Commonwell

Home · Privacy Policy

Terms of Service · Privacy Policy · Security & PCI · Accessibility

Privacy Policy

This Privacy Policy explains how Commonwell ("we", "us") collects, uses, and

shares personal information when you use the Service. For community data,

Commonwell acts as a processor on behalf of each community (the

"controller"); the community decides what data to collect and why.

1. Information we collect

dues and payment records you or your community create.

payout status). We do not store full card or bank account numbers.

to operate, secure, and debug the Service.

2. How we use information

To provide and maintain the Service; process dues and vendor payments; send

transactional and community communications; secure the Service and prevent

abuse; comply with legal obligations; and improve the product.

3. How we share information

cloud infrastructure provider (hosting, email, storage, database), Twilio

(optional SMS), Intuit/QuickBooks (optional accounting sync). Each processes

data only to provide its service.

within that community.

4. Data retention

We retain personal data for as long as your community account is active and as

needed to provide the Service, then delete or anonymize it, subject to legal and

financial-record retention requirements (e.g., payment/ledger history).

5. Your rights (GDPR / CCPA)

Depending on where you live, you may have rights to access, correct, export, or

delete your personal data, and to object to or restrict certain processing. To

exercise these rights, contact privacy@commonwell.app or your community

administrator. We will respond within the timeframe required by applicable law.

California residents have the rights described in the CCPA, including the right

not to be discriminated against for exercising them.

6. Security

We use encryption in transit, hashed credentials, scoped access, and audit

logging. Payment card data is handled solely by our PCI DSS Level 1 payment

processor. See our Security & PCI page for details.

7. International transfers

The Service runs on a global edge network. Where data is transferred

across borders, we rely on appropriate safeguards as required by law.

8. Children

The Service is not directed to children under 16 and we do not knowingly collect

their personal information.

9. Changes

We may update this Policy; material changes will be notified. The "last updated"

date above reflects the current version.

10. Contact

privacy@commonwell.app