Privacy Policy

Last updated: Feb 2026

This Privacy Policy explains how One-All Appcraft (“we”, “us”, or “our”) collects, uses, stores, and protects information when you use our platform, including our website, mobile applications, and related services (collectively, the “Service”).

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

1. Overview of how CommuneHQ works

CommuneHQ is designed as an organization-based, multi-tenant platform. Each organization (“Organization”) has its own private space within the Service. Access to an Organization’s content is restricted to approved users whose email addresses have been authorized by that Organization’s administrators.

• Organization-scoped access: Users can only view and interact with content that belongs to the Organization(s) they are a member of.
• Approved email access: Only users with approved email addresses (as determined by the Organization’s admins) can access that Organization’s information.
• Admin control: Organization admins manage membership, invitations, and removal of users from their Organization.

2. Information we collect

2.1 Information you provide to us

• Account information: When you create an account or are invited to an Organization, we may collect your name, email address, password (or authentication token), and related profile details.
• Organization membership: We store which Organization(s) you belong to, your role (e.g., admin, member), and any related permissions.
• Content you submit: This includes events, bulletins, referrals, comments, messages, uploaded files, and any other information you choose to share within your Organization.
• Support communications: If you contact us for support, we may collect your email address, message content, and any additional information you choose to provide.

2.2 Information we collect automatically

• Usage data: We may collect information about how you access and use the Service, such as pages viewed, features used, timestamps, and interactions with content.
• Device and technical data: We may collect information about the device and software you use to access the Service, such as device type, operating system, app version, browser type, IP address, and other technical identifiers.
• Cookies and similar technologies: We may use cookies or similar technologies to maintain sessions, remember preferences, and understand usage patterns.

2.3 Information from third parties

• Authentication providers: If you sign in using a third-party provider (such as a single sign-on or identity provider), we may receive basic profile information and identifiers necessary to authenticate you.
• Organization administrators: Admins may provide your email address or other basic information to invite you to their Organization.

3. How we use your information

We use the information we collect for the following purposes:

• To provide and maintain the Service: Including creating and managing user accounts, Organizations, and content.
• To enforce organization-scoped access: Ensuring that users can only access data belonging to the Organization(s) they are approved to join.
• To communicate with you: Sending notifications, updates, reminders, and administrative messages related to your Organization(s) and account.
• To improve the Service: Analyzing usage patterns to enhance features, performance, and user experience.
• To maintain security: Detecting, preventing, and responding to potential security incidents, abuse, or violations of our terms.
• To comply with legal obligations: Responding to lawful requests, enforcing our agreements, and meeting regulatory requirements.

4. Organization-based access and approved email users

4.1 Organization-scoped data

CommuneHQ is built so that each Organization’s data is logically separated. Your access to content is determined by your membership in one or more Organizations.

• Scoped access: You only see events, bulletins, referrals, and other content that belong to the Organization(s) you are a member of.
• No cross-organization browsing: You cannot browse or search data from Organizations you are not a member of.
• Admin-managed membership: Organization admins control who is invited, approved, or removed from their Organization.

4.2 Approved email access

Access to an Organization is typically based on your email address and the decisions of that Organization’s admins.

• Invitations: Admins may invite users by email. Only invited or otherwise approved email addresses can join that Organization.
• Verification: We may verify that you control the email address used to access the Service (for example, via login links or authentication flows).
• Revocation: If an admin removes your access, you will no longer be able to view or interact with that Organization’s content.

5. How we store and protect your data

5.1 Data storage

• Cloud infrastructure: We store data using reputable cloud service providers and managed databases.
• Organization scoping: Data is stored with explicit references to the Organization it belongs to, and our application logic enforces that users only access data for their Organization(s).
• Backups: We may maintain backups for reliability, disaster recovery, and continuity of service.

5.2 Security measures

• Access controls: Access to production systems is restricted to authorized personnel and protected by authentication and security best practices.
• Transport security: Where possible, data is transmitted using secure protocols (such as HTTPS) to protect it in transit.
• Application-level protections: We implement checks to ensure that users can only access data associated with their Organization(s) and approved accounts.

While we take reasonable measures to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining and improving our safeguards over time.

6. How we share your information

We do not sell your personal information. We may share information in the following situations:

• Within your Organization: Your name, email, and content you submit may be visible to other members of the same Organization, depending on your role and the features used.
• Service providers: We may share limited information with third-party vendors who help us operate the Service (for example, hosting providers, analytics tools, or notification services).
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Protection of rights: We may disclose information to enforce our terms, protect our rights, privacy, safety, or property, or that of our users or the public.

7. Notifications and communication

The Service may send notifications related to your Organization(s), such as new events, updates, or other relevant activity.

• Organization-based notifications: Notifications are typically scoped to the Organization(s) you belong to.
• Delivery channels: Notifications may be delivered via in-app messages, push notifications, or email, depending on your settings and platform capabilities.
• Managing notifications: You may be able to adjust notification preferences in your device settings or within the Service, where available.

8. Data retention

We retain your information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

• Organization content: Content you create within an Organization (such as events or posts) may remain visible to that Organization’s members even if your individual account is deactivated, subject to the Organization’s policies.
• Backups and logs: Some data may persist in backups or logs for a limited period, even after it is removed from active systems.

9. Your choices and rights

9.1 Access and updates

You may be able to view and update certain account information directly within the Service, such as your name, email address, or profile details.

9.2 Organization membership

If you have questions about your membership in a particular Organization, including access or removal, you may need to contact that Organization’s administrator, as they control membership and roles.

9.3 “Delete my account” option on the main homepage

We provide a “Delete my account” option accessible from the main homepage (or equivalent entry point in the app). This option is intended to give you a clear and direct way to request deletion of your personal account.

• What happens when you request deletion: We will begin the process of deactivating and deleting your account from our active systems, subject to any legal or operational requirements.
• Organization content: Content you created within an Organization (such as events, posts, or messages) may remain available to that Organization’s members, as it may be considered part of the Organization’s records.
• Verification: We may require you to confirm your identity or complete a verification step before processing the deletion request.

If you are unable to use the “Delete my account” option or have questions about the process, you may contact us using the information provided in the “Contact us” section below.

10. Children’s privacy

The Service is not intended for use by children under the age of 13 (or the minimum age in your jurisdiction that requires parental consent). We do not knowingly collect personal information from children under this age. If we become aware that we have collected such information, we will take steps to delete it.

11. International data transfers

Depending on your location and the location of our service providers, your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws than your jurisdiction. We take steps to ensure that appropriate safeguards are in place when transferring data across borders.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. In some cases, we may provide additional notice (such as a banner, email, or in-app message).

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

13. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your information, you may contact us at:

Email: oneall.appcraft@gmail.com
Subject line: “CommuneHQ Privacy Inquiry”

Please include enough detail for us to understand your request, and we will do our best to respond within a reasonable time.