Legal

Privacy Policy

Last updated: April 24, 2026.

Churches List is a reading-only directory. We collect as little about you as a reference work can, and we never sell what little we do.

1. What this policy covers

This policy applies to https://churcheslist.com, the newsletter, and the owner-claim forms. "Churches List," "we," and "our" mean the editors responsible for this directory. "You" means the reader or the parish representative who uses it.

2. Information we receive

When you visit a page, your browser hands our server the usual HTTP headers: IP address, referring page, user agent, time of request. Cloudflare, our delivery network, logs the same. These logs are retained for 14 days and used to diagnose errors and rate-limit abusive clients.

When you submit a claim or a correction, we receive the fields you enter (name, email, role, notes) and the same request headers above. Those rows live in our own database and are not shared with third parties.

When you subscribe to the Weekly Letter, we receive your email address. We use it only to deliver the letter. Unsubscribing removes the address within 24 hours.

3. Information we do not collect

  • We do not set advertising cookies. We run no ad network.
  • We do not build a profile of your reading history for sale, rental, or "personalization."
  • We do not record your precise geolocation. The home page "Use my location" button asks your browser for coarse coordinates only so the search field can be prefilled with your city; the coordinates are not logged.
  • We do not share your email with any third party for any purpose.

4. Cookies we do set

  • Session cookies — a short-lived token that lets the claim and newsletter forms complete without re-authentication. Expires when you close the browser.
  • XSRF-TOKEN — a cross-site request forgery token required by our forms. Scoped to this domain, expires within two hours.
  • localStorage — your browser, not our servers, stores two small values: the parishes you Save and the city you detected. We have no access to either.

5. Data we publish about parishes

Every parish entry is built from public sources: Google Business Profile, Wikipedia, Wikimedia Commons, OpenStreetMap, and the US Census Bureau. We attribute each third-party source on the parish page. A parish may request removal, correction, or updates at any time; see the Corrections page.

6. Your rights

If you are in the European Economic Area, United Kingdom, or California, you have the right to access, correct, or delete the personal information we hold about you, and to withdraw consent for marketing communications. Write to privacy@churcheslist.com and we will respond within 30 days.

7. Children

Churches List is not directed at children under 13 and we do not knowingly collect information from them.

8. Security

The site runs over TLS end to end. Our database is accessible only from the application server on a private interface. We cannot guarantee perfect security — no one honestly can — but we take it seriously.

9. Changes

We will post changes to this page and update the "Last updated" date above. Material changes (new categories of data, new third-party sharing) will be announced in the Weekly Letter at least 14 days before they take effect.

Questions or requests: write to privacy@churcheslist.com. For editorial matters, use letters@churcheslist.com.