Legal
Privacy Policy
Last updated: 7 July 2026
This Privacy Policy explains how Civora Network collects, uses, shares, and protects your personal data when you use our volunteering and opportunities platform. We are committed to handling your information transparently and in line with the UK GDPR and the EU GDPR.
1.Who we are
Civora Network is the data controller responsible for the personal data processed through the platform. Wherever this policy refers to "we", "us", or "our", it means Civora Network.
If you have any questions about how we handle your data, you can reach our team using the contact details at the end of this policy.
2.Information we collect
We only collect the information we need to run the platform and provide our services. Depending on how you use Civora, this may include:
- Account details — your first and last name, email address, phone number, country, and preferred language.
- Authentication data — your password, which is stored only as a secure one-way hash, or an identifier from Google if you choose to sign in with Google.
- Profile information — biography, headline, location, and optional details such as date of birth, gender, occupation, address, and a national identification number where you choose to provide one.
- Skills, interests, and files you upload, such as profile photos, organisation logos, banners, and résumés.
- Organisation data — if you register an organisation, its name, type, registration and tax numbers, industry, and size.
- Activity data — applications, cover letters, event RSVPs, messages, reviews, and notifications.
- Technical and security data — IP address, device and browser information, and audit logs of security-relevant actions.
3.How we use your information
- To create and manage your account and to authenticate you securely.
- To operate core features — publishing and browsing opportunities, submitting and reviewing applications, messaging, events, and reviews.
- To send you transactional emails such as email verification, password resets, and updates about your applications or events.
- To keep the platform secure, prevent fraud and abuse, and maintain audit records.
- To comply with our legal obligations and enforce our terms.
4.Legal bases for processing
Under the UK and EU GDPR, we rely on the following legal bases to process your personal data:
- Consent — for example, when you provide optional profile details. You can withdraw consent at any time.
- Performance of a contract — to provide the services you sign up for.
- Legitimate interests — to keep the platform secure, improve our services, and prevent abuse, balanced against your rights.
- Legal obligation — where we are required to process data to comply with the law.
6.International data transfers
Some of our service providers may process data outside the UK or the European Economic Area. Where that happens, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses to protect your information.
7.How long we keep your data
We keep your personal data for as long as your account remains active. When you delete your account, we deactivate it immediately and permanently erase or anonymise your data after a short grace period, except where we are required to retain certain records to meet a legal obligation.
8.Your rights
You have the following rights over your personal data:
- Access — request a copy of your data. You can export your data directly from your account settings.
- Rectification — correct inaccurate or incomplete information.
- Erasure — ask us to delete your data (the "right to be forgotten").
- Restriction and objection — limit or object to certain processing.
- Portability — receive your data in a structured, machine-readable format.
- Withdraw consent — where we rely on your consent, you can withdraw it at any time.
9.Managing your data and complaints
You can exercise most of these rights directly from Account → Privacy and Data, where you can export your information or delete your account. If you believe we have not handled your data properly, you have the right to complain to a supervisory authority — in the UK, the Information Commissioner's Office (ICO), and in France, the Commission Nationale de l'Informatique et des Libertés (CNIL).
10.How we protect your data
We take the security of your data seriously. Passwords are hashed with bcrypt, email verification and password-reset tokens are stored only as hashes, uploaded files are kept in a private store and served through short-lived signed links, and access to organisation data is governed by role-based permissions. No system can be guaranteed completely secure, but we work continuously to protect your information.
11.Children's privacy
The platform is not intended for anyone under the age of 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will remove it.
12.Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you in-app or by email. The "last updated" date at the top of this page always reflects the current version.
Questions about this policy?
If you have any questions, or you want to exercise your data rights, get in touch with our team.