Privacy Policy
Effective May 28, 2026
This Privacy Policy explains how Munch Development, LLC (“Munch Development,” “we,” “us”) collects, uses, and protects information when you use the Unitas mobile and web applications (collectively, the “Service”). Unitas is a white-label Catholic parish platform licensed to parishes and dioceses (each, a “Parish Customer”).
1. Roles
For data you submit to your Parish Customer (profile, scheduling availability, ministry assignments, RSVPs, sub requests), the Parish Customer is the “controller” and Munch Development acts as a “processor” on the Parish Customer’s behalf. For account, billing, and product telemetry data, Munch Development is the controller.
2. Information We Collect
- Account & identity: name, email, profile photo, language and appearance preferences, parish affiliation, role (admin, leader, member), qualifications, and ministry memberships.
- Authentication: Google and Apple OAuth identifiers, magic-link tokens, one-time passcodes, password hashes, JWT access and refresh tokens, device identifiers used to sign you in.
- Scheduling & participation: Mass and event RSVPs, assignments, availability windows, blackout dates, substitution requests, chat messages with your ministry team.
- Communications: email and push-notification delivery records, notification preferences, support tickets, and bug reports (including screenshots you choose to attach).
- Billing (Parish admins only): Stripe customer and subscription identifiers, plan tier, status, and invoices. Card numbers are handled directly by Stripe — we never see or store them.
- Media: bulletins, sermons, audio, and images you or your Parish upload, stored in Amazon S3 (Amazon Web Services). Video content is embedded via third-party links (e.g. YouTube, Vimeo, Rumble) and is not hosted by us.
- Device & usage: app version, OS, device model, locale, IP address, crash reports and performance traces (Sentry), and basic request logs.
3. How We Use Information
- Operate and provide the Service to you and your Parish Customer.
- Authenticate you and keep your account secure.
- Send transactional messages — assignment notifications, reminders, substitution requests, magic links, and OTP codes.
- Process subscription payments and manage parish billing through Stripe.
- Diagnose crashes and improve reliability (Sentry).
- Enforce our Terms of Use and comply with legal obligations.
4. Sharing
We share information with:
- Your Parish Customer — admins and ministry leaders can see your role-relevant profile, availability, and assignment data.
- Sub-processors acting on our instructions: MongoDB Atlas (database), Upstash (queues/cache), Resend (email), Stripe (payments), Amazon S3 (Amazon Web Services) (media), Sentry (error monitoring), Apple and Google (sign-in), and our cloud hosting provider.
- Legal & safety: when required by law or to protect rights, safety, or property.
- Business transfers: in connection with a merger, acquisition, or asset sale, subject to this Policy.
We do not sell personal information and do not use it for cross-context behavioral advertising.
5. Retention
We retain account and parish data for as long as your account is active. When a Parish Customer terminates service, we delete or return Parish data within 90 days of termination, except as required by law. Backups age out within 35 days. Bug reports and support tickets are kept for up to 24 months.
6. Your Choices & Rights
- Access, update, or delete your profile in the app.
- Turn notifications on or off per channel and category.
- Request a copy of your data, correction, deletion, or portability by emailing privacy@getunitas.com. For data your Parish Customer controls, we will forward the request to them.
- Residents of California, the EU/EEA, the UK, and other jurisdictions with equivalent rights may also object to or restrict processing, and lodge a complaint with their supervisory authority.
7. Children
The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). Parishes may invite minors to volunteer with appropriate guardian consent; in that case, the Parish Customer is responsible for obtaining and recording consent.
8. International Transfers
We process data in the United States. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
9. Security
We use TLS in transit, encryption at rest, role-based access controls, defense-in-depth tenant scoping, rate limiting, and audit logging. No system is perfectly secure; you are responsible for protecting your credentials.
10. Changes
We will update the effective date above when this Policy changes and notify Parish admins of material changes by email.
11. Contact
Munch Development, LLC
www.munchdevelopment.com
Privacy questions: privacy@getunitas.com
General: hello@getunitas.com