Privacy Policy

1. Introduction

Welcome to Communitise, operated by Zeevou Ltd (“we,” “us,” or “our”). We are committed to protecting your personal data and respecting your privacy rights in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at communitise.com (the “Platform”).

2. Data Controller

3. Personal Data We Collect

3.1 Information You Provide Directly

When you register and use Communitise, we collect:

• Account Information: Name, email address, phone number, password (encrypted)
• Profile Information: Bio, location, interests, profile picture, and other information you choose to share
• Offerings & Contributions: Details of services, skills, or resources you offer to the community
• Communications: Messages sent through our internal chat system, comments, posts, and other user-generated content
• Payment Information: Processed securely by our payment processor Stripe (we do not store full card details)

3.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, time spent on the Platform, interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies & Similar Technologies: See Section 7 for details

3.3 Information from Third Parties

We may receive information from:

• Authentication Providers: Auth0 (for secure login)
• Analytics Services: Google Analytics (for Platform improvement)
• Email Service Provider: SendGrid (for transactional emails)
• CRM System: HubSpot (for customer relationship management)

4. Legal Basis for Processing

We process your personal data under the following lawful bases:

• Contract Performance: To provide you with access to the Platform and its features (Article 6(1)(b) UK GDPR)
• Legitimate Interests: To improve our services, prevent fraud, and ensure Platform security (Article 6(1)(f) UK GDPR)
• Consent: For marketing communications and non-essential cookies (Article 6(1)(a) UK GDPR)
• Legal Obligation: To comply with applicable laws and regulations (Article 6(1)(c) UK GDPR)

5. How We Use Your Personal Data

5.1 Provide & Improve Services

• Create and manage your account
• Enable you to connect with other community members
• Process payments for premium features
• Facilitate your contributions and offerings
• Provide customer support
• Improve Platform functionality and user experience

5.2 Communications

• Send transactional emails (account notifications, security alerts)
• Send service updates and Platform announcements
• Respond to your inquiries
• Send marketing communications (with your consent, opt-out available)

5.3 Safety & Security

• Prevent fraud, abuse, and unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations
• Protect the rights and safety of our community

5.4 Analytics & Research

• Understand how users interact with the Platform
• Analyze trends and usage patterns
• Conduct research to improve our services (anonymized data only)

6. Data Sharing & Third-Party Services

We share your personal data only in the following circumstances:

6.1 Service Providers

We work with trusted third-party providers who process data on our behalf:

• Stripe: Payment processing (PCI-DSS compliant)
• SendGrid: Transactional email delivery
• Auth0: Authentication and identity management
• Google Cloud Platform: Infrastructure and hosting (EU region)
• HubSpot: Customer relationship management
• Google Analytics: Usage analytics (anonymized where possible)

All service providers are contractually bound to protect your data and use it only for specified purposes.

6.2 Legal Requirements

We may disclose your information if required by law, court order, or regulatory authority, or to:

• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Respond to lawful requests from public authorities

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change.

6.4 With Your Consent

We may share your data with third parties when you explicitly consent to such sharing.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Enable essential Platform functionality
• Remember your preferences and settings
• Analyze Platform usage and performance
• Personalize your experience

7.1 Cookie Categories

• Strictly Necessary: Required for the Platform to function (cannot be disabled)
• Functional: Remember your preferences and choices
• Analytics: Help us understand how you use the Platform
• Marketing: Deliver relevant content and measure campaign effectiveness (requires consent)

You can manage cookie preferences through your browser settings or our cookie consent tool. Please note that disabling certain cookies may limit Platform functionality.

For more details, see our Cookie Policy.

8. Data Storage & Security

8.1 Storage Location

Your personal data is stored on secure servers located within the European Union:

• Auth0 Tenants: EU region
• Backend Infrastructure: EU region (Google Cloud Platform)

8.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

While we take reasonable precautions, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

8.3 Data Retention

We retain your personal data for as long as necessary to:

• Provide you with our services
• Comply with legal obligations (e.g., tax, accounting, dispute resolution)
• Enforce our agreements
• Resolve disputes

• Active Accounts: Data retained while your account is active
• Closed Accounts: We retain certain data for up to 7 years to comply with legal obligations (e.g., financial records), then securely delete or anonymize it
• Marketing Data: Retained until you withdraw consent or for 3 years of inactivity

You may request earlier deletion by contacting us (see Section 10).

9. International Data Transfers

While we store data within the EU, some of our service providers may be located outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): Approved by the UK Information Commissioner’s Office (ICO)
• Adequacy Decisions: Transfers to countries deemed adequate by UK authorities
• Additional Security Measures: Encryption, access controls, and contractual protections

10. Your Data Protection Rights

Under UK GDPR, you have the following rights:

10.1 Right of Access

Request a copy of the personal data we hold about you.

10.2 Right to Rectification

Correct inaccurate or incomplete personal data.

10.3 Right to Erasure (“Right to be Forgotten”)

Request deletion of your personal data, subject to legal retention requirements.

10.4 Right to Restriction of Processing

Request that we limit how we use your data in certain circumstances.

10.5 Right to Data Portability

Receive your personal data in a structured, machine-readable format and transfer it to another service.

10.6 Right to Object

Object to processing based on legitimate interests, including direct marketing.

10.7 Rights Related to Automated Decision-Making

10.8 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent (does not affect prior processing).

10.9 How to Exercise Your Rights

To exercise any of these rights, please contact us:

We will respond to your request within one month (extendable by two months for complex requests). We may need to verify your identity before processing your request.

11. Children’s Privacy

Communitise is open to users of all ages. However, we are committed to protecting children’s privacy:

• Parental Consent: Users under 13 require verifiable parental consent
• Limited Data Collection: We collect only necessary information for users under 18
• No Marketing to Children: We do not send marketing communications to users under 16 without parental consent

If you believe we have inadvertently collected data from a child without proper consent, please contact us immediately.

12. Your Choices & Control

12.1 Account Settings

Manage your profile information, privacy settings, and communication preferences through your account dashboard.

12.2 Marketing Communications

Opt out of marketing emails by:

• Clicking “unsubscribe” in any marketing email
• Adjusting preferences in your account settings
• Contacting [email protected]

You will continue to receive essential transactional emails.

12.3 Cookie Management

Control cookies through:

• Your browser settings
• Our cookie consent tool (on first visit)

12.4 Account Deletion

Request permanent account deletion by contacting [email protected]. We will delete your data within 30 days, subject to legal retention obligations.

13. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on this page
• Update the “Last Updated” date
• Notify you of material changes via email or Platform notification
• Obtain your consent where required by law

We encourage you to review this policy periodically.

15. Complaints & Regulatory Authority

If you have concerns about how we handle your personal data, please contact us first:

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority:

16. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data: