LEGAL
GDPR COMPLIANCE
Last updated: July 12, 2026
This page explains how PopesandPawns.com (“the Site”) processes personal data in accordance with the EU General Data Protection Regulation ("GDPR"). It is maintained by the Site owner as a practical guide for users. It is not a legal contract, certification, or substitute for legal advice.
The Site is the property of Carl Sarfi and is operated by Bullet Proof Marketing Systems, Inc., operating under the tradename Ryzenda (the “data controller” or “we,” “us,” “our”).
Data we collect and why
We collect only the personal data necessary to provide the Site and its services:
- Account information — your name and email address when you register or sign in. This is necessary to create and secure your account (legal basis: performance of a contract and legitimate interest).
- Prayer requests and testimonies — content you voluntarily submit to community areas. This is based on your consent and is necessary to operate the community features you choose to use.
- Contact form messages — the name, email, and message you send us through the Contact page. This is based on your consent and our legitimate interest in responding to you.
Legal basis for processing
Under GDPR, we rely on one or more of the following legal bases when processing your personal data: your consent; the necessity to perform a contract with you; our legitimate interests in operating and securing the Site; and compliance with a legal obligation.
Your GDPR rights
If you are in the European Economic Area (EEA) or another jurisdiction that recognizes GDPR rights, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) — request deletion of your personal data, subject to legal or operational retention requirements.
- Right to restrict processing — ask us to limit how we use your data in certain circumstances.
- Right to data portability — receive your data in a structured, commonly used, machine-readable format.
- Right to object — object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent — withdraw consent at any time where processing is based on consent.
- Right to lodge a complaint — file a complaint with your local data protection authority if you believe your rights have been violated.
To exercise any of these rights, contact us using the information below. We will respond within the timeframes required by GDPR.
How long we keep your data
We retain your account and community data for as long as you remain a member of the Sanctuary community. You may request permanent deletion of your data at any time; upon verification we will remove your account and associated content from our active systems, unless we are required to keep certain data for legal, security, or accounting purposes.
Third-party service providers
We rely on a limited set of trusted providers to operate the Site. Your personal data is processed by them only to the extent necessary to deliver the services you request:
- Stripe and PayPal — payment processing for memberships and report packs.
- Supabase — database, authentication, and file storage.
- Lovable Cloud — hosting and application infrastructure.
Each provider is responsible for its own compliance practices. We select providers that maintain appropriate technical and organizational safeguards for personal data.
Cookies and tracking
We do not use analytics or tracking cookies beyond what is essential for authentication and session security. Essential cookies are necessary to keep you signed in and protect your account. You can manage or remove cookies through your browser settings; however, disabling essential cookies may prevent you from signing in or using secure areas of the Site.
Data transfers
Some of our service providers may process data outside the European Economic Area. Where this occurs, we rely on the providers' GDPR safeguards, such as Standard Contractual Clauses or equivalent transfer mechanisms, to protect your personal data.
Children
The Site is not directed to children under the age of 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
Changes to this page
We may update this GDPR page from time to time. The “Last updated” date at the top of this page reflects the most recent changes. Continued use of the Site after changes are posted constitutes your acceptance of the revised page.
Contact us
Questions about this GDPR page or requests to exercise your data rights may be sent to support@ryzenda.com, or use the Contact page.