Privacy Policy

Overview

BoardTrust is a governance management tool for nonprofit organizations. We take the privacy and security of your organization's information seriously. This Privacy Policy explains what information we collect, how we use it, when we disclose it, how we protect it, and the choices available to you.

Information We Collect

We collect information you provide directly through the service, including:

• account information, such as name, email address, login credentials, and organization name
• organization records and workspace data, such as board member details, policy records, governance documents, resolutions, and related governance materials you upload or enter into the service
• communications you send to us, including support, privacy, account-related, and other inquiries

We may also collect limited technical and usage information automatically when you use the service, such as IP address, browser type, device information, session information, pages or features accessed, and dates and times of access, to help operate, secure, and improve the service.

How We Use Information

We use information we collect to:

• provide, maintain, and support the BoardTrust service
• authenticate users and secure accounts
• store, organize, display, and process governance records and related content within your workspace
• communicate with you about your account, subscription, support requests, service updates, and legal or policy notices
• monitor, protect, and improve the security, functionality, and performance of the service
• comply with applicable law, enforce our terms, and protect our rights and users

We do not use your information for advertising, and we do not sell your personal information.

Cookies and Similar Technologies

We use strictly necessary cookies and similar technologies to authenticate users, maintain secure sessions, support core service functionality, and help protect the service. We do not use advertising cookies, and we do not use cross-site tracking cookies for advertising purposes.

How We Disclose Information

We do not disclose your information to third parties except in the following circumstances:

• to service providers that help us host, secure, maintain, or operate the service
• within your organization, to authorized users associated with your organization's workspace
• if required by law, legal process, or governmental request
• to protect the rights, safety, security, or property of BoardTrust, our users, or others
• in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction involving the service

We use third-party providers for functions such as hosting, database infrastructure, authentication, payments, email, and related operational support. We use Supabase as a managed database and infrastructure provider for storage, authentication, and related service functions.

If BoardTrust is involved in a merger, acquisition, reorganization, sale of assets, or similar transaction that results in your information becoming subject to a materially different privacy policy, we will provide reasonable notice before that change takes effect where required or reasonably practicable.

State Privacy Rights

Depending on applicable law, residents of certain states may have rights regarding their personal information, such as the right to request access to, correction of, deletion of, or a copy of certain personal information. We will process qualifying requests in accordance with applicable law.

International Users

BoardTrust is operated in the United States, and data is stored in the United States using our managed infrastructure providers. If you access or use the service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States.

Data Storage and Security

We use reasonable administrative, technical, and organizational measures to help protect your information. Data stored through Supabase is encrypted in transit and at rest. Access to your organization's data is limited to authorized users associated with your workspace and to service providers or administrators who require access to operate, secure, maintain, or support the service.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain information for as long as reasonably necessary to provide the service, maintain the account, comply with legal obligations, resolve disputes, enforce agreements, and protect the service.

If your subscription ends or your access to the service is terminated, we may retain your data for up to sixty (60) days to allow administrative transition, reactivation, or export, after which we may delete it in accordance with our retention practices.

You may request deletion of your organization's data by contacting us using the information below, subject to any legal, security, contractual, or operational reasons for limited retention.

Your Choices and Requests

You may request to:

• access or correct account information
• export or delete your organization's data
• ask questions about how your information is handled

We will review and respond to qualifying requests in accordance with applicable law. To make a privacy-related request, contact us using the information below.

Data Processing Addendum

Organizations that require a data processing agreement may contact us using the information below.

Children's Privacy

BoardTrust is intended for organizational and business use and is not directed to individuals under 18. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without appropriate authorization, we will promptly delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the service or by other reasonable means. The "Last updated" date above indicates when this Privacy Policy was last revised.

Contact

For privacy-related questions, data requests, or DPA inquiries, contact us at npboardgovernance@gmail.com.