Privacy Policy

Effective Date: September 23rd, 2025

Entity: The Carpocratian Church of Commonality and Equality, Inc. (“Church,” “we,” “us,” or “our”)

1. Scope

This Privacy Policy describes how we process personal information when individuals (“you”) access or use our public website (the “Site”). This Policy does not apply to third-party websites or services linked from the Site.

2. Information We Collect

Server/Network Logs. When you access the Site, our servers (e.g., nginx) automatically record technical data (“Log Data”), which may include IP address, date/time of request, request method/URL/query parameters, HTTP status and size, referrer URL (if provided), and User-Agent string (browser/OS/device).

We use a self-hosted analytics platform (Umami) to measure traffic and usage of the Site. This platform collects limited technical information such as page URL, referrer, user agent, language, and IP address (with anonymization), but does not use tracking cookies, persistent identifiers, or cross-site profiling.

3. Sources of Information

We obtain Log Data automatically from your device and browser when the Site is requested. We may also receive limited technical information from our hosting provider or content delivery network (if used).

4. Purposes of Processing

We process Log Data to operate, secure, and maintain the Site; measure availability and performance (e.g., uptime, error rates); detect, investigate, and mitigate fraud, abuse, and security incidents; and generate aggregated, non-identifiable statistics for capacity planning. We do not use Log Data for targeted advertising or profile building.

We also use analytics data from Umami to understand how visitors use the Site and to improve content, navigation, and performance. This data is analyzed in aggregate form and is not used for advertising or behavioral profiling.

5. Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we process Log Data based on our legitimate interests (Art. 6(1)(f)) in operating a secure, reliable website and preventing abuse, and where necessary to comply with legal obligations (Art. 6(1)(c)).

6. Retention

We retain raw Log Data for 14 days for operational and security purposes, after which it is deleted or anonymized. We may preserve specific logs longer where reasonably necessary to investigate or document a security incident, comply with law, or establish, exercise, or defend legal claims.

7. Disclosures and Recipients

We may disclose personal information to: (a) service providers/processors (e.g., hosting, infrastructure, DDoS protection/CDN) strictly to provide the Site and subject to contractual confidentiality and security obligations; (b) legal and safety recipients, where required by law, subpoena, or court order, or to protect rights, safety, or the integrity of the Site; and (c) corporate governance recipients, such as our officers, directors, counsel, and auditors.

We do not sell or “share” personal information for cross-context behavioral advertising.

Where we use Umami analytics hosted on our own infrastructure (or a service provider), limited technical information may be processed solely to provide website analytics, subject to confidentiality and security obligations.

8. International Transfers

If data is processed outside your jurisdiction, we take appropriate measures under applicable law (e.g., Standard Contractual Clauses for EEA/UK transfers) to protect personal information.

9. Security

We implement reasonable technical and organizational measures appropriate to the risk, including network-level protections, access controls, and log review. No system is 100% secure, and we cannot guarantee absolute security.

10. Your Rights

Your rights depend on your location and applicable law. Subject to limitations, you may have rights to request access, correction, deletion, restriction, objection (including to processing based on legitimate interests), and portability.

How to exercise: See Section 14. We will respond as required by law and may request information to verify your identity.

EEA/UK: You may complain to your local supervisory authority. U.S. state privacy laws: If and when such laws apply to us, you may have rights to know, access, delete, correct, or opt out of certain processing. We do not sell or share personal information. Nonprofit exemptions may apply.

11. Children’s Privacy

The Site is not directed to children under 13 (or the relevant age of digital consent). We do not knowingly collect personal information from children. If you believe a child provided personal information, contact us to request deletion.

12. Do Not Track

We use Umami analytics, which does not rely on cookies or persistent identifiers, but does process limited technical information to provide aggregated usage statistics. Because there is no common industry standard for responding to “Do Not Track” signals, we do not respond to such signals.

13. Changes to This Policy

We may update this Policy from time to time. The “Effective Date” reflects the latest version. Material changes will be posted to the Site.

14. Contact

The Carpocratian Church of Commonality and Equality, Inc.
Attn: Privacy
82 Wendell Ave.
Pittsfield, MA 01201
Email: privacy@carpocratian.org