1 Information We Collect

a. Information You Provide

When you create an account, use CareHub, or interact with Volunteer U services, we may collect:

• Name, email address, and phone number
• Organization name, address, and type
• Profile information (photo, biography, date of birth, skills)
• Care request details and notes entered by your care team
• Messages sent through the Connect messaging feature
• Payment and billing information (processed securely by Stripe)
• Any other information you voluntarily provide through forms

b. Information Collected Automatically

• Device type, operating system, and app version
• IP address and approximate location (city-level)
• Browser type and referral source (web portal)
• App usage patterns, pages visited, and feature interactions
• Push notification tokens (for delivering alerts)
• Crash logs and performance diagnostics

c. Information from Third Parties

If your organization administrator invites you, we receive your name and email address from them. If you sign in using a third-party authentication provider, we receive basic profile information.

2 How We Use Your Information

We use your information to:

• Provide, operate, and maintain the CareHub platform and mobile app
• Process care requests, follow-ups, and team communications
• Send notifications about care assignments, urgent requests, and follow-up reminders
• Process payments and manage subscriptions
• Provide customer support and respond to inquiries
• Generate anonymized insights and reports for your organization’s leaders
• Improve our products, fix bugs, and develop new features
• Send service-related emails (account updates, billing notices, security alerts)
• Comply with legal obligations

3 CareHub Mobile App Data

The CareHub mobile app (available on iOS and Android) collects and uses the following data:

Data collected by the app

• Account information: name, email, profile photo, organization membership
• Care data: care requests, care touches, follow-up notes, and pastoral interactions you create or are assigned to
• Communication data: messages sent through the Connect feature, including text, audio recordings, and video/image attachments
• Calendar data: when you choose to add follow-up reminders to your device calendar (requires your explicit permission)
• Push notification token: to deliver real-time care alerts and assignment notifications
• Device information: device model, OS version, app version, and crash reports for troubleshooting

Permissions the app may request

• Camera: to take and upload profile photos or media attachments
• Photo library: to select existing photos or videos for attachments
• Microphone: to record audio messages in Connect discussions
• Notifications: to send push notifications for care assignments, follow-up reminders, and urgent alerts
• Calendar: to add follow-up reminders to your device calendar (optional)
• Biometric authentication: to enable Face ID or fingerprint login (optional, data stays on device)

Data visible to your organization

Care data you enter (care touches, notes, follow-ups) is visible to authorized members of your organization — specifically administrators and care team leaders. Your personal login credentials are never shared with your organization’s administrators.

4 Third-Party Services

We use the following third-party services to operate CareHub. Each provides equivalent or greater privacy protections:

We do not share data with advertising networks, data brokers, or analytics platforms that track users across apps.

5 Data Sharing & Disclosure

We may share your information only in these circumstances:

• Within your organization: care data is shared with your organization’s administrators and team leaders as necessary for care coordination
• Service providers: with the third-party services listed above, solely to operate the platform
• Legal requirements: if required by law, subpoena, or legal process
• Safety: if we believe disclosure is necessary to prevent harm or protect rights
• Business transfer: in connection with a merger, acquisition, or sale of assets (your data protections remain in effect)

6 Data Storage & Security

Your data is stored on secure servers provided by Supabase (hosted on AWS) in the United States. We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Row-level security policies ensuring users only access their own organization’s data
• Secure authentication with session management and optional biometric unlock
• Regular security reviews and access controls

While we take every reasonable precaution, no method of electronic transmission or storage is 100% secure. We encourage you to use a strong password and enable biometric authentication where available.

7 Data Retention & Deletion

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data: retained while your account is active; deleted within 30 days of account deletion request
• Care records: retained while your organization’s subscription is active; organizations may export data before cancellation
• Payment records: retained as required by financial regulations (typically 7 years)
• Server logs: retained for up to 90 days for security and debugging purposes

Account Deletion

You may request deletion of your account and personal data by contacting support@volunteeru.org. Organization administrators can also remove individual users from their organization. Upon deletion, we will remove your personal data from active systems within 30 days. Some data may persist in encrypted backups for up to 90 days before being permanently removed.

8 Your Privacy Rights

For all users

• Access your personal data
• Correct inaccurate information
• Request deletion of your account and data
• Export your data in a standard format
• Opt out of non-essential communications

For EU/UK residents (GDPR)

• Right to data portability
• Right to restrict or object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

Legal bases for processing: consent, contractual necessity, legitimate interests, and legal obligations.

For California residents (CCPA)

• Right to know what data we collect and how it’s used
• Right to request a copy of your personal data
• Right to request deletion
• Right to opt out of the sale of personal data (we do not sell data)
• Right to non-discrimination for exercising privacy rights

To exercise any of these rights, email support@volunteeru.org. We will respond within 30 days.

9 Cookies & Tracking

Our web portal uses cookies for:

• Essential cookies: authentication, session management, security (required)
• Analytics cookies: understanding how people use the platform to improve it (optional)

We do not use advertising cookies or cross-site tracking. EU/UK visitors will see a cookie consent banner. You can manage cookie preferences through your browser settings.

The CareHub mobile app does not use cookies or cross-app tracking identifiers.

10 Push Notifications

If you enable push notifications in the CareHub app, we will send you alerts for:

• New care request assignments
• Follow-up reminders
• Urgent and crisis care alerts
• Team messages in Connect

You can disable push notifications at any time through your device settings or in the app under More → Notifications. Disabling notifications does not affect your account or ability to use the app.

11 Children’s Privacy

CareHub is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at support@volunteeru.org.

12 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app, by email, or by posting a notice on our website. The “Effective Date” at the top of this page indicates when the policy was last updated. Your continued use of CareHub after changes constitutes acceptance of the updated policy.