Privacy Policy

1. Who We Are

This website is operated by Our Lady of the Mountain Monastery (“we”, “us”, or “our”). If you have any questions about this policy, you can reach us at sisters@ourladyofthemountain.org.

2. What Data We Collect

• Email address — provided by you when making a donation, used solely to deliver the ebook (PDF and EPUB) to your inbox.
• Payment information — processed entirely by Stripe. We never see, store, or have access to your full card number.
• Usage and analytics data — Meta Pixel may collect anonymised browsing data, but only if you have given explicit cookie consent.
• Technical data — IP address, browser type, and device information collected automatically by our hosting provider (Vercel) for security and performance purposes.

3. How We Use Your Data

• To process your donation and deliver the ebook to your email address.
• To send transactional emails related to your order (via Resend).
• To prevent fraud and abuse (via Stripe Radar and Upstash Redis rate limiting).
• To understand site usage and improve our offering (via Meta Pixel, with your consent).

4. Lawful Basis for Processing (GDPR)

• Contract performance — processing your payment and delivering the ebook you requested.
• Legitimate interest — fraud prevention, site security, and basic analytics.
• Consent — Meta Pixel tracking is loaded only after you have given explicit consent via our cookie banner.

5. Third-Party Processors

We share your data with these service providers, each under their own privacy policy:

• Stripe (San Francisco, USA) — payment processing. Stripe Privacy Policy
• Resend (USA) — transactional email delivery. Resend Privacy Policy
• Vercel (USA) — website hosting and edge functions. Vercel Privacy Policy
• Upstash (USA/EU) — Redis key-value store for rate limiting. Upstash Privacy Policy
• Meta Platforms (USA) — Meta Pixel for analytics (consent required). Meta Privacy Policy

6. International Data Transfers

Some of our processors are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework, as applicable, to ensure adequate protection for your data.

7. Cookies

We use the following types of cookies:

• Strictly necessary — required for the site to function (e.g., cookie consent preference stored in your browser).
• Analytics / Marketing — Meta Pixel cookies, loaded only after you grant consent. You can withdraw consent at any time by clearing your cookies or using the cookie settings on our site.

8. Data Retention

We retain your email address for as long as necessary to fulfil your order and handle any support requests. Stripe retains payment data according to their own retention policies and legal obligations. Analytics data collected by Meta Pixel is governed by Meta’s data retention policies.

9. Your Rights Under the GDPR

If you are in the European Economic Area, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your personal data.
• Restriction — request that we limit processing of your data.
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interest.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at sisters@ourladyofthemountain.org. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

10. Your Rights Under the CCPA (California)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know — what personal information we collect and how it is used.
• Right to delete — request deletion of your personal information.
• Right to opt-out — of the sale or sharing of your personal information.
• Right to non-discrimination — for exercising your CCPA rights.

Do Not Sell My Personal Information

We do not sell your personal information. We do not share personal information with third parties for their direct marketing purposes. Meta Pixel data is only collected with your explicit consent and is used solely for our own analytics — it is not sold.

To submit a CCPA request, email sisters@ourladyofthemountain.org with the subject line “CCPA Request”. We will verify your identity and respond within 45 days.

11. How to Request Deletion

To request deletion of all personal data we hold about you, email sisters@ourladyofthemountain.org with the subject line “Data Deletion Request”. Please include the email address associated with your donation. We will process your request within 30 days and confirm deletion by email. Note that we may need to retain certain data to comply with legal obligations (e.g., financial records for tax purposes).

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically.

13. Contact Us

If you have any questions or concerns about this policy, contact us at: sisters@ourladyofthemountain.org