Last updated: July 12, 2026
Who processes the data
The organization operating each CS Hub instance is the controller for its members, volunteers, beneficiaries, donors, and other audiences. NCS is responsible for data processed by this public instance.
Data we process
We process only the data needed for authentication, membership management, community activities, contact, volunteering, donations, transparency, and operational security.
- Identity and contact data, such as name and email address.
- Participation data, permissions, activity records, and audit logs.
- Financial and receipt data when a person uses a donation feature.
- Minimum technical data for security, sessions, diagnostics, and authorized notifications.
Purposes and legal grounds
Data is used to provide requested services, perform membership or contractual relationships, comply with legal duties, protect rights, and maintain security. Where required by law, processing relies on consent that can be withdrawn.
App notifications and diagnostics
Push notifications remain disabled until operational configuration and device permission are present. When enabled, the server receives a technical device token and sends generic priority alerts without names, documents, email addresses, or free-form content.
Crash diagnostics are also disabled by default. When configured, identity, messages, requests, context, and navigation breadcrumbs are removed before an event is sent to the provider.
Sharing and transfers
Data may be processed by strictly necessary hosting, storage, authentication, payment, email, notification, and diagnostic suppliers under contract and access controls. International transfers, when applicable, use safeguards required by Brazilian data protection law.
Retention and security
We retain data for the purposes described, legal duties, and the defense of rights. Inactive device tokens are removed under a configurable policy. We apply access control, audit trails, encryption in transit, minimization, and review routines.
Your rights
You may request confirmation, access, correction, anonymization, blocking, deletion when applicable, portability, sharing information, and review of automated decisions. You may also petition the Brazilian data protection authority.
Children and adolescents
Their data is processed in their best interests and with required authorizations. Educational features must avoid unnecessary collection and public identification.
Changes to this policy
Material changes will be published at this stable URL with an updated date above.