Privacy policy

Foundation Collab is a multi-tenant collaboration platform. We treat data the way our non-profit customers treat the people they serve: with care, with clarity, and only ever for what we said we'd do with it.

What we collect

• Account data: name, email, OAuth provider id (Microsoft / Google) or passkey credential id, sign-in timestamps.
• Membership data: which foundations and member organizations you belong to, your role.
• Content you create: resources, messages, RSVPs, announcements, submissions, gratitude posts, mood check-ins (private), activity entries.
• Operational data: audit log of actions you've taken (publishes, deletes, reviews), device + IP recorded only on auth events.

What we don't collect

• Marketing trackers, third-party advertising cookies, or fingerprinting scripts.
• Camera or microphone recordings (LiveKit conferences are recorded only when a host explicitly clicks Record, and a banner appears in the room).
• Passwords. We don't have any to collect (passkeys + OAuth + email magic-link only).

Tenant isolation

Each parent foundation's data is isolated by Postgres Row-Level Security. Even if our application code forgets to filter by tenant, the database will. We never share content across tenants without explicit authorization, and we never use one foundation's data to train models that benefit another.

Your rights

• Access + portability: download a JSON of everything tied to your user record from /account.
• Erasure: schedule account deletion from /account. Soft-delete is immediate; hard-delete is 30 days later (signing back in cancels).
• Rectification: edit your profile from your foundation's portal at any time.
• Objection: opt out of optional analytics from the cookie banner.

Sub-processors

We use a small list of vetted infrastructure providers. See /subprocessors for the current list and the data each touches.

Contact

Email [email protected] with questions or requests we can't surface in /account. We respond within five business days.