Privacy Policy

Last updated: January 25, 2021

1. Overview

This Privacy Policy outlines how Glass Canvas Media Inc. (“we” or “us”) collects and uses our user’s (“you” or “your”) personal information, which we gather from our websites, services, and desktop and mobile applications (collectively referred to as “Tilma” or “Tilma Platform”). Terms used in this Privacy Policy have the same meanings as in our Terms of Use.

We strive to ensure that any personal data we collect about you will be held and processed strictly in accordance with applicable data protection legislation, as set out in this notice. This Privacy Policy also describes the choices you have regarding personal data we’ve collected about you. “Personal information” or “personal data” is any information that can be used to contact or identify a single individual. Data processed by Tilma can be classified in two ways:

  1. Data that has been collected by us for our own purposes.
  1. Data collected by our customers and used for their purposes. For example, your parish may collect data about you and use this data to communicate with you.

This policy specifically covers data that is collected by us. We are not responsible for, nor do we have control over, the use of data that is collected by customers and users of Tilma.

2. How We Collect Personal Information

We collect several different types of personal data, which we use as described in this Privacy Policy (See “How We Use Personal Information,” below). For instance, we collect data:

2.1 During Signup

When you sign up for Tilma, we ask you to provide us with personal data, including but not limited to the following:

  • The name of the Organization (i.e., Parish) you are affiliated with
  • Your email address
  • Your first name and last name
  • Cookies and Usage Data (discussed below)

We use this information for creating and administering your account. We also may use this information to contact you and send you newsletters, or other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by clicking on the unsubscribe link in the emails, by contacting the Tilma customer you are associated with (e.g. your parish), or by contacting our support team at

2.2 Automatically while you are using Tilma

We also automatically collect information on how Tilma is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages that you use/visit, the time and date of your visit or use, the time spent on those pages or features of Tilma, unique device identifiers and other diagnostic data. We use this data to analyze Tilma’s performance in order to make our services more effective.

2.3 Through the Use of Cookies

We use cookies and similar tracking technologies to track the activity on Tilma and we retain this information to provide and improve Tilma.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze Tilma.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of Tilma. Examples of Cookies we use:

2.3.1 Essential Cookies

These cookies are essential to provide you with Tilma. For example, they allow you to log in.

2.3.2 Functionality Cookies

These cookies allow us to remember choices you make, or to provide certain features, such as enabling videos from third parties.

2.3.3 Analytics and Performance Cookies

These cookies are used to collect information about traffic to our Services and how users use our Services. For example, these cookies are used to determine if you viewed a page or opened an email. This helps to provide you with information that you find interesting.

2.3.4 Google Analytics

We use Google Analytics only to improve the functionality and experience of our services. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Please refer to Google’s Privacy Policy for more information. You may also choose to download the Google Analytics opt-out browser add-on.

2.3.5 Advertising and Targeting Cookies

These cookies are used to deliver advertisements more relevant to you and your interests. They remember that you have visited a website and this information is shared with other organizations such as advertisers.

Google Ads

We also may use Google Ads to deliver tailored advertising on our Sites and other websites that you may visit.

2.3.6 Opting out of Cookies

There are a number ways to limit the cookies that your browser accepts or limit the way in which they’re used.

One way to limit cookies is by opting out of third party cookies/advertising networks, Google Analytics and the Digital Advertising Alliance. If you are in Canada or the EU you can use the DAAC’s, or EDAA’s respectively. Some people use what are called “Ad Blockers” to limit advertising/tracking.

Another way of limiting cookies is by controlling cookies in your web browser’s settings. Opting out of cookies using this method will limit your ability to use our Services and may make the ads you see less relevant to your interests.

2.4 When you choose to provide us with information

You may choose to provide us with personal information while interacting with us in various ways. For example, when you fill out a form to register for an event, submit a request for help or process a donation.

3. How We Use Personal Information

We do not sell your personal data to others. We use collected information for the following general purposes:

  • In order to provide the services and fulfill our obligations pursuant to the Terms of Service. For example, we cannot provide our services without an email address to sign into your account
  • To personalize your experience and to allow the application to deliver the type of content and product offerings in which you are most interested
  • Where necessary to comply with a legal obligation, a court order, or to exercise and defend legal claims
  • To protect your vital interests, or those of others, such as in the case of emergencies
  • To notify you about changes to Tilma
  • To provide customer support
  • To detect, prevent and address technical issues
  • For billing purposes
  • To identify and authenticate users
  • To prevent fraud, spam and abuse
  • Where you provide consent (for example, to join email mailing lists)

4. Service Providers

We share information with third parties who provide services on our behalf to help with our business activities and to provide Tilma. These companies are authorized to use your personal information only for the sole purpose of providing services to us. These services include, but are not limited to the following:

  • Processing payments
  • Providing customer service
  • Sending marketing communications
  • Fulfilling subscription services
  • Conducting product research and analysis
  • Providing and maintaining a cloud computing environment
  • Fixing bugs

We use third-parties to monitor and analyze the use of Tilma. However, these services are configured in such a way that the third parties are not allowed to use your activity for their own purposes, such as personalizing ads on other websites. A list of these service providers is available here.

5. Security of Data

Tilma websites are scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

A variety of security measures have been implemented when a user makes a donation, enters, submits, or accesses their information to maintain the safety of your personal information. All credit card transactions are processed through a gateway provider and card data/information is not stored or processed on Tilma servers.

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. More information about this can be found in our Security Policy. If you have any questions about the security of your personal information, you can contact us at

If a breach of data occurs within Tilma, we will inform you via a notification posted within Tilma and via email at your last listed email address within 30 business days of discovering the breach. By using Tilma, you acknowledge and agree that we may send you electronic notifications via email instead of notifications by mail.

6. Retention of Data

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. We will also retain Usage Data for internal analysis purposes.

Certain data acquired by our customers, such as sacramental records, may need to be retained indefinitely in order to comply with certain information lifetime management (ILM) regulations.

7. Disclosure of Data

7.1 Business Transaction

If we are involved in a merger, acquisition or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.

7.2 Disclosure for Law Enforcement

Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

7.3 Legal Requirements

We may disclose your personal data if such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of our company
  • Prevent or investigate possible wrongdoing in connection with Tilma
  • Protect the personal safety of users of Tilma or the public
  • Protect against legal liability

8. Your Rights

8.1 In General

Upon request, we will provide you with information about your personal data (such as the categories of personal information that we have collected about you, the specific pieces of personal data that we have collected about you, and the categories of sources from which your personal information is collected). You may request access, correct, request the deletion of, or object to our use of your personal information by contacting us at or by calling +1 (236) 301-8165. If you email us, please include “Personal Data Inquiry” as the subject line. Please note that we may ask you to verify your identity before responding to such requests. We will respond to your request within a reasonable timeframe and as set forth by the applicable laws.

We have listed the privacy rights for several jurisdictions below, but we understand you may have additional rights in your jurisdiction. You may contact us directly at any time about exercising your data protection rights. We will consider your request in accordance with applicable laws.

In certain circumstances, we may be required by law to keep your personal information, or we may need to retain your personal information in order to continue providing Tilma. Please note that we can only provide you with information about your personal data that we collect and use. We do not have control over, or information about, your personal data that other users collect or use.

8.2 Your Data Protection Rights under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal data. If you wish to be informed about what personal data we hold about you and if you want it to be removed from our systems, please contact us at or by calling +1 (236) 301-8165. If you email us, please include “Personal Data Inquiry” as the subject line. In certain circumstances, you have the following data protection rights:

  • The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your personal data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests. If we don’t resolve your concern in a reasonable time frame, you have the right to lodge a complaint with your local supervisory authorities.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

8.4 Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

If you are a California consumer, you have the following rights under the CCPA:

  • The right to know what personal information is being collected about you.
  • The right to know whether your personal information is sold or disclosed and to whom.
  • The right to say no to the sale of personal information.
  • The right to access your personal information.
  • The right, in certain circumstances, to delete the information you have provided to us.
  • The right to equal service and price, even if you exercise your privacy rights.

Request for Information and Deletion (CCPA). California consumers have the right to request, up to twice in a 12-month period, that a business that collects personal information about the consumer disclose to the consumer the information listed below for the preceding 12 months. We have the right to request verification of your identity for all requests for information.

  • The categories of personal information it has collected about that consumer.
  •  The categories of sources from which the personal information is collected.
  • The business or commercial purpose for collecting or selling personal information.
  •  The categories of third parties with whom the business shares personal information.
  • The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.
  • The categories of personal information that the business disclosed about the consumer for a business purpose.
  • The specific pieces of personal information it has collected about that consumer.

To make such a request, please contact us at or by calling +1 (236) 301-8165. If you email us, please include “Personal Data Inquiry” as the subject line.

Do Not Sell My Personal Information (CCPA). California consumers have the right to opt out of the sale of the consumer’s personal information. We do not sell your personal information to third parties.

9. Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal data we collect and the specific context in which we collect it. We may process your personal data because:

  • We need to perform a contract with you
  • You have given us permission to do so
  • The processing is in our legitimate interests and it is not overridden by your rights
  • To comply with the law

10. Transfer of Data

Your information, including personal data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States or Canada and choose to provide information to us, please note that we transfer the data, including personal data, to the United States and Canada.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

11. "Do Not Track" Signals

We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in some web browsers to inform websites that you do not want to be tracked.

13. Children’s Use of Tilma

In order to use Tilma, you must be old enough to consent to the collection of your personal data in your country. Tilma is not intended for children under 13 years of age (or 16 years of age for those who reside in the EU), and we do not knowingly collect information from anyone under these ages. If you are under these ages, do not use or provide any information about yourself on Tilma or through any of its features.

While we do not specifically market to children under the age of 13 years old, data may still be transferred into the system from our customers, such as a parish, diocese or school. In some cases, the parish, parents, or legal guardians may choose to enter information into the system in order to complete family and/or sacramental records.


We may periodically revise and update this Policy at our sole discretion. All changes are effective immediately when we post them, and apply to all access to and use of Tilma thereafter. Your continued use of Tilma, following the posting of the revised Privacy Policy, means that you accept and agree to the changes. You are expected to check this page from time to time so you are aware of any changes.

Any questions about this Privacy Policy should be addressed to our support team at by calling +1 (236) 301-8165.