Privacy Policy

1. Data Controller

Cirko [to be completed — legal form], registered under number [to be completed], with its registered office at [address to be completed] ("Cirko", "we", "us").

Data Protection Officer: legal@cirko.app

When Cirko provides the Platform to Tenants (organizations), Cirko acts as data controller for account and billing data of Admins, and as data processor on behalf of the Tenant for volunteer, beneficiary, and donor data. See our Data Processing Agreement for details.

2. Data We Collect

2.1 Admin & Manager account data

Name, email address, phone number, role, organization name, address, locale preference, notification preferences (push, SMS, email).

2.2 Volunteer data

Name, email, phone number, postal address, geographic coordinates (latitude/longitude for proximity-based matching), avatar, locale preference, skills (self-declared and admin-assigned), availability schedule (days and time slots), mission history, missions completed count, reliability score (0–5 scale), notification preferences, push notification tokens (Expo), CGU/privacy acceptance dates and versions.

2.3 Beneficiary data

Name, email, phone number, postal address, geographic coordinates (latitude/longitude for volunteer matching), campaign assignments, delivery history, special labels (as customized by the Tenant), CGU/privacy acceptance dates.

2.4 Donor data

First name, last name, company name and SIREN (for corporate donors), email, phone, postal address (street, city, postal code, country), donor type (personal/enterprise), donation amounts, payment method, installment schedule, Stripe customer ID, GDPR consent status, marketing consent status, IP address, Turnstile verification score, CERFA receipt numbers and PDF URLs.

2.5 Billing data (SaaS subscriptions)

Subscription plan, billing cycle, currency, Paddle customer ID, Paddle subscription ID, payment status, current period end date, SMS usage count. We do not store payment card details — these are handled exclusively by Paddle.

2.6 Usage & technical data

Pages visited, features used, device type, browser, operating system, IP address, timestamps, error logs (via Sentry, which may include stack traces and request metadata).

2.7 Consent records

For each consent given (CGU, privacy, GDPR, marketing, CERFA fiscal), we record: consent type, document version, acceptance status, IP address, user agent, and timestamp.

2.8 AI chat data

If enabled by the Tenant's plan, the AI assistant processes conversation messages in real-time. The assistant accesses Tenant data (campaign stats, planning, volunteer availability) to provide contextual responses. Chat history is stored in session only (not persisted in database) and is automatically deleted when the session ends.

2.9 Tenant configuration data

Organization legal name, RNA/SIREN/SIRET/VAT numbers, registered address, legal representative name and title, association purpose (objet social), signature image, Stripe API keys (encrypted with AES-256-GCM), custom domain, branding (logo, colors, tagline), donation page configurations.

3. Purpose of Processing

• Service delivery — Providing Platform features: campaign management, volunteer matching, task scheduling, donation processing, tax receipt (CERFA) generation
• Volunteer matching & scoring — Calculating match scores based on geographic proximity, equity (mission distribution fairness), reliability history, and seniority to propose optimal volunteer-task assignments (see Section 10)
• Account management — Authentication (magic links via Supabase Auth), authorization, profile management, role-based access
• Billing — SaaS subscription management and invoicing (via Paddle as Merchant of Record)
• Communication — Transactional emails (magic links, donation receipts, CERFA, weekly recaps via Resend), SMS alerts (mission notifications via Twilio), push notifications (via Expo)
• Security — Bot protection (Cloudflare Turnstile), rate limiting, fraud detection, IP logging for consent audit trail
• Legal compliance — Tax receipt generation (CERFA in France), consent records, accounting records, audit trail
• AI assistance — Providing contextual AI chat for campaign management (available on eligible plans)
• Analytics — Dashboard KPIs (coverage rates, volunteer activity, cancellation rates) for Tenant managers

4. Legal Basis for Processing

• Contract performance (GDPR Art. 6(1)(b)) — Processing necessary to provide the Platform services as agreed in the Terms of Service
• Legal obligation (GDPR Art. 6(1)(c)) — Tax receipts (CERFA), accounting records (10-year retention), consent tracking
• Legitimate interest (GDPR Art. 6(1)(f)) — Security measures, fraud prevention, service improvement, volunteer matching algorithm, analytics dashboards
• Consent (GDPR Art. 6(1)(a)) — Marketing communications, optional data sharing, CERFA fiscal consent

For volunteer matching and scoring (automated profiling), the legal basis is legitimate interest of the Tenant (efficient volunteer coordination). You may object to automated scoring at any time (see Section 10).

5. Data Recipients & Sub-processors

We share data with the following categories of recipients, strictly as needed to provide the service:

We do not sell personal data to any third party. We do not share data for advertising or marketing purposes with third parties.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). International transfers are safeguarded by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The EU-US Data Privacy Framework (where applicable)
• Provider certifications under adequate data protection frameworks

For transfers to Israel, the European Commission has recognized Israel as providing an adequate level of data protection (Commission Decision 2011/61/EU).

For transfers to the United States, we rely on SCCs and/or the EU-US Data Privacy Framework certification of our providers.

7. Retention Periods

After the retention period expires, data is permanently deleted or anonymized. Data subject to legal retention obligations is archived securely with restricted access.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or a jurisdiction that provides similar rights, you have the following rights:

• Right of access (Art. 15) — Obtain a copy of your personal data and information about how it is processed
• Right to rectification (Art. 16) — Correct inaccurate or incomplete data
• Right to erasure (Art. 17) — Request deletion of your data, subject to legal retention obligations
• Right to restriction (Art. 18) — Restrict processing in certain circumstances (e.g., while verifying accuracy)
• Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format (JSON or CSV)
• Right to object (Art. 21) — Object to processing based on legitimate interest, including automated profiling and scoring
• Right to withdraw consent (Art. 7) — Withdraw consent at any time without affecting the lawfulness of prior processing
• Right not to be subject to automated decisions (Art. 22) — See Section 10 regarding volunteer scoring and profiling

To exercise your rights, contact legal@cirko.app. We will respond within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period.

For volunteer and beneficiary data: Your data is controlled by the Tenant (your organization). Please first contact your organization directly. If needed, Cirko will assist the Tenant in fulfilling your request.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know — Request information about the categories and specific pieces of personal data we collect, use, and share
• Right to delete — Request deletion of your personal data, subject to legal exceptions
• Right to correct — Request correction of inaccurate personal data
• Right to opt-out of sale/sharing — We do not sell or share personal information for cross-context behavioral advertising. No opt-out is necessary.
• Right to limit use of sensitive data — We do not use sensitive personal information beyond what is necessary to provide the service
• Non-discrimination — We will not discriminate against you for exercising your CCPA rights

To submit a request: legal@cirko.app. We will verify your identity before processing. Authorized agents may submit requests on your behalf with proper documentation.

10. Automated Decision-Making & Profiling

The Platform uses an automated volunteer matching algorithm that constitutes profiling under GDPR Article 22. This section provides transparency about how it works.

10.1 What the algorithm does

When a task needs to be assigned, the Platform calculates a match score for each eligible volunteer based on four factors:

• Geographic proximity (default weight: 40%) — Distance between the volunteer's address and the beneficiary's address, using latitude/longitude coordinates
• Equity (default weight: 30%) — Inverse of recent mission count, to distribute work fairly among volunteers
• Reliability (default weight: 20%) — Score based on mission completion history (decreased by late cancellations: −0.2 if less than 24h notice, −0.05 otherwise)
• Seniority (default weight: 10%) — Based on registration date

Only volunteers who possess the required skills AND are available for the time slot are considered. Optional skills provide a +10% bonus to the score.

10.2 Human oversight

The algorithm produces proposals only — it does not make final assignment decisions. A manager or admin always reviews and confirms assignments. The Tenant admin can adjust scoring weights or override proposals at any time.

10.3 Your rights regarding profiling

• You may request an explanation of how your score was calculated for any specific task
• You may object to profiling by contacting your organization or legal@cirko.app
• You may request human review of any automated proposal
• Your reliability score is visible in your profile and can be discussed with your organization

11. Cookies & Local Storage

We use only strictly necessary cookies and local storage. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is required.

For details, see our Cookie Policy.

12. Children

The Platform is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we discover that we have inadvertently collected such data, we will delete it promptly. If you believe a child under 16 has provided us with personal data, please contact legal@cirko.app.

13. Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS 1.2+) and at rest
• AES-256-GCM encryption for sensitive fields (Stripe API keys, sensitive credentials)
• Multi-tenant data isolation via Row-Level Security (RLS) at the database level
• HTTP security headers (Helmet.js: Content Security Policy, HSTS, X-Frame-Options, X-Content-Type-Options)
• Bot protection on public forms (Cloudflare Turnstile)
• Rate limiting on all public endpoints (10 req/min for public, 5 req/min for auth, 100 req/min for authenticated API)
• Input validation and sanitization on all API endpoints
• Role-based access control with tenant isolation middleware
• Magic link authentication (no passwords stored by the Platform)
• CORS policy restricting origins to authorized domains

Despite these measures, no system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@cirko.app.

14. Additional Rights by Jurisdiction

14.1 Israeli residents

If you are an Israeli resident, you have rights under the Protection of Privacy Law, 5741-1981 (חוק הגנת הפרטיות) and the Privacy Protection Regulations (Data Security), 5777-2017. You have the right to access, correct, and delete your personal data. To exercise your rights, contact legal@cirko.app.

14.2 Canadian residents

If you are a Canadian resident, your data is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) or applicable provincial legislation. You have the right to access your personal information, challenge its accuracy, and withdraw consent (subject to legal restrictions). To submit a request: legal@cirko.app.

14.3 UK residents

If you are a UK resident, your data is protected under the UK GDPR and the Data Protection Act 2018. Your rights are equivalent to those described in Section 8 above.

15. Supervisory Authorities

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority:

• France — CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr
• Israel — PPA (Privacy Protection Authority / הרשות להגנת הפרטיות): gov.il/privacy
• United Kingdom — ICO (Information Commissioner's Office): ico.org.uk
• United States — FTC (Federal Trade Commission): ftc.gov
• Canada — OPC (Office of the Privacy Commissioner): priv.gc.ca
• Other EU countries — Contact your national data protection authority

16. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify affected users by email at least 30 days before the changes take effect. Non-material changes (clarifications, formatting) may be made without prior notice. The "Last updated" date at the top indicates the latest revision.

Continued use of the Platform after the effective date of a material change constitutes acceptance. If you do not agree, you may close your account.

17. Contact

Data Protection Officer: legal@cirko.app

Legal inquiries: legal@cirko.app

Security reports: security@cirko.app