Privacy Policy

The Commonhaus Foundation (CF) is committed to respecting your privacy and protecting your personal information. This Privacy Policy explains how we collect, use, and share information when you engage with our services, websites, and projects.

• Information We Collect
• How We Use Your Information
• Information Sharing and Disclosure
• How We Protect Your Information
• Data Security and Cross-border Transfers
• Data Retention
• Your Rights
• Changes to This Policy
• Contact Us
• Additional Information for EEA, UK, and California Users

Information We Collect

We collect only the data necessary to operate our services effectively.

1. Authentication and Identity Data: We use GitHub for authentication and collect basic identity data, including your GitHub login and user ID. If you serve on a CF committee, we may display your GitHub login, name, and profile bio publicly. Members may also opt to provide an alternate display name or bio.

2. Email Forwarding Data: For members using the ForwardEmail service, we link your GitHub login to the forwarding email address(es) specified. ForwardEmail stores the target address; CF does not retain this information.

3. Session Cookies and Analytics: Our member section uses temporary session cookies solely for GitHub authentication. We also collect anonymous, aggregated analytics to improve website performance and usability.

4. Legal and Contributor Data: For legal agreements (e.g., asset transfers, fiscal hosting) and contributor verification (e.g., Contributor License Agreements or commit messages), we collect names, contact details, and any relevant contribution history.

How We Use Your Information

We use your information to:

• Authenticate Access: GitHub data is used to verify and provide secure access to CF services.
• Public Display for Committees: We publicly display committee members’ names and GitHub logins during their tenure.
• Communication: The ForwardEmail service facilitates communication via forwarding addresses provided by members.
• Website Improvement: Analytics help us assess website performance without identifying individual users.
• Project and Contribution Oversight: Contributor information supports project management and monitors adherence to contribution requirements, such as CLAs or DCOs.

Information Sharing and Disclosure

We do not sell or rent your personal information. Information may be shared under the following circumstances:

• Third-party Services: We share your information with third-party services only when you opt-in, such as by using ForwardEmail, and only as necessary for those services to function.
• Legal Requirements: We may disclose information as required by law or in response to a valid legal request.

How We Protect Your Information

We take reasonable measures necessary to protect your personal data from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of your personal data.

Data Security and Cross-border Transfers

We take reasonable measures to protect your personal data from unauthorized access, alteration, or destruction. Your data may be processed in various countries, including the U.S. and regions where we or our providers operate. For transfers from the EU, UK, or Switzerland, we rely on Standard Contractual Clauses to ensure your data’s protection.

Data Retention

We retain data as long as necessary to fulfill the purposes outlined in this policy or as required by law. Session cookies are temporary and expire when your session ends.

Your Rights

You have the right to request access to, correction of, or deletion of your personal information. To exercise these rights, please use our online form.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Significant updates will be posted on our website.

Contact Us

If you have any questions or concerns about this Privacy Policy, use our online form.

Additional Information for EEA, UK, and California Users

Users in the European Economic Area (“EEA”), United Kingdom (“UK”), and California have specific rights under their respective data protection laws. These rights include, among others, access, correction, deletion, restriction of processing, and data portability in certain circumstances.

1. EEA and UK Users: We process your data only where legally justified, including under contract fulfillment, legitimate interest (balanced against your privacy rights), consent, or legal compliance. You may exercise rights to access, rectify, delete, or restrict your data, and you may object to processing or request data portability where applicable. You also have the right to lodge a complaint with your local supervisory authority.

2. California Users: Under the California Consumer Privacy Act (“CCPA”), you have the right to opt-out of data “sales” (CF does not sell personal data), and to access, delete, and correct your personal data. CF will not discriminate against you for exercising these rights. You may also make a request via an authorized agent; in such cases, CF may request additional verification to confirm your identity.