Privacy Policy

Last updated: June 13, 2026

CommonCircle ("the Platform," "we," "us") provides a members portal platform for nonprofit organizations, lodges, and community groups. This policy explains what personal information we collect, how we use it, and your choices regarding that information.

CommonCircle is a multi-tenant platform. Each organization on CommonCircle manages its own member data. This policy covers the data we collect and process on behalf of organizations using CommonCircle.

1. Information We Collect

Organization Admin Account

Member Profile Data (per organization)

Activity Data

Social Hub Connections

Payment Data

2. How We Use Your Information

3. Data Isolation

CommonCircle enforces strict data isolation between organizations. Row-level security policies ensure that members of one organization cannot access data belonging to another organization. Each organization's data is scoped to its own tenant boundary.

4. Third-Party Services

We use the following services to operate the platform. Each has its own privacy policy:

We do not sell, rent, or trade personal information to any third party for marketing purposes.

5. Cookies & Tracking

CommonCircle uses only essential cookies required for authentication (Supabase session tokens). We do not use Google Analytics, advertising pixels, or any third-party tracking scripts.

6. Calendar Feed

Organizations may enable a public iCal calendar subscription feed containing event titles, dates, locations, and descriptions. Calendar feeds do not include any member personal data.

7. Data Retention

Member data is retained for as long as the member's account is active within their organization. Organization admins may deactivate or remove member accounts. If an organization closes its CommonCircle account, all associated data is deleted within 30 days, except where required for legal purposes (e.g., financial transaction records).

8. Data Security

We protect information with industry-standard measures including encrypted connections (HTTPS), hashed passwords, row-level database security policies, and role-based access controls. Organization data is isolated at the database level using Supabase row-level security.

9. Your Rights

You may at any time:

California residents may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact your organization's administrator or email us directly.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via the platform or email. Continued use of the platform after changes are posted constitutes acceptance of the updated policy.

11. Contact

Questions about this privacy policy or your personal data? Contact us:

← Back to home