Privacy Policy

Loreto Sites provides website creation, import, publishing, hosting coordination, domain support, content review, forms, analytics, and support tools for Catholic parishes, schools, ministries, dioceses, and related organizations.

References to "Loreto Sites," "Loreto Media," "we," "us," and "our" mean Loreto Media LLC. References to "Customer" mean the organization that uses Loreto Sites to manage a website. References to "Customer Site" mean a website published through Loreto Sites for a Customer.

We collect account information such as name, email address, authentication details, organization name, role, permissions, billing status, and customer support history.

We collect website and organization content such as uploaded logos and images, pages, bulletins, Mass or event schedules, school information, staff information, locations, contact details, giving links, domain settings, form configuration, publication history, and review notes.

We collect communications and form submissions, including demo requests, support tickets, import notifications, contact form submissions, and email delivery metadata.

We collect technical and usage information such as IP address, device and browser information, log data, App Check or security signals, pages viewed, actions taken in the product, approximate timestamps, referral data, and diagnostic events.

When a Customer asks us to import or scan an existing website, we may collect publicly available website content from that source site and use it to prepare a draft for review.

We use information to provide, secure, maintain, improve, and support Loreto Sites; authenticate users; create and publish Customer Sites; process form submissions; send service emails; coordinate domains and deployments; process subscriptions; troubleshoot issues; prevent abuse; comply with law; and communicate with customers.

We may use imported website content, uploaded assets, drafts, and support requests to generate or suggest site content for Customer review. Customers are responsible for reviewing and approving content before publishing.

We do not use Customer content to create public marketing materials without permission. We do not sell personal information.

We share information with service providers that help us operate Loreto Sites, including hosting, authentication, database, storage, email delivery, billing, analytics, website scanning, deployment, security, and drafting providers. These providers may process information only as needed to provide their services to us.

We share information with a Customer's authorized users according to their role and permissions. Customer Sites may publish content that Customers choose to make public.

We may disclose information if required by law, legal process, security investigation, abuse prevention, business transfer, or to protect the rights, safety, and property of Loreto Media, Customers, users, or others.

Payments and subscriptions are processed by Stripe. We do not store full card numbers. We may store Stripe customer IDs, subscription status, plan, billing interval, and related payment metadata needed to manage access and support.

Customers control the content they publish on Customer Sites. If you submit a form on a Customer Site, the Customer and its authorized users may receive and process your submission. Loreto Sites may process that submission as a service provider to the Customer.

Customers are responsible for having the rights and permissions needed for their public content, including images, staff information, student information, ministry information, and any personal data they ask us to host or publish.

Loreto Sites is designed for organizational users, not for children to create accounts. We do not knowingly collect account information directly from children under 13.

Customers that are schools, parishes with schools, or youth-serving organizations are responsible for obtaining any required consent and for complying with laws and policies that apply to student, minor, sacramental, youth ministry, photo, and directory information. Customers should not upload sensitive child information unless they have authority to do so and the information is necessary for the service.

We use cookies, local storage, device identifiers, and similar technologies for authentication, security, preference storage, fraud prevention, product operation, and diagnostics. We may use analytics or marketing technologies if enabled for the site.

See our Cookie Policy for details about categories of cookies and when consent controls may be needed.

We keep information for as long as needed to provide Loreto Sites, comply with legal obligations, resolve disputes, enforce agreements, maintain backups, preserve audit logs, prevent abuse, and support Customers.

Customers may request deletion or export of their account or organization data. Some information may remain in backups, logs, billing records, security records, or legal records for a limited period.

We use administrative, technical, and organizational safeguards designed to protect information, including role-based access, authentication boundaries, rate limits, request validation, audit-oriented records, provider security controls, and secure transport where appropriate.

No method of transmission or storage is perfectly secure. Customers should use strong passwords, restrict account access, review permissions, and promptly report suspected security issues.

Depending on your location, you may have rights to request access, correction, deletion, portability, restriction, objection, or information about how personal information is used and disclosed. You may also have the right to opt out of sale, sharing, targeted advertising, or certain profiling where applicable.

We do not sell personal information. If we later use technologies considered "sharing" or targeted advertising under applicable privacy law, we will provide a way to opt out.

To exercise privacy rights, contact us at support@ostendere.com. We may need to verify your request. If your request relates to a Customer Site, we may direct you to the Customer or coordinate with them because they control the underlying website content.

Loreto Sites is operated from the United States. If you access the service from outside the United States, your information may be processed in the United States and other locations where our providers operate.

We may update this Privacy Policy as Loreto Sites changes. If changes are material, we will take reasonable steps to notify Customers, such as posting the updated policy, updating the date above, or sending a service notice.

Questions, requests, and security concerns can be sent to support@ostendere.com.