hum.community Privacy Policy

Effective Date: [1 July 2022]

Last Updated: [1 Oct 2024]

The Wellbeing Protocol ("we", "our", or "us") operates the hum.community app (the "App") to support community-led decision-making and participatory grantmaking.

We respect your privacy and are committed to protecting your personal information in compliance with international standards, including:

  • New Zealand Privacy Act 2020
  • Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
  • EU General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Other applicable local and regional privacy laws

By using the App, you agree to the collection, use, and sharing of your information as described in this policy.

1. Information We Collect

a. Profile Information

  • Name, mobile number (required for account creation).
  • Communities may request additional details (e.g., suburb, ethnicity, age group) in line with their constitution.

b. Voting & Participation Data

  • Votes and proposal activity are recorded to maintain fairness and accountability.
  • Internally linked to your identity but anonymised when used in reports.

c. Usage Data

  • Technical details such as device type, operating system, IP address, and app activity.
  • Collected using third-party services (e.g., Google Analytics for Firebase).

d. Community-Shared Information

  • Ideas, proposals, project reports, and voting summaries may be visible to your community and, with community consent, to funders and partners.

2. How We Use Your Information

We use your information to:

  • Verify identity and manage your account.
  • Enable community participation, voting, and proposal management.
  • Share community-level reports with funders and partners (if the community agrees).
  • Improve app performance through usage analysis.
  • Send notifications and service updates (you can manage preferences in settings).

We will never sell or rent your personal information.

3. Sharing of Information

  • Community Members: Your name and profile are visible to members of your community.
  • Funders & Partners: Funders are providing funds to communities. Partners are community development organisations who are working with communities and funders to support the project. With the agreement of the community key information can be (and typically is) shared with the funders and partners. This would include: names of people in the community, ideas, proposals, project reports and voting summaries. This transparency helps to build trust. At any time the community can decide to stop giving funders and partners access to their data.
  • Service Providers: Trusted providers (e.g., Google Firebase, hosted in Australia) for hosting and analytics.
  • Legal Requirements: Where required to comply with laws, regulations, or protect community safety.

4. Data Security

We implement best practice security controls to protect your data from misuse, loss, or unauthorised access. This includes:

  • Hosting data on secure servers (Google Firebase in Australia).
  • Encryption, firewalls, and access controls.
  • Restricting access to authorised personnel only.

We also align our practices with the internationally recognised ISO/IEC 27001:2013 Information Security Management Standard, ensuring ongoing improvement of our security measures.

5. Indigenous Data Sovereignty

We acknowledge and respect Indigenous data rights:

  • UNDRIP: Supporting the rights of Indigenous peoples to data sovereignty.
  • Māori Data Sovereignty: Upholding principles outlined by Te Mana Raraunga in Aotearoa New Zealand.
  • Aboriginal and Torres Strait Islander Data Sovereignty: Recognising the role of the Maiam nayri Wingara Indigenous Data Sovereignty Collective and similar frameworks.

We are committed to engaging with Indigenous and local communities to ensure their data is governed in line with cultural values.

6. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access personal data we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion of your personal data.
  • Restrict or object to certain uses of your data.
  • Data portability (receive a copy in a transferable format).
  • Withdraw consent at any time.

To exercise your rights, please contact info@hum.community.

  • Australia: Complaints may also be made to the Office of the Australian Information Commissioner (OAIC).
  • New Zealand: Complaints may be made to the Office of the Privacy Commissioner (OPC).
  • EU/EEA: Complaints may be made to your local Data Protection Authority.

7. Data Retention & Deletion

We keep personal data only as long as necessary for the purposes set out in this policy or as required by law. When no longer needed, data will be securely deleted.

8. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect data from children. If a child's data is found to have been collected, it will be deleted immediately.

9. Third-Party Services

We use trusted third-party providers, including:

  • Google Analytics for Firebase – for monitoring app usage and performance.

These providers operate under their own privacy policies.

10. International Data Transfers

Your information may be stored or processed outside your home country. Where data crosses borders, we implement safeguards (e.g., contractual clauses) to protect your privacy in line with GDPR, APPs, and other relevant standards.

11. Changes to This Policy

We may update this policy from time to time. Updates will be posted in the App and on our website. Continued use after updates indicates acceptance of the revised policy.

12. Contact Us

The Wellbeing Protocol

Email: info@hum.community

Website: www.hum.community

For privacy complaints: