Privacy notice
What we collect
We collect only what we need to run Catylst. That means your account details (email, display name, password hash), the organizations you save and search for, the messages you exchange with organizations inside Catylst, and your subscription and billing state. If you opt in to share a Faith Profile, we collect the denominations, traditions, and values you choose to share, always encrypted at rest.
Why we collect it
Catylst exists to match donors with ministries they trust. That only works when we know what you care about. Everything we store has a direct purpose in the product — we do not collect data "for later" or sell it to anyone, ever.
Your rights
Whether you're covered by GDPR, CCPA, or neither, you have the same rights on Catylst:
- Download everything we hold about you — a machine-readable copy, delivered via a secure link within 24 hours.
- Correct anything that's wrong — directly from your profile, or by contacting support.
- Delete your account — with a 30-day grace window you can cancel by signing back in.
- Withdraw consent — for marketing, analytics, AI personalization, or faith data, without affecting your ability to use the rest of Catylst.
- Lodge a complaint — with your local data protection authority if you believe we've mishandled your data.
Every one of these is available from Settings > Privacy, or by emailing privacy@catylst.com.
Third parties we work with
A small number of trusted services help us run Catylst. Each one receives only the data it needs:
- Supabase — hosts your account and giving history in an encrypted US database.
- Stripe — processes subscription payments; we never see your full card details.
- SendGrid — delivers transactional emails like receipts, alerts, and sign-in links.
- Cloudflare — protects Catylst against attacks and speeds up page loads.
How we protect your data
Every page is served over HTTPS. Your password is stored as a salted hash, never in plain text. Sensitive faith data is encrypted at rest with per-tenant keys. Every access to your data is logged to an append-only, hash-chained audit trail so we can prove who touched what, and when.
Contact us
Questions or concerns? Email privacy@catylst.com. We answer every privacy request within two business days.