Legal

Privacy Policy

Effective date: June 1, 2026  ·  Last updated:

Contents
1. Overview 2. Information We Collect 3. How We Use Information 4. Sharing & Disclosure 5. Data Retention 6. Security 7. Your Rights 8. Cookies 9. Children 10. International Transfers 11. Changes to This Policy 12. Contact
Plain-language summary: OrgHubs is a software platform for community organizations. We collect information that administrators provide when setting up their account and that members provide when using the platform. We use it to operate the service, process payments, and communicate with you. We don't sell your data. Period.

1. Overview

OrgHubs ("OrgHubs," "we," "us," or "our") provides an all-in-one management platform for volunteer-run community organizations. This Privacy Policy explains how we collect, use, and protect information when you use our website at orghubs.com and our platform (collectively, the "Services").

This policy applies to:

  • Organization Administrators — individuals who create and manage an OrgHubs account on behalf of their organization.
  • Members — individuals whose information is stored in an organization's OrgHubs account, who log in to the member portal, or who register for events.
  • Visitors — anyone who visits orghubs.com or an organization's public-facing OrgHubs website.

By using OrgHubs, you agree to the practices described in this policy.

2. Information We Collect

2.1 Information you provide directly

  • Account registration: Organization name, your name, email address, and plan selection when signing up.
  • Organization configuration: Logo, branding, dues structures, event details, and other settings entered by administrators.
  • Member records: Names, email addresses, phone numbers, family information, membership tier, and custom fields added by the organization's administrators or by members themselves through the portal.
  • Event registrations: Registration details submitted by members when signing up for events.
  • Payments: When payments are processed, your payment method details are handled directly by Stripe, our payment processor. OrgHubs does not store full credit card numbers or bank account details.
  • Contact form submissions: Messages submitted through contact forms on orghubs.com or an organization's public site.

2.2 Information collected automatically

  • Log data: IP addresses, browser type, pages visited, time and date of access, and referring URLs when you use the Services.
  • Device data: Device type and operating system, inferred from your browser's user-agent string.
  • Cookies and local storage: Session identifiers and preference data (see Section 8).

2.3 Information from third parties

  • Stripe: Transaction status and payment confirmation data returned by Stripe after payment processing.
  • Cloudflare Turnstile: CAPTCHA challenge results used to protect contact forms from spam.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, and improve the OrgHubs platform and Services.
  • Process payments and manage subscription billing.
  • Send transactional emails — account confirmations, OTP login codes, event registration confirmations, dues receipts, and similar notifications.
  • Respond to support requests and contact form submissions.
  • Enforce our Terms of Service and protect against fraud, abuse, and security threats.
  • Analyze platform usage at an aggregate level to improve features (we do not use individual behavioral data for targeted advertising).
  • Comply with legal obligations.

We use Gemini AI (Google) to power optional AI features such as receipt scanning, email drafting, directory search, and org insights. When you use these features, relevant data (such as receipt images or member field descriptions) is transmitted to Google's Gemini API for processing and is not retained by Google for model training under our enterprise service agreement.

4. Sharing & Disclosure

We do not sell your personal information. We share information only in the following circumstances:

  • Service providers: We share data with trusted third-party vendors who operate under data processing agreements: Google Firebase (database and authentication), Stripe (payments), SendGrid (transactional email), Google Gemini (AI features), and Cloudflare (CAPTCHA and hosting). Each provider is contractually prohibited from using your data for their own purposes.
  • Within your organization: Administrators of your organization can view and manage member records within their OrgHubs account. They are responsible for appropriate use of that data under their own obligations to their members.
  • Legal requirements: We may disclose information if required by law, court order, or regulatory authority, or to protect the rights, property, or safety of OrgHubs, our users, or the public.
  • Business transfers: If OrgHubs is acquired or merged, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.

5. Data Retention

We retain your information for as long as your account is active or as necessary to provide the Services. If you cancel your account:

  • Your organization's data (member records, events, financial records) is retained for 90 days after cancellation, after which it is permanently deleted from our systems.
  • You can request immediate deletion at any time by emailing our contact form.
  • We may retain anonymized aggregate data (e.g., aggregate usage statistics) indefinitely for product improvement purposes.
  • Stripe retains transaction records per their own retention policies and legal obligations.

6. Security

We implement industry-standard security measures to protect your information:

  • All data is transmitted over HTTPS/TLS encryption.
  • Data at rest is stored in Google Firebase, which is encrypted at the storage layer.
  • Access to production systems is restricted to OrgHubs team members on a need-to-know basis.
  • Authentication uses OTP (one-time password) email codes — we do not store passwords.
  • Payment processing is handled entirely by Stripe (PCI-DSS Level 1 certified). OrgHubs never handles raw card data.

No method of transmission or storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you promptly as required by applicable law.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information. Members can also update their own information through the member portal.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection / Restriction: Object to or request restriction of certain processing activities.
  • California residents (CCPA): You have the right to know what personal information is collected about you, the right to delete it, the right to opt-out of its sale (we do not sell personal information), and the right to non-discrimination for exercising these rights.
  • EU/EEA/UK residents (GDPR): You have rights under the General Data Protection Regulation, including the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at our contact form. We will respond within 30 days.

8. Cookies & Tracking

OrgHubs uses a minimal set of cookies and browser storage:

  • Session cookies: Used to keep you logged in to the admin dashboard or member portal during a session. These are deleted when you close your browser.
  • Preference storage: Local storage is used to remember UI preferences (e.g., selected filters) across sessions. This data never leaves your device.
  • Third-party scripts: Cloudflare Turnstile uses cookies or local storage to perform bot detection on contact forms. This data is governed by Cloudflare's Privacy Policy.

We do not use analytics trackers (e.g., Google Analytics), advertising pixels, or cross-site tracking cookies on orghubs.com or the platform.

9. Children's Privacy

OrgHubs is a platform for organizations, not for individual consumer use by minors. Organizations may store member records for minor members (e.g., children enrolled in a family membership). This data is managed by the organization's administrators and is never used by OrgHubs for any purpose other than operating the Service for that organization.

We do not knowingly collect personal information directly from children under 13 without verifiable parental consent. If you believe a child's information has been submitted without consent, contact us at our contact form and we will promptly delete it.

10. International Data Transfers

OrgHubs is operated in the United States. Our infrastructure (Firebase, Stripe, SendGrid) is primarily hosted in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.

For users in the EU/EEA, such transfers are made subject to appropriate safeguards, including Standard Contractual Clauses (SCCs) where required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If we make material changes that significantly affect your rights, we will notify you by email (to the address on your account) at least 14 days before the changes take effect.

Your continued use of the Services after changes take effect constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

OrgHubs
Contact: orghubs.com/contact
Website: orghubs.com
We respond to privacy requests within 30 days as required by law.

This Privacy Policy was last updated on . Previous versions are available upon request.