Privacy Policy
Last updated: June 13, 2026
CommonCircle ("the Platform," "we," "us") provides a members portal platform for nonprofit organizations, lodges, and community groups. This policy explains what personal information we collect, how we use it, and your choices regarding that information.
CommonCircle is a multi-tenant platform. Each organization on CommonCircle manages its own member data. This policy covers the data we collect and process on behalf of organizations using CommonCircle.
1. Information We Collect
Organization Admin Account
- Full name, email address, and password (hashed, never stored in plain text)
- Organization name, type, and URL slug
Member Profile Data (per organization)
- Full name and email address
- Phone number (optional)
- Profile photo / avatar (optional)
- Membership role (member, committee chair, board, admin)
- Membership status and join date
- Dues payment status (if Stripe is configured)
Activity Data
- Event RSVPs
- Newsletter interactions
- Committee memberships
- Messages sent through the portal
- Volunteer activities
Social Hub Connections
- Connected social account names, usernames, profile URLs, and provider account IDs
- Facebook Page and Instagram Business account details selected by an organization admin
- Permissions granted to CommonCircle for posting organization content
- Encrypted access tokens needed to publish posts on behalf of the organization
- Event post drafts, publishing history, external post IDs, and publishing errors
Payment Data
- Membership dues and event ticket payments are processed by Stripe. Each organization connects its own Stripe account. We do not store credit card numbers or bank account details. Stripe's privacy policy governs payment data: stripe.com/privacy
2. How We Use Your Information
- Operate and maintain member accounts and portal access
- Process membership dues and event ticket purchases
- Send transactional emails (invitations, confirmations, password resets, renewal reminders, newsletters)
- Display member information within the organization's portal (subject to org admin settings)
- Coordinate committees, events, and volunteer activities
- Connect organization social accounts and publish event updates when an authorized admin chooses to do so
- Improve the platform
3. Data Isolation
CommonCircle enforces strict data isolation between organizations. Row-level security policies ensure that members of one organization cannot access data belonging to another organization. Each organization's data is scoped to its own tenant boundary.
4. Third-Party Services
We use the following services to operate the platform. Each has its own privacy policy:
- Supabase — database hosting and authentication
- Google Sign-In — optional OAuth login (organizations may enable Google sign-in for their members)
- Stripe — payment processing (configured per organization)
- Resend — transactional email delivery
- OpenAI — AI assistant feature (admin-initiated; conversations may reference event and member summary data)
- Zoom — virtual meeting integration (optional per organization)
- Meta — Facebook Page and Instagram Business account integrations used by organization admins to connect social accounts and publish event updates through Social Hub
- Vercel — web application hosting
We do not sell, rent, or trade personal information to any third party for marketing purposes.
5. Cookies & Tracking
CommonCircle uses only essential cookies required for authentication (Supabase session tokens). We do not use Google Analytics, advertising pixels, or any third-party tracking scripts.
6. Calendar Feed
Organizations may enable a public iCal calendar subscription feed containing event titles, dates, locations, and descriptions. Calendar feeds do not include any member personal data.
7. Data Retention
Member data is retained for as long as the member's account is active within their organization. Organization admins may deactivate or remove member accounts. If an organization closes its CommonCircle account, all associated data is deleted within 30 days, except where required for legal purposes (e.g., financial transaction records).
8. Data Security
We protect information with industry-standard measures including encrypted connections (HTTPS), hashed passwords, row-level database security policies, and role-based access controls. Organization data is isolated at the database level using Supabase row-level security.
9. Your Rights
You may at any time:
- View and edit your profile information
- Request a copy of the personal data we hold about you
- Request deletion of your account and personal data
- Disconnect organization social accounts from Social Hub if you are an authorized organization admin
California residents may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact your organization's administrator or email us directly.
10. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via the platform or email. Continued use of the platform after changes are posted constitutes acceptance of the updated policy.
11. Contact
Questions about this privacy policy or your personal data? Contact us:
- Email: support@commoncircle.app