Privacy Policy

We collect information you provide directly and information generated by your use of the platform:

• Account information — your name, email address, and password (stored as a secure hash) when you register.
• Volunteer profile — your display name, bio, city, skills, cause preferences, and optional profile photo.
• Location data — your approximate location (latitude/longitude) if you enable location-based matching. This is derived from the city or address you provide and is not collected via GPS.
• Shift activity — shifts you sign up for, attendance records, hours logged, and any reviews you leave or receive.
• Uploaded files — profile photos and org logos stored on Cloudflare R2.
• Messages — in-platform messages between volunteers and organizations.
• Organization information — org name, EIN, mission statement, address, and billing information (handled by Stripe; we do not store card numbers).
• Usage data — pages visited, features used, and error logs. This is used for debugging and product improvement only.

• To operate the platform — creating accounts, matching volunteers with shifts, sending confirmations and reminders.
• To calculate and display your volunteer hours and reliability metrics.
• To send transactional emails (signup confirmations, shift reminders, password resets) via Resend.
• To process subscription billing for organizations via Stripe.
• To improve the platform — analysing usage patterns to fix bugs and prioritise features.
• To enforce our Terms of Service and protect platform integrity.

We do not use your data for advertising. We do not sell or rent your personal data to third parties.

Your data is stored in the following systems:

• Database — Neon Postgres (US region). All data is encrypted at rest and in transit.
• File storage — Cloudflare R2 for uploaded images (profile photos, org logos).
• Hosting — Cloudflare Workers (global edge network). All connections are HTTPS only.

We follow industry-standard practices to protect your data, including encrypted connections, access controls, and regular security reviews. However, no system is 100% secure — please use a strong, unique password and contact us immediately if you suspect unauthorised access to your account.

Seedling uses the following third-party services, each of which has its own privacy policy:

• Auth.js / NextAuth — session management. Session tokens are stored as secure HTTP-only cookies.
• Google OAuth — optional "Sign in with Google" authentication. If you use this, Google may receive your IP address and browser information per their privacy policy.
• Stripe — payment processing for organisation subscriptions. Stripe receives billing details directly; Seedling stores only a Stripe customer ID.
• Resend — transactional email delivery. Your email address is shared with Resend solely for the purpose of delivering emails you have requested (confirmations, reminders, etc.).
• Cloudflare — hosting and CDN. Cloudflare processes network traffic data per their privacy policy.

Seedling uses only functional cookies — no advertising or tracking cookies.

• Session cookie — set by NextAuth to keep you signed in. Expires when you sign out or after a period of inactivity.
• cookie_consent — records your response to the cookie consent banner. Expires after 1 year.

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking or advertising cookies.

You have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — update or correct inaccurate information via your profile settings at any time.
• Deletion — request deletion of your account and associated personal data. Hours logs may be retained in anonymised form for up to 3 years for platform integrity purposes.
• Portability — request an export of your data in a common format.

To exercise any of these rights, please contact us. We will respond within 30 days.

• Account data and profile information are retained while your account is active.
• Upon account deletion, personal data is removed within 30 days.
• Volunteer hours logs may be retained in anonymised form for up to 3 years to maintain platform integrity and historical reporting.
• Billing records are retained as required by law (typically 7 years).

Seedling is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete the account promptly.

We may update this Privacy Policy from time to time. For material changes — changes that significantly affect how we use your data — we will notify registered users by email at least 14 days before the change takes effect. The "Last updated" date at the top of this page always reflects the most recent revision.

Questions about this Privacy Policy or your data? Contact us via our feedback form.