Privacy Policy

Last Updated: March 13, 2025

1. Introduction

This Privacy Policy describes how your personal information is collected, used, and shared when you use our volunteer management platform (the "Service"). This policy applies to all users of the Service, including administrators, owners, and volunteers.

We are committed to protecting your personal information and your right to privacy. If you have any questions about our privacy practices, please contact us using the information provided at the end of this policy.

2. Information We Collect

2.1 Personal Information

When you register for an account or are added to the Service by an organization administrator, we collect:

Contact Information: Name, email address, phone number, and physical address
Account Information: Username, password (stored in encrypted form), and account type
Profile Information: Profile photo (optional), timezone preferences
Billing Information: For paid subscriptions, payment details processed through our payment processor

2.2 Usage Information

When you use our Service, we automatically collect:

Log Data: IP address, browser type, operating system, page views, time spent on pages, and other usage statistics
Device Information: Information about the device used to access our Service
Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service and maintain certain information

2.3 Volunteer Information

For volunteers added to the Service by organization administrators:

Schedule Information: Availability, assigned tasks, event participation history
Group Membership: Organizational groups and teams the volunteer belongs to
Communications: Substitution requests, schedule notifications, and other service-related communications

3. How We Use Your Information

We use the information we collect primarily to provide, maintain, and improve our Service. Specifically, we use your information to:

3.1 Provide the Service

Create and manage user accounts
Process and fulfill subscription plans
Facilitate event scheduling and volunteer management
Enable communication between administrators and volunteers
Generate and distribute schedules

3.2 Improve and Develop the Service

Understand how users interact with our Service
Identify and fix technical issues
Develop new features and functionality
Analyze usage patterns to improve user experience

3.3 Communicate with You

Send service-related communications, such as schedule notifications and substitution requests
Provide customer support and respond to inquiries
Send updates about changes to our Service, policies, or terms
With your consent, send marketing communications about our Service

3.4 Ensure Security and Compliance

Protect the security and integrity of our Service
Verify accounts and activity
Prevent fraud and abuse
Comply with legal obligations

4. How We Share Your Information

4.1 Within Organizations

Organization owners and administrators have access to volunteer information within their organization
Volunteer information (such as name, contact information, and schedule) is visible to administrators and, in limited form, to other volunteers within the same organization

4.2 With Service Providers

We share information with third-party service providers who help us operate, provide, and improve our Service:

Payment Processors: We use Stripe to process subscription payments
Email Service Providers: We use AWS SES to send emails
Analytics Providers: We use Google Analytics to understand Service usage
Error Tracking: We use Sentry for application monitoring and error tracking

4.3 For Legal Reasons

We may disclose your information:

In response to a legal request if we believe disclosure is in accordance with applicable law
To protect the rights, property, and safety of our Service, our users, or the public
In connection with a business transfer, such as a merger, acquisition, or asset sale

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may retain certain information:

As necessary to comply with our legal obligations
To resolve disputes
To enforce our agreements
For backup, archival, or audit purposes

When an organization administrator deletes a volunteer account, the information may be retained for a period before being permanently deleted to allow for recovery if the deletion was made in error.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Control

You may have the right to:

Access the personal information we have about you
Correct inaccurate or incomplete information
Request deletion of your personal information
Export your data in a portable format
Restrict or object to certain processing of your data

To exercise these rights, please contact your organization administrator or us directly using the contact information provided below.

6.2 Account Information

If you are a volunteer whose account was created by an organization administrator, some of your information is controlled by that organization. In such cases, you should direct your privacy requests to your organization administrator first.

6.3 Marketing Communications

You may opt out of marketing communications by following the unsubscribe instructions included in these messages or by contacting us.

6.4 Cookies and Tracking Technologies

You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, some parts of the Service may not function properly without cookies.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. However, no internet-based service can be 100% secure, and we cannot guarantee the security of your personal information transmitted to our Service.

7.1 Security Measures

Our security practices include:

Encryption of passwords and sensitive data
Secure SSL/TLS connections
Regular security assessments
Access controls and authentication requirements
Employee training on data privacy and security

7.2 Your Responsibility

You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account. If you believe your account has been compromised, please contact us immediately.

8. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can delete such information.

9. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

If you are located outside the country where our servers are located, be aware that your information may be transferred to, stored, and processed by us and our service providers in countries where data protection laws may differ from those in your jurisdiction.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

You can see when this Privacy Policy was last updated by checking the "Last Updated" date at the top of this page. Your continued use of our Service after any modification to this Privacy Policy will constitute your acceptance of such modification.

11. Contact Information

If you have questions about this Privacy Policy or our privacy practices, or if you wish to exercise your rights regarding your personal information, please contact us at:

[Your Company Name] Email: [Contact Email] Address: [Company Address]

12. Specific Privacy Rights

12.1 California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) regarding your personal information, including:

The right to know what personal information we collect, use, disclose, and sell
The right to request deletion of your personal information
The right to opt-out of the sale of your personal information
The right to non-discrimination for exercising your privacy rights

12.2 European Privacy Rights

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR) or applicable data protection laws, including:

The right to access your personal data
The right to rectification of inaccurate personal data
The right to erasure of your personal data
The right to restriction of processing
The right to data portability
The right to object to processing
Rights related to automated decision-making and profiling

To exercise these rights, please contact us using the information provided in Section 11.

13. Legal Basis for Processing (for EEA Users)

If you are located in the EEA, our legal basis for collecting and using your personal information depends on the specific information concerned and the context in which we collect it. We generally rely on the following legal bases:

Contract: Processing is necessary to perform our contract with you
Legitimate Interests: Processing is necessary for our legitimate interests
Consent: You have given us consent to process your personal information
Legal Obligation: Processing is necessary to comply with our legal obligations

Where we rely on your consent to process your personal information, you have the right to withdraw your consent at any time.