Skip to content
Foundation CollabTrust

Trust

Data processing addendum

Effective 2026-05-07.

This addendum describes how Foundation Collab, as processor, handles personal data on behalf of each parent foundation, who is the controller. It applies automatically to every Parent Foundation account on a Growth or Enterprise tier; Starter customers can request it via [email protected].

Subject matter + purpose

Foundation Collab processes personal data of the controller's staff, partner organization staff, and end-users solely to provide the platform's services as described in the order form: hosting a branded portal, internal messaging, events, resource sharing, AI assistance, and live conferencing.

Categories of data

  • Name, work email, OAuth identifier, profile photo (if uploaded).
  • Membership role(s) and member-organization affiliation.
  • Content the data subject creates inside the platform.
  • Operational metadata (timestamps, IP at sign-in, audit log).

Categories of data subjects

  • Foundation staff (Parent Admin, Parent Staff).
  • Member organization staff (Member Admin, Member User).
  • Foundation Collab staff (HQ Owner, Staff, Support, only in support contexts).

Sub-processors

Listed at /subprocessors. We give 30 days' notice via in-portal banner before adding a new sub-processor. The controller may object in writing; if we can't accommodate the objection we'll work in good faith on an exit plan.

Security measures

See /security. We commit at minimum to: encrypted transit + at-rest storage; tenant isolation via database RLS; passwordless-default authentication; mandatory MFA for admins; an immutable audit log of administrative actions; and quarterly secret rotation.

Breach notification

We notify the controller without undue delay (and in any event within 72 hours) of any confirmed personal-data breach affecting their tenant. The notification will include: nature of breach, categories + approximate number of affected data subjects, consequences, and remediation steps.

Sub-processor location + cross-border transfers

Production data resides in the controller's chosen data region (US by default; EU on the Enterprise tier). When sub-processors process data outside the chosen region we rely on Standard Contractual Clauses (Module 3, processor-to-sub-processor).

Audits

On reasonable written notice (no more than once per 12 months, or after a security incident), the controller may audit our compliance via written questionnaire or, for Enterprise customers, an on-site visit at the controller's expense.

Termination + return / deletion

On termination of the underlying agreement, we return personal data to the controller on request and then delete it from our active systems within 30 days; backups age out within an additional 90 days.