← Home
How it worksPM & boardsSign in

Privacy Policy

Last updated: May 9, 2026  |  Operator: MyCommons (“we”, “us”, “our”)

This policy is provided for transparency and general business purposes. It is not tailored to every jurisdiction or use case. If you need legal advice, consult qualified counsel.

1. Scope

This Privacy Policy describes how we collect, use, disclose, store, and protect information when you use our websites, applications, and related services (collectively, the “Services”). By using the Services, you acknowledge this policy. If you do not agree, do not use the Services.

2. Information we collect

We may collect the following categories of information, depending on how you use the Services:

  • Account and profile data — such as name, email address, nickname, profile photo, authentication identifiers, community memberships, roles, and preferences you provide or that are assigned by your organization.
  • Community and operational content — content you submit in connection with communities you belong to (for example posts, messages, documents, tickets, RSVPs, and similar records), and metadata such as timestamps and device/browser type where logged.
  • Technical and usage data — IP address, approximate location derived from IP, cookies and similar technologies, pages viewed, diagnostics, and error logs used to operate and secure the Services.
  • Communications — messages you send to us (for example support requests) and transactional emails or notifications related to your account or communities.

3. How we use information

We use information for purposes including:

  • Providing, operating, maintaining, and improving the Services;
  • Authenticating users, enforcing access controls, and preventing fraud or abuse;
  • Facilitating multi-tenant community features you or your organization configure;
  • Sending service-related and transactional communications;
  • Complying with law, responding to lawful requests, and protecting rights and safety;
  • Aggregated or de-identified analytics where permitted.

4. Cookies and similar technologies

We use cookies, local storage, and similar technologies for essential functions (such as session and security), to remember preferences (such as theme), and — only if you opt in via our cookie banner — for optional product analytics.

Your choice is stored in a first-party cookie named mycommons_cookie_consent. “Necessary only” limits non-essential tracking; “Accept all” may enable optional analytics as described in the banner.

5. Sale of personal information

We do not sell your personal information and we do not share it with third parties for cross-context behavioral advertising as a “sale” or “sharing” under U.S. state privacy laws where those concepts apply.

We may use subprocessors (listed below) strictly to operate the Services — for example hosting, authentication, email delivery, and optional analytics — under contractual and technical safeguards, not for independent marketing of your personal data by those vendors for their own purposes.

6. Disclosure of information

We may disclose information:

  • Service providers / subprocessors who assist us (for example cloud hosting, database and authentication, storage, email delivery, analytics if enabled, and error monitoring), subject to confidentiality and processing terms;
  • Community administrators and authorized users within the scope of a community you join, as permitted by product design and your organization’s policies;
  • Legal and safety when required by law, legal process, or to protect the rights, property, or safety of us, our users, or the public;
  • Business transfers in connection with a merger, acquisition, financing, or sale of assets, where information may transfer as part of that transaction with appropriate safeguards and notice as required by law.

7. Data retention

We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may differ by data category and by whether an organization or user deletes content or closes an account. Some residual copies may persist in backups for a limited period.

8. Security

We implement administrative, technical, and organizational measures designed to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Your choices and rights

Depending on your location, you may have rights to access, correct, delete, or export certain information, or to object to or restrict certain processing. You may exercise controls available in the product (such as profile and notification settings) where offered. You may also contact us using the details below. We may need to verify your request as permitted by law.

10. Children

The Services are not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps.

11. International transfers

We may process and store information in the United States and other countries where we or our service providers operate. Those countries may have different data protection laws than your own. Where required, we use appropriate safeguards for cross-border transfers.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date. Material changes may be communicated through the Services or by other reasonable means where appropriate.

13. Contact

Questions about this policy or our privacy practices: support@mycommons.app.