Privacy Notice
Last updated: 2026-05-11
Your parish or diocese decides who may access sacramental records in the platform and remains responsible for the sacramental register. Wyloks is the software provider: we operate Sacrament Registry as a data-processing service on your community's instructions. We do not replace the parish books, act as the definitive ecclesiastical archive, or assert custody over the register beyond what your community delegates through using the service.
We handle these records with care for their pastoral and historical importance. We also follow the technical and legal safeguards described in this notice.
This notice explains how personal and sacramental data is collected, used, shared, and protected when parishes and dioceses use Sacrament Registry to keep registers, issue certificates, manage access, and handle related office tasks. It is for clergy, parish staff, diocesan colleagues, and parishioners whose names or details may appear in sacramental books held on the service.
For a plain-language trust overview, see Data Protection & Trust.
1) Who We Are
Sacrament Registry is a software service developed and operated by Wyloks Ltd, a company registered in the United Kingdom. The service is provided to Catholic parishes and dioceses for the management of sacramental records.
Our work is software that supports the parish books: secure entry, search, certificates, and keeping sacramental entries in good order, in line with how pastors and parish offices already work day to day.
For privacy enquiries, contact: info@sacramentregistry.com.
1A) Sacramental registers and church practice
Catholic parishes have long maintained sacramental registers as part of their pastoral and canonical responsibilities. For Latin Catholic parishes, Canon 535 of the Code of Canon Law outlines the keeping and safeguarding of parish sacramental records. Sacrament Registry is designed to support parishes in fulfilling these administrative and custodial responsibilities alongside applicable civil privacy obligations.
Particular law and Eastern Catholic norms may differ by jurisdiction.
2) Data We Process
Depending on how the platform is used, we may process the following categories of information:
Personal and contact details
- Identity and contact details (such as name, telephone, email, and postal address) for staff, parishioners, or others whose information is entered during normal register work.
Sacramental register information
- Details recorded in parish sacramental books, including baptism, First Holy Communion, confirmation, holy orders, and matrimony, together with related information usually kept for parishioners.
Parish and diocesan access governance
- Parish and diocesan context, user accounts, and roles or permissions that decide who may view or change given records.
Technical and service-related data
- Technical and security-related events (such as sign-in activity, device or network identifiers where collected, and audit logs used to protect integrity and availability).
- Correspondence you send when you contact us for support or account assistance.
Who may see parish or diocesan material in the platform follows role assignments from your parish or diocese. We provide the system and do not override those access decisions.
3) Why We Process Data
We process personal data to:
- maintain sacramental records
- issue and verify certificates
- enforce secure and role-based access
- monitor and protect platform security
- meet legal and regulatory obligations
4) Legal Basis
Where required under applicable data protection and privacy laws in your jurisdiction, processing is based on one or more of the following. As an example, under the GDPR or UK GDPR in the EEA and UK, the parish or diocese is typically the controller and we act as data processor on documented instructions:
- provision of requested services
- compliance with legal obligations
- legitimate interests in secure recordkeeping and fraud prevention
- consent, where consent is specifically collected
6) International Data Transfers
Where information is transferred internationally, we use recognised legal and technical safeguards appropriate to the jurisdiction involved.
We also apply contractual, organisational, and technical measures required by applicable law so personal data is protected in transit and at its destination.
6A) Data Location Transparency
- Application hosting region: Fly.io primary region jnb (Johannesburg, South Africa).
- Managed data services: Supabase Postgres and private storage endpoints configured on eu-west-1 infrastructure.
- Infrastructure providers are selected for published privacy and security commitments; cross-border processing is covered by safeguards appropriate to the laws that apply.
7) Retention
We keep personal data only as long as needed for operations, law, audit, and church duties that apply to your records.
8) Your Rights
Depending on your location and applicable law, and subject to legal limits, you may request:
- access to your personal data
- correction of inaccurate data
- deletion (where legally permissible)
- restriction or objection to processing (where applicable)
- data portability (where applicable)
- withdrawal of consent for consent-based processing
9) How to Submit a Request
To submit a privacy or data rights request, contact info@sacramentregistry.com.
We may ask for identity verification before completing your request. We aim to acknowledge requests promptly and respond within applicable legal timeframes.
10) Security
We apply technical and organisational measures to protect personal data, including authenticated access controls, role-based authorisation, encrypted transport, and operational monitoring.
11) Complaints
If you have concerns about how your data is handled, contact us at info@sacramentregistry.com.
You may also lodge a complaint with your local or national data protection authority where applicable.
12) Changes to This Notice
We may update this Privacy Notice from time to time. Material updates will be communicated through official channels, including the application when appropriate.