Privacy Policy

Effective date: 30 May 2026 · ArtinCatholic, New South Wales, Australia

Vivacantus (“we”, “us”, “our”) is operated by ArtinCatholic, based in New South Wales, Australia. We are committed to protecting the personal information of our users in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains what information we collect, why we collect it, how we store and protect it, and your rights regarding that information.

1. Information We Collect

When you register an account, we collect:

Your name
Your email address
Your password — stored only as a one-way cryptographic hash (bcrypt, cost factor 12). We never store or see your actual password.

When you use the service, we may also collect:

An optional profile photo that you upload (stored as a JPEG on our servers)
The liturgical books and sections you create within the application
A session identifier stored in a browser cookie (see Section 3)
Your name and a temporary connection identifier written to server logs for diagnostic purposes (not persisted to permanent storage)

Viewers (parishioners) who access the live display via a shared link are not required to register and we collect no personal information from them. They connect using a randomly generated share token that contains no personal data.

2. How We Use Your Information

To create and manage your Vivacantus account
To authenticate you when you log in
To store and display the liturgical content you create
To provide the real-time word-highlighting service to viewers you invite
To respond to support requests if you contact us

We do not use your information for advertising, profiling, automated decision-making, or any purpose unrelated to providing the Vivacantus service.

3. Cookies

We use a single browser cookie named connect.sid. This is a strictly necessary session cookie — it exists solely to keep you logged in. It:

Expires after 7 days
Is marked HttpOnly (not accessible to JavaScript)
Is transmitted only over HTTPS
Is not used for tracking or advertising

No consent banner is required for strictly necessary cookies under Australian law. You may delete this cookie at any time by logging out or clearing your browser cookies, which will end your session.

4. Third-Party Services

We use the following third-party infrastructure:

Railway (railway.app) — our hosting provider, based in the United States. Your account data and liturgical content are stored on Railway’s servers. Railway’s own privacy policy governs their handling of infrastructure data.
Cloudflare CDN (cdnjs.cloudflare.com) — used to load the QR code library on the admin interface. When this script loads, Cloudflare receives your IP address and browser information. This applies to registered admins only, not viewers.
jsDelivr CDN (cdn.jsdelivr.net) — used to load a screen wake-lock library for viewers on HTTP connections. jsDelivr receives the viewer’s IP address and browser information in this circumstance.

We have no control over data collected by these third-party services. We do not use Google Analytics, Facebook Pixel, or any other tracking or advertising service.

5. Data Storage and Security

Your data is stored on Railway’s infrastructure in the United States. By using Vivacantus, you consent to your personal information being stored outside Australia.

We protect your information using:

HTTPS encryption for all data in transit
Bcrypt password hashing (your actual password is never stored)
Secure, HttpOnly session cookies
Authentication required for all data access endpoints

No system is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your personal information for as long as your account is active. You may permanently delete your account at any time from the Settings panel within the application. Upon deletion:

Your account record is immediately removed from our database
All your liturgical books, groups, and uploaded photos are permanently erased from our servers
Your session is invalidated immediately

Deletion is permanent and cannot be undone.

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

Access the personal information we hold about you
Correct inaccurate information (you can update your name and password within the app)
Delete your information (via the delete account feature)
Make a complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au if you believe your privacy rights have been breached

To request access to your data or raise a privacy concern, contact us at martin@lifelinerosary.com.

8. Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).

9. Children

Vivacantus is not intended for use by anyone under the age of 16. By registering for an account, you confirm that you are at least 16 years old. Viewer access (without registration) does not involve the collection of personal data and is not age-restricted.

10. International Users

If you are located in the European Economic Area, the General Data Protection Regulation (GDPR) may apply to your use of Vivacantus. Viewer access involves no collection of personal data. Registered users may contact us at martin@lifelinerosary.com to exercise any GDPR rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective date” at the top of this page indicates when the policy was last revised. Continued use of Vivacantus after any changes constitutes acceptance of the updated policy.

12. Contact

For privacy enquiries, requests, or complaints:

Email: martin@lifelinerosary.com
Operator: ArtinCatholic, New South Wales, Australia