We understand that when it comes to political and social campaigns, the privacy and security of supporter data is paramount.
This privacy and security policy outlines how SupporterBase gathers and uses data, with whom it is shared, and the rights of users and supporters.
SupporterBase will never sell your data or use it for advertising purposes. SupporterBase only collects, organises and displays personal supporter data on behalf of client organisations, for the purpose of providing a platform for distributed, volunteer-led organising.
Exact privacy and security policies will vary across organisations that use SupporterBase to engage with their local volunteers. However, our default position has been to design a product that caters to the highest levels of data protection, including compliance with GDPR requirements.
The type of personal data collected and accessible to SupporterBase clients
We have taken a “privacy by design” approach, so that only those pieces of personal supporter data which are absolutely crucial for community organisers to do their jobs are displayed within SupporterBase, while also being subject to tiered levels of access by users. You can find a description of which SupporterBase users can access what type of supporter data here.
Data ownership and deletion of data
SupporterBase client organisations should ensure supporters have ownership of their own data, and are able to correct and/or erase their data on request. SupporterBase provides for this, and more details can be found at the following support articles:
- The right of supporters to access and correct their own data
- The right of supporters to have their data erased
The right to be informed
We believe all supporters have the right to know how their information will be used, and where it will be kept, as well as being afforded the opportunity to provide genuine consent to their data being collected, stored and used.
The following article sets out in detail how SupporterBase helps client organisations obtain genuine consent from supporters, as well as manage their data in a way that accurately reflects their wishes.
All supporter data is hosted and processed according to strict data protection principles, in alignment with GDPR and the EU-US Privacy Shield Framework. For further information, you can read about:
- Data hosting and server locations
- How data transfers are handled for EU clients
- The subprocessors we work with to deliver SupporterBase
Security
We take security very seriously and offer the same level of protection as NationBuilder with respect to maintaining a completely separate database for each SupporterBase customer (not simply separate partitions) and by powering the login process through encrypted passwords.
Within SupporterBase, you can also enable Two-Factor Authentication for logins, and make it mandatory for all users for added security.
Personnel
Only a small team of SupporterBase staff are able to create and access customer versions of SupporterBase. This access is solely for the purpose of providing technical support and account management services. All staff are required to adhere to appropriate security practices, and are subject to confidentiality agreements.
Changes
We will always maintain the overriding principle that we will not sell or rent any information you share with us. However, we may change other aspects of this policy, in order to continually evolve and improve security and privacy for SupporterBase users. Any amended policy is effective upon posting to this website, and we’ll make every effort to tell you about these changes via email or through the site.
If you have any questions or concerns, please contact us: [email protected].