PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
What personal information do we collect?
This document refers to different categories of information as follows. An asterisk (*) indicates required information.
- Contact info: Name *, unit number *, email address *, phone number, preferred contact method
- Profile photo
- Personal info: Birthdate (with or without year), gender pronouns, Google account ID, join date, vehicle make, model, and color, garage number, emergency contacts, allergies, doctor info, medical conditions, names of people with keys to unit, pet information
- Account info: Meals charges, late fees, credit limit, account balance
- Contact info: Name *, unit number *, email address, phone number, preferred contact method
- Profile photo
- Personal info: Birthdate (with or without year), gender pronouns, join date, school name, allergies, doctor info, medical conditions
When do we collect information?
When you register with the system or update your information via the system.
How do we use your information?
- To personalize your experience.
- To foster community by allowing people to recognize and contact each other easily.
- To allow emergency information (emergency contacts, doctor and medical info, people with keys to unit, school info) to be found when needed.
- To facilitate caring for each others pets during absences.
- To send useful, community-related notifications.
What information is shared with third parties, and who are the third parties?
- Your contact info is shared with members of your community and with other communities in your cluster (if any).
- A cluster is a group of closely affiliated communities. If there are other communities in your cluster, you will already know who they are.
- Your profile photo is shared with the same people as your contact info, unless you specify otherwise in your profile.
- Your personal info is shared only with the members of your community.
- Your account info is shared only with those who manage accounts ("billers").
- Your children's profile photo, contact info, and personal info are shared only with the members of your community.
- In addition to the above, special users called "cluster administrators" and "super administrators" can see all the above information. There are very few such people and they only access your information as needed to administer the system.
- We do not share any of your information with anyone other than the above.
How do we protect your information?
- All communication with the site is encrypted via HTTPS.
- All system data is stored in state of the art facilities.
- Access to system servers is protected by public key encryption and only a small number of qualified personnel have access.
- We use a detailed series of automated tests to ensure that sharing settings are implemented as described above.
Do we use "cookies"?
A cookie is used to store a secret key that proves you have signed into the system. This is how your "session" is maintained as you use the system. This is a standard and very common procedure with web applications.
If you disable cookies you will not be able to use the system.
We use a tool called “Google Analytics” to collect information about use of this site. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve this site.
Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information.
Google Drive/Google Workspace
In Gather, Community administrators can choose to connect Gather to Google Drive/Google Workspace, the popular file storage and collaboration suite. Specifically, administrators can choose to grant read, write, and delete access for Gather to one or more "Shared Drives". Gather can then read, write, and delete any and all files in said Shared Drive. Gather uses, or has plans to use, this access for the following purposes only:
- Showing listings (within Gather) of the files in the Shared Drive
- Creating files within the Shared Drive to support certain Gather functionality, such as starting a document for community meeting minutes or proposals
- Displaying search results using the Google Drive search API
- Granting permissions on the Shared Drive and items within it to members of the community
Gather also supports communities that have a quantity of files in a "standard" (unpaid) Google Drive folder (not associated with a paid Google Workspace and Shared Drive) in "migrating" those files into a paid Shared Drive. Migrating files in this way centralizes ownership of the files, simplifies permission management, and removes the risk of accidental file deletion by individuals who leave the community.
If a community opts into this migration functionality, they must grant write permission for a Gather-controlled Google account to the standard Google Drive folder. Gather scans the folder and modifies the titles of all files to be imported with a special suffix so that the files can be easily identified. Gather does not use the files in the folder for any other purpose and does not read their contents.
Gather then contacts the owners of files in the standard Google folder and asks their permission to migrate each file they own. This permission is granted by the user selecting the files to be migrated using the Google Picker tool, which resembles the Google Drive user interface. The result of granting permission is explained in clear, unambiguous language on the permission page that file owners are invited to. Files for which permissions are granted are moved into the community's Shared Drive, which transfers ownership of the file to the community. Files thusly transferred are subsequently used in the same ways as described above.
How does our site handle "Do Not Track" signals?
If the Do Not Track header is set, Google Analytics will not be used. This is the only form of tracking used on the site.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
- Users can visit our site anonymously. (Though they won't be able to sign in without identifying themselves).
- You can change your personal information by signing in to your account and editing your profile and/or the profiles of your children.
COPPA (Children Online Privacy Protection Act)
The system stores information about children (potentially under the age of 13) so that community members can view photos, unit numbers, and birthdays of their neighbor children for the purposes of facilitating interaction and fostering community.
Children under 13 cannot sign in to the system directly. Their information can only be entered by their parents/guardians.
Children can only sign in to the system when:
- they are over the age of 13;
- their parents/guardians grant permission for them to be considered as "full users" in the system;
- an administrator makes this change in the system.
Communities may define other policies in addition to this and instruct the administrator to make the above change only after additional requirements have been met.
Pursuant to COPPA, we declare the following:
- We don't require a parent/guardian to disclose more information about a child than is reasonably necessary to facilitate interaction and foster community as described above.
- Parents/guardians can review their children’s personal information, direct us to delete it, and refuse to allow any further collection or use of the child’s information.
- We don't disclose any children's information to any third parties other than community members as listed above.
- Parents/guardians may exercise any of the above stated rights by emailing firstname.lastname@example.org.
Fair Information Practices
In order to be in line with Fair Information Practices Principles we will notify you via email within 7 business days in the unlikely event that a data breach should occur.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
We collect your email address in order to send useful notifications (e.g. meal reminders, work reminders, statement notices).
We do not send advertising or other unsolicited emails.
If at any time you would like to unsubscribe from receiving future emails, you can email email@example.com and we will promptly remove you from ALL correspondence.
220 Collingwood St #140
Ann Arbor, MI 48103
Last Edited on 2017-01-17