Last updated: June 2026
HelpSync ("we", "us") provides volunteer scheduling software to nonprofits and community organizations. This policy explains, in plain language, what data we handle, why, and your choices. We've tried to keep it honest and specific to how the product actually works.
When your organization uses HelpSync, your organization is the data controller of the volunteer information it enters, and we are the processor that stores and serves it on your behalf. Your organization decides what to collect and is responsible for telling its volunteers how their information is used.
| Data | Why |
|---|---|
| Organization admin name & email | To create your account, send login details, and contact you about your service. |
| Volunteer details your organization enters (names, emails, team roles, availability, blackout dates, qualifications/credentials) | To build and manage the schedule. This is entered and controlled by your organization. |
| Login credentials | Passwords are stored only as salted hashes — we never see or store them in plain text. Optional email two-factor is available. |
| Payment information | Handled entirely by Stripe. We never receive or store your card number — only a Stripe customer ID and your subscription status. |
| Basic technical logs | Server logs (timestamps, error messages) for reliability and security. We do not run third-party advertising or analytics trackers. |
Organizations may schedule volunteers who are minors, or store safeguarding-related qualifications. HelpSync does not knowingly collect information directly from children — any such data is entered by your organization's administrators, who are responsible for obtaining appropriate consent. We treat all volunteer data as sensitive and isolate it per organization (see Security below).
Your organization's data is logically separated and tagged to your organization; access is enforced by database-level security rules and an application gateway, so your information is never exposed to another organization. Data is hosted on Oracle Cloud Infrastructure. Backups are encrypted at rest (AES-256), transferred over an encrypted private network, and stored on our own private off-site server. Connections are encrypted in transit (TLS), and administrative access is over a private encrypted network.
We do not sell your data, ever. We share data only with the service providers required to run HelpSync:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing & subscription billing |
| Resend | Sending email (login details, reminders, notifications) |
| Cloudflare | DNS, TLS, and secure traffic routing |
| Oracle Cloud | Application & database hosting |
We email you operational messages: your login details, password resets, volunteer reminders, and substitute requests your organization sends. Reminder timing and templates are controlled by your organization. We don't send marketing email to your volunteers.
Admins can export a full copy of their organization's data (people, schedules, settings) as a JSON file at any time, from the Admin area. If you cancel, you can export before your data is removed.
We keep your data for as long as your organization has an active account. If you cancel, your live data is removed after your access ends; encrypted backups age out of rotation within 30 days. You can request immediate deletion by emailing us.
Per-organization data isolation enforced by database-level rules and an application gateway, hashed passwords, optional email two-factor authentication, encrypted off-site backups, and encrypted transport. No system is perfectly secure, but we design so one organization's users cannot access another's data.
You may ask us to access, correct, export, or delete your data. Volunteers should direct such requests to their organization's administrator first (the organization controls the data); we will assist the organization in fulfilling them.
If we make material changes to this policy, we'll update the date above and notify organization admins by email.
Questions or requests: [email protected]