Privacy policy

Cato (“we,” “us,” “our”) is a mobile app for Catholic learning and prayer. We respect your privacy and have designed Cato to collect as little personal information as possible while still letting your progress sync across devices.

This policy explains what we collect, why we collect it, who we share it with, and your rights. If you have questions, email us at support@thecatoapp.com.

What we collect

Account information. When you sign in with Apple or another supported provider, we receive your email address (or, if you choose to hide it, an Apple-issued relay address) and the display name you provide. You may use Cato anonymously without signing in; we create an anonymous account for you locally and never receive your personal identifiers in that case.

Profile and practice data. We store the data needed to run the app: your display name, hearts, coins, XP, streak count, completed lessons, prayer log, and notification preferences. This data lives in our authentication and database provider (Supabase) under your account.

Push-notification tokens. If you enable notifications, we store a device push token so we can deliver daily reminders. You can revoke this anytime in iOS or Android settings.

Diagnostic data. We may retain server-side error logs (timestamps, error type) to keep the service running. These logs do not contain the contents of your lessons or prayers.

What we do not collect

• We do not use third-party advertising or cross-app tracking SDKs.
• We do not sell your information to anyone, ever.
• We do not collect contacts, location, photos, microphone, or calendar data.
• We do not build advertising profiles based on your activity.

How we use your information

• To create and maintain your account.
• To sync your practice (lessons, streak, prayer log) across your devices.
• To send the notifications you have explicitly opted into (saint of the day, daily reminder).
• To diagnose crashes and improve the app. Error reports are not used to identify individual users.

Who we share it with

We use a small number of trusted infrastructure providers to run Cato. We share only what is required for these providers to perform their function, and they are bound by their own data-protection commitments:

• Supabase — authentication and database hosting.
• Apple Push Notification service and Google Firebase Cloud Messaging — delivery of push notifications you opt into.
• Apple App Store and Google Play — distribution of the app itself.

We do not share your information for marketing purposes with any third party.

Children

Cato is intended for users 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, please contact us and we will delete it.

Your rights

You can delete your account and all associated data at any time from Settings → Account → Delete account & data within the app. Deletion is immediate and permanent. You may also email us at support@thecatoapp.com to:

• Request a copy of the data we hold about you.
• Correct inaccurate information.
• Exercise rights under the GDPR, CCPA, or similar laws where they apply.

Data retention

We keep your account data for as long as your account exists. When you delete your account, we erase your records from our active databases promptly; routine backups containing your records are rotated out within 30 days.

Security

Connections between the app and our servers are encrypted in transit (TLS). Account data is encrypted at rest by our database provider. No system is perfectly secure, but we keep our practices up-to-date and will notify affected users if we ever discover a material breach.

Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top. For material changes that affect how we use your data, we will notify you in the app.

Contact

Email support@thecatoapp.com with any privacy questions or requests.