Last updated: May 20, 2026

Introduction

This privacy policy explains how we process personal data when you visit latinprayer.org and its subdomains, including the account portal at my.latinprayer.org (“the website”). For the Latin Prayer iOS app, see our App Privacy Policy.

We process as little data as possible. The website exists to provide information about the Latin Prayer app and to host prayer content.

The terms used in this policy are not gender-specific.

Controller

Dushan Wegner

Calle Maria Cristina no 38, 2o Piso

ES-38004 Santa Cruz de Tenerife

Spain

Email: dushan@dushan.org

What We Process

Server log files

latinprayer.org is hosted by Cloudways by DigitalOcean. Their privacy policy is here: digitalocean.com/legal/privacy-policy

When you visit the website, our hosting provider automatically collects:

  • IP address (anonymized where possible)
  • Date and time of access
  • Pages requested
  • Browser type and version
  • Operating system
  • Referring URL

This data is necessary to deliver the website and to ensure its security (e.g. detecting attacks). We do not combine server logs with other data sources.

Legal basis: Legitimate interest in providing and securing the website (Art. 6(1)(f) GDPR).

Retention: Server logs are deleted automatically by our hosting provider per their retention policy, typically within 30 days.

Cookies

The website may set technically necessary cookies required for basic website functionality (e.g. session handling by WordPress). We do not use cookies for tracking, analytics, advertising, or profiling.

No cookie consent banner is required because we only use strictly necessary cookies.

Legal basis: Legitimate interest in operating the website (Art. 6(1)(f) GDPR).

Contact by email

If you contact us at dushan@dushan.org, we process your email address and the content of your message to respond to your inquiry. We do not use your email for marketing or share it with third parties.

Legal basis: Legitimate interest in answering inquiries (Art. 6(1)(f) GDPR), or performance of a contract / pre-contractual measures if your inquiry relates to a purchase (Art. 6(1)(b) GDPR).

Retention: Email correspondence is retained for as long as necessary to handle your inquiry, and up to 3 years thereafter for legal documentation purposes.

Sign-In Services

The account portal at my.latinprayer.org offers an optional sign-in feature for cross-device sync of notes, bookmarks, and vocabulary progress. Sign-in is provided by third-party identity providers:

  • Sign in with Apple — Apple sends us your Apple-issued unique user identifier and (on first sign-in only) the email address you authorize Apple to share. Apple’s privacy policy applies to the sign-in flow itself: https://www.apple.com/privacy
  • Sign in with Google — Google sends us your Google account identifier (a non-human-readable sub claim), your email address, and your profile name. Google’s privacy policy applies to the sign-in flow itself: https://policies.google.com/privacy
  • Email magic-link — if you sign in by email, we receive the email address you enter, and we send you a one-time tap-to-sign-in link via MXroute, our transactional-email provider (see MXroute under Third-Party Services below).

What we do with this data:

  • Create a Latin Prayer account identified by your provider and the identifier they send. We do not store passwords; authentication is delegated to Apple, Google, or the email magic-link.
  • Tie your synced notes, bookmarks, and vocabulary progress to that account so they appear across your devices.
  • Display your email address back to you on the account page so you know which account you are signed in to.

What we do NOT do with this data:

  • We do not sell, rent, or share it with any third party for any purpose.
  • We do not use it for advertising, profiling, or analytics.
  • We do not access any other data from your Apple or Google account beyond what is listed above. We do not request access to your contacts, files, calendar, drive, photos, or any other API scope.

Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Storage: sign-in data and synced content are stored in our PostgreSQL database hosted in the European Union (Hetzner, Helsinki). We use TLS encryption for all data in transit and standard server hardening (firewall, automatic security updates) for data at rest.

Account deletion: to delete your account and all associated synced content, email dushan@dushan.org with the subject “Delete my account”. We will confirm the deletion and complete it within 30 days.

Legal basis: Performance of a contract with the user (Art. 6(1)(b) GDPR) — the sync feature is an explicit service the user signs up for.

Retention: Account data is retained as long as the account is active; deleted within 30 days of an account-deletion request, except where legal retention obligations require otherwise.

What We Do NOT Process

  • No 3rd-party analytics scripts (like Google Analytics)
  • No avoidable saving of identifiable data
  • No advertising or remarketing
  • No mandatory user accounts (the website is fully usable without signing in; sign-in is optional, see Sign-In Services above)
  • No social media plugins that transmit data
  • No comment functionality
  • No embedded third-party content that tracks visitors

Third-Party Services

Web Hosting

The website is hosted on a web server operated by a professional hosting provider. The provider processes server log data on our behalf to deliver the website.

Legal basis: Legitimate interest in reliable website hosting (Art. 6(1)(f) GDPR).

Content Delivery / Security

If a content delivery network (CDN) or security service is used (e.g. Cloudflare), it may process IP addresses and request metadata to deliver content efficiently and protect against attacks.

Legal basis: Legitimate interest in fast, secure content delivery (Art. 6(1)(f) GDPR).

Apple App Store

The website links to the Latin Prayer app on the Apple App Store. If you follow that link, Apple’s privacy policy applies: https://www.apple.com/privacy

MXroute (Transactional Email Provider)

If you use the email magic-link sign-in on my.latinprayer.org, MXroute LLC (Texas, US) delivers the one-time sign-in email. Only your email address and the link itself are shared with them, solely to deliver that single message. MXroute’s published terms + privacy notice: https://mxroute.com/terms (Privacy section near the bottom).

Data Transfers to Third Countries

Some service providers (e.g. CDN, hosting infrastructure, MXroute in the United States) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) or an adequacy decision by the European Commission (Art. 45 GDPR).

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — You can request information about what data we hold about you.
  • Right to rectification (Art. 16 GDPR) — You can request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) — You can request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR) — You can request that processing be limited under certain conditions.
  • Right to data portability (Art. 20 GDPR) — You can request your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR) — You can object to processing based on legitimate interests at any time, for reasons arising from your particular situation.
  • Right to withdraw consent (Art. 7(3) GDPR) — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority. The competent authority for Spain is the Agencia Espanola de Proteccion de Datos (AEPD), https://www.aepd.es.

To exercise any of these rights, contact us at: dushan@dushan.org

Data Security

We use SSL/TLS encryption (HTTPS) to protect data transmitted between your browser and our server. We select hosting providers and services that implement appropriate technical and organizational security measures.

Children

The website does not knowingly collect data from children under 16. The website contains no interactive features that would require age verification.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. The current version always applies.

This policy applies to the website latinprayer.org (and its subdomains). For the Latin Prayer iOS app, see our App Privacy Policy.

Mark · 9 · 1 — daily verse
MMXXVI