NCS Nossa Comunidade Sustentável

Privacy and data protection

Privacy policy

This policy explains how personal data is handled on the website, cockpit, and CS Hub application.

Last updated: July 12, 2026

Who processes the data

The organization operating each CS Hub instance is the controller for its members, volunteers, beneficiaries, donors, and other audiences. NCS is responsible for data processed by this public instance.

Data we process

We process only the data needed for authentication, membership management, community activities, contact, volunteering, donations, transparency, and operational security.

  • Identity and contact data, such as name and email address.
  • Participation data, permissions, activity records, and audit logs.
  • Financial and receipt data when a person uses a donation feature.
  • Minimum technical data for security, sessions, diagnostics, and authorized notifications.

Purposes and legal grounds

Data is used to provide requested services, perform membership or contractual relationships, comply with legal duties, protect rights, and maintain security. Where required by law, processing relies on consent that can be withdrawn.

App notifications and diagnostics

Push notifications remain disabled until operational configuration and device permission are present. When enabled, the server receives a technical device token and sends generic priority alerts without names, documents, email addresses, or free-form content.

Crash diagnostics are also disabled by default. When configured, identity, messages, requests, context, and navigation breadcrumbs are removed before an event is sent to the provider.

Sharing and transfers

Data may be processed by strictly necessary hosting, storage, authentication, payment, email, notification, and diagnostic suppliers under contract and access controls. International transfers, when applicable, use safeguards required by Brazilian data protection law.

Retention and security

We retain data for the purposes described, legal duties, and the defense of rights. Inactive device tokens are removed under a configurable policy. We apply access control, audit trails, encryption in transit, minimization, and review routines.

Your rights

You may request confirmation, access, correction, anonymization, blocking, deletion when applicable, portability, sharing information, and review of automated decisions. You may also petition the Brazilian data protection authority.

Children and adolescents

Their data is processed in their best interests and with required authorizations. Educational features must avoid unnecessary collection and public identification.

Changes to this policy

Material changes will be published at this stable URL with an updated date above.

Confirmation

Confirm this action