Overview
VolVibe operates a corporate volunteering and CSR management platform. This policy explains what personal data we collect, why we collect it, how we protect it, and what rights you have over it.
We operate in compliance with India's Digital Personal Data Protection Act 2023 (DPDPA) and applicable data protection laws in the jurisdictions we serve.
If your organisation has deployed VolVibe on its own cloud or on-premises, your organisation is the primary data controller for all employee data in that deployment. This policy applies primarily to organisations on VolVibe Cloud.
Data We Collect
Identity and Account Data
- Name, email address, and job title
- Employee ID (if provided by your organisation)
- Password (stored as a one-way cryptographic hash; we never store it in plain text)
- Profile information and role within the platform
Organisational Data
- Company name and corporate entity affiliation
- Department and team (if configured by your administrator)
- Access roles and permissions assigned by your organisation
Volunteering Activity
- Events you have registered for or attended
- Attendance records, including check-in timestamps and method (QR code or confirmation code)
- Volunteer hours, per event and cumulative
- Enrolment history and cancellations
CSR and Project Data
- Projects your organisation has created or you are associated with
- Milestone updates and progress records
- Documents uploaded against CSR projects
- SDG categories assigned to projects
Financial Data (Administrators Only)
- CSR budget allocations by entity
- Event, project, administrative, and emergency spend records
- Budget utilisation data and audit trails
Technical Data
- IP address and approximate location (country or city level)
- Browser type and operating system
- Session identifiers and authentication tokens
- Pages visited, features used, and action timestamps
- Error logs for diagnosing technical issues
How We Use It
- Running the service: Creating accounts, enabling event management, tracking attendance, managing projects and budgets, and producing reports.
- Notifications: Sending reminders for events you are enrolled in and platform updates. You can manage this in your notification preferences.
- Security: Detecting and preventing unauthorised access and abuse.
- Product improvement: Understanding how the platform is used in aggregate, without identifying individual users, to improve features.
- Legal compliance: Meeting obligations under applicable law and maintaining audit records.
We do not use your data to train machine learning models, run advertising, or sell your information to third parties.
Data Sharing
Within Your Organisation
Administrators can see data about the people they manage, consistent with the roles your organisation has configured. VolVibe enforces role-based access so each user sees only what their role permits.
Service Providers
We share data with third-party providers who help us operate the platform, including cloud infrastructure, email delivery, and monitoring. All are bound by data processing agreements and cannot use your data for their own purposes.
Legal Requirements
We may disclose data when required by law, court order, or a lawful government request, or when we believe disclosure is necessary to protect rights or safety.
Business Transfers
If VolVibe is acquired or merged, data may transfer as part of the transaction. We will notify affected organisations before any such transfer and explain what changes.
What We Do Not Do
We do not sell, rent, or trade your data to third parties for any purpose.
Deployment Models
VolVibe Cloud
All data is stored on infrastructure managed by VolVibe. We act as the data processor; your organisation is the data controller. Data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher). Automated backups are retained for 30 days.
Your Cloud
VolVibe is deployed into your organisation's own cloud account (AWS, Azure, or GCP). Your organisation owns the infrastructure. We do not have routine access to your data. Any access for support requires explicit written authorisation from your designated contact.
On-Premises
VolVibe runs on your own servers. Your organisation has full physical and logical control. We have no access to your data in this model. Backups, disaster recovery, and retention are entirely your responsibility.
Security
- Encryption at rest: All PII is encrypted at rest, including names and email addresses.
- Encryption in transit: All data between your browser and our servers travels over TLS.
- Password handling: Passwords are hashed using a strong one-way algorithm. We do not store plain text passwords.
- Access control: Role-based permissions restrict what each user can see and do.
- Audit logs: Every significant action is logged with a timestamp and user identity. Logs are immutable.
- Sessions: Authentication tokens expire after inactivity and are invalidated on logout.
No system is completely immune to attack. If you suspect unauthorised access to your account, contact us immediately at support@volvibe.com.
Retention
We keep personal data for as long as your organisation's account is active. When an account is terminated:
- Data is retained for 90 days so your organisation can export records.
- After that window, all personal data is deleted, except where law requires longer retention (for example, financial records for tax compliance).
- Anonymised, aggregate data with no identifying information may be retained indefinitely for analytics.
When an individual employee account is deactivated by an administrator, their personal data is removed from active systems promptly. Activity records may be retained in anonymised form.
Your Rights
Under India's DPDPA 2023 and applicable laws, you have the right to:
- Access the personal data we hold about you.
- Correction of inaccurate or incomplete data.
- Erasure of your personal data, subject to legal retention obligations.
- Data portability in a structured, machine-readable format.
- Withdraw consent where processing is based on consent.
- Grievance redressal through our support team, and if unsatisfied, through the Data Protection Board of India.
Contact your VolVibe administrator first, as they manage your account. You can also reach us directly at support@volvibe.com.
Cookies
We use cookies and local storage only for the following:
- Authentication: Keeping you logged in. These cannot be disabled without breaking the service.
- Session state: Temporary cookies that expire when you close the browser.
- Preferences: Storing your in-app settings such as selected entity or display preferences.
We do not use advertising trackers, third-party analytics pixels, or any technology that shares your data with ad networks.
Children
VolVibe is a business platform for adults. We do not knowingly collect personal data from anyone under 18. If you believe a minor's data has been entered, contact us at support@volvibe.com and we will remove it promptly.
Changes
We may update this policy. When we make material changes, we will notify your organisation's administrator by email and update the date at the top of this page. Continued use after the effective date means you accept the updated policy.