overseas locations include the United States and other regions where relevant cloud, infrastructure, email, notification, and technical service providers operate, which may include the European Economic Area and Singapore.

Where reasonably required, steps are taken to protect personal information in connection with overseas handling.

## 10. Data retention
Personal information is kept only for as long as reasonably needed for service operation, account recovery, moderation, fraud prevention, legal compliance, and related business or technical purposes.

Examples may include:
- active account information while your account remains in use;
- safety reports and moderation evidence for up to 12 months, or longer where reasonably required for incident handling or legal reasons;
- limited backups and logs for operational, fraud-prevention, and recovery purposes.

When information is no longer reasonably required, it is deleted or de-identified where practicable.

## 11. Security
Via Sanctum uses layered safeguards intended to reduce the risk of misuse, loss, unauthorised access, modification, or disclosure. These may include authenticated access controls, encryption in transit, Keychain storage for certain credential-related material, and access restrictions for moderation and operational systems.

No internet service can be guaranteed to be completely secure.

## 12. Your choices and rights
You may be able to:

- access and update some profile information in-app;
- request access, correction, export, or deletion support using the in-app Privacy Request Center or by contacting support@viasanctum.app;
- delete your account in-app from `Account > Delete Account`.

Where applicable under Australian law, privacy requests are handled in line with applicable access and correction requirements.

## 13. Privacy complaints
If you have a privacy complaint, use the in-app Privacy Request Center or contact support@viasanctum.app first so it can be investigated.

If your complaint is not resolved, you may contact the Office of the Australian Information Commissioner (OAIC):
https://www.oaic.gov.au/privacy/privacy-complaints

## 14. Adults-only age policy
Via Sanctum is intended only for users aged 18 and older.

Accounts for users under 18 are not permitted. Suspected underage accounts may be temporarily restricted during review, and confirmed under-18 accounts may be removed.

Accounts for users under 16 are explicitly blocked. Repeated underage signup attempts trigger a temporary device-level signup cooldown.

## 15. Changes to this policy
This Privacy Policy may be updated from time to time.

Material changes will be reflected by updating the date at the top of this page. Where needed, Via Sanctum may require in-app re-acceptance before continued use of certain features.