Privacy Notice

Last updated: 2026-05-26

Your parish or diocese decides who may access sacramental records in the platform and remains responsible for the sacramental register. Wyloks is the software provider: we operate Sacrament Registry as a data-processing service on your community's instructions. We do not replace the parish books, act as the definitive ecclesiastical archive, or assert custody over the register beyond what your community delegates through using the service.

We handle these records with care for their pastoral and historical importance. We also follow the technical and legal safeguards described in this notice.

This notice explains how personal and sacramental data is collected, used, shared, and protected when parishes and dioceses use Sacrament Registry to keep registers, issue certificates, manage access, and handle related office tasks. It is for clergy, parish staff, diocesan colleagues, and parishioners whose names or details may appear in sacramental books held on the service.

For a plain-language trust overview, see Data Protection & Trust.

1) Who We Are

Sacrament Registry is a software service developed and operated by Wyloks Ltd, a company registered in the United Kingdom. The service is provided to Catholic parishes and dioceses for the management of sacramental records.

Our work is software that supports the parish books: secure entry, search, certificates, and keeping sacramental entries in good order, in line with how pastors and parish offices already work day to day.

For privacy enquiries, contact: info@sacramentregistry.com.

1A) Sacramental registers and church practice

Catholic parishes have long maintained sacramental registers as part of their pastoral and canonical responsibilities. For Latin Catholic parishes, Canon 535 of the Code of Canon Law outlines the keeping and safeguarding of parish sacramental records. Sacrament Registry is designed to support parishes in fulfilling these administrative and custodial responsibilities alongside applicable civil privacy obligations.

Particular law and Eastern Catholic norms may differ by jurisdiction.

1B) Marriage preparation cases

Sacrament Registry includes Marriage Preparation Case Management so parishes can organise pre-nuptial enquiry work from intake through to linking a celebrated marriage in the matrimony register. This is a separate workflow from the sacramental register book itself.

Why parishes use it

To record planned marriage details, document checklists, secure uploads, pastoral notes, and status tracking while couples are being prepared for marriage.
To capture per-party pre-nuptial enquiry information (including priest-confidential material marked confidential on standard enquiry forms) in a parish-controlled workspace.
To support priests and parish staff in moving a case toward readiness to marry and, when appropriate, linking it one-way to the matrimony register entry after the wedding.

Who may see preparation data

Access follows roles assigned by your parish or diocese. Some fields are parish operational (for example identity, contact, and checklist progress) and may be visible to authorised administrators and secretaries.
Priest-confidential enquiry fields, prior-marriage details, and classified notes or documents are restricted to priests with appropriate access — not to general parish administrators or secretaries.
Parish viewers without an assigned preparation role do not have access to marriage preparation cases.

Physical files may remain authoritative. Parishes may continue to keep wet-signature pre-nuptial enquiry forms, sealed copies, delegation records, and other paper held in parish files. Digital capture in Sacrament Registry supports day-to-day workflow but does not replace those physical records or your parish’s custody of them unless your diocesan policy says otherwise.

Some canonical steps (for example printable tri-fold enquiry forms for sign and seal, formal delegation tracking, and notification to a baptism parish) are planned in later releases. Until then, parishes should continue any paper or diocesan processes your community already follows.

2) Data We Process

Depending on how the platform is used, we may process the following categories of information:

Personal and contact details

Identity and contact details (such as name, telephone, email, and postal address) for staff, parishioners, or others whose information is entered during normal register work.

Sacramental register information

Details recorded in parish sacramental books, including baptism, First Holy Communion, confirmation, holy orders, and matrimony, together with related information usually kept for parishioners.

Marriage preparation case information

Marriage preparation case details (planned marriage, witnesses, checklist status, workflow history, and optional link to a matrimony register entry).
Per-party pre-nuptial enquiry fields, including operational identity and contact data and priest-confidential enquiry material where entered.
Uploaded preparation documents, classified notes, and security audit events relating to preparation cases.

Parish and diocesan access governance

Parish and diocesan context, user accounts, and roles or permissions that decide who may view or change given records.

Technical and service-related data

Technical and security-related events (such as sign-in activity, device or network identifiers where collected, and audit logs used to protect integrity and availability).
Correspondence you send when you contact us for support or account assistance.

Who may see parish or diocesan material in the platform follows role assignments from your parish or diocese. We provide the system and do not override those access decisions.

3) Why We Process Data

We process personal data to:

maintain sacramental records
manage marriage preparation cases from parish intake through register linking
issue and verify certificates
enforce secure and role-based access
monitor and protect platform security
meet legal and regulatory obligations

4) Legal Basis

Where required under applicable data protection and privacy laws in your jurisdiction, processing is based on one or more of the following. As an example, under the GDPR or UK GDPR in the EEA and UK, the parish or diocese is typically the controller and we act as data processor on documented instructions:

provision of requested services
compliance with legal obligations
legitimate interests in secure recordkeeping and fraud prevention
consent, where consent is specifically collected

6) International Data Transfers

Where information is transferred internationally, we use recognised legal and technical safeguards appropriate to the jurisdiction involved.

We also apply contractual, organisational, and technical measures required by applicable law so personal data is protected in transit and at its destination.

6A) Data Location Transparency

Application hosting region: Fly.io primary region jnb (Johannesburg, South Africa).
Managed data services: Supabase Postgres and private storage endpoints configured on eu-west-1 infrastructure.
Infrastructure providers are selected for published privacy and security commitments; cross-border processing is covered by safeguards appropriate to the laws that apply.

7) Retention

We keep personal data only as long as needed for operations, law, audit, and church duties that apply to your records.

8) Your Rights

Depending on your location and applicable law, and subject to legal limits, you may request:

access to your personal data
correction of inaccurate data
deletion (where legally permissible)
restriction or objection to processing (where applicable)
data portability (where applicable)
withdrawal of consent for consent-based processing

9) How to Submit a Request

To submit a privacy or data rights request, contact info@sacramentregistry.com.

We may ask for identity verification before completing your request. We aim to acknowledge requests promptly and respond within applicable legal timeframes.

10) Security

We apply technical and organisational measures to protect personal data, including authenticated access controls, role-based authorisation, encrypted transport, and operational monitoring.

11) Complaints

If you have concerns about how your data is handled, contact us at info@sacramentregistry.com.

You may also lodge a complaint with your local or national data protection authority where applicable.

12) Changes to This Notice

We may update this Privacy Notice from time to time. Material updates will be communicated through official channels, including the application when appropriate.