Privacy Policy

This Privacy Policy describes how Verdant Volunteers collects, uses, stores, shares, transfers, protects, and otherwise processes personal data in connection with our websites, mobile applications, web applications, dashboards, volunteer matching tools, host tools, public placement pages, community spaces, support channels, verification flows, payment support, campaigns, donations, AI-supported tools, events, communications, and related services.

Verdant Volunteers may be referred to in this policy as Verdant, we, our, or us. This policy applies to volunteers, hosts, applicants, visitors, organization representatives, donors, reviewers, community participants, support contacts, business contacts, and account holders.

Verdant operates as a global platform. We apply this policy across jurisdictions in a manner designed to respect applicable privacy, data protection, consumer protection, cybersecurity, electronic communications, platform, payment, and safeguarding laws.

Verdant maintains a data protection program intended to support trust, lawful processing, transparency, security, accountability, and responsible use of personal data. Our approach is designed to align with major global privacy frameworks, including GDPR, UK GDPR, CCPA and CPRA, and comparable privacy and data protection laws where they apply.

We process personal data only for legitimate platform, safety, legal, operational, community, and business purposes. We seek to limit collection to data that is relevant, proportionate, and reasonably necessary for the purpose for which it is processed.

Where local law provides stronger mandatory protections than this policy, Verdant applies this policy only to the extent permitted by those protections.

Verdant generally acts as a data controller, business, or equivalent responsible entity when we determine the purposes and means of processing personal data for our platform, accounts, applications, support, safety, compliance, analytics, communications, and service improvement.

In limited situations, Verdant may process personal data on behalf of another organization under written instructions, in which case Verdant may act as a processor, service provider, or equivalent role under applicable law.

Hosts, payment providers, identity verification providers, background screening providers, social platforms, travel resources, insurers, and other partners may act as independent controllers for their own processing. Their own privacy notices and legal obligations apply to their independent activities.

• Personal data means information that identifies, relates to, describes, or could reasonably be linked to an individual.
• Processing means any operation performed on personal data, including collection, recording, storage, use, analysis, disclosure, transfer, deletion, or anonymization.
• Controller means an entity that determines why and how personal data is processed.
• Processor means an entity that processes personal data on behalf of a controller under instructions.
• Sensitive data means personal data that receives heightened legal or contextual protection, such as government identifiers, precise location, biometric data, health information, protected characteristics, background check information, or data involving children or vulnerable persons.

Verdant designs its data practices around the following principles:

• Lawfulness, fairness, and transparency in how personal data is processed.
• Purpose limitation, so data is used for defined and legitimate purposes.
• Data minimization, so collection is proportionate to the service or requirement.
• Accuracy, with reasonable steps to keep records current where appropriate.
• Storage limitation, with retention periods tied to operational, legal, and safety needs.
• Integrity and confidentiality through technical and organizational safeguards.
• Accountability through governance, vendor oversight, documentation, and review.

Depending on how you interact with Verdant, we may process the following categories of personal data:

Verdant may collect personal data from the following sources:

• Data you provide directly when you create an account, apply for or list a placement, create or support a campaign, make a donation or payment, contact support, use an AI feature, submit a form, or complete verification.
• Data generated when you use the platform, including logs, device data, cookies, analytics, search activity, interactions, and communication records.
• Data from hosts, volunteers, organization representatives, payment providers, identity verification providers, fraud prevention providers, background screening partners, and other service providers.
• Data from public sources, sanctions lists, regulatory databases, company registries, professional references, social platforms, or third party reports where lawful and relevant.

Verdant processes personal data for legitimate and defined purposes, including to:

1. Create, authenticate, manage, secure, and support accounts.
2. Operate volunteer discovery, applications, host listings, campaigns, donations, placement coordination, reviews, messaging, and community features.
3. Verify identity, organization authority, eligibility, payment status, and compliance requirements.
4. Process payments, refunds, receipts, tax records, chargebacks, fraud checks, and payment disputes.
5. Provide customer support, including AI-assisted support, safety review, dispute resolution, moderation, and incident response.
6. Protect children, vulnerable persons, volunteers, hosts, staff, communities, and the platform.
7. Detect, prevent, and investigate suspicious activity, fake or duplicate accounts, campaign misuse, payment risk, fraud, spam, abuse, unauthorized access, security threats, sanctions risk, and unlawful conduct.
8. Send service notices, legal notices, safety alerts, application updates, verification requests, support responses, and permitted marketing communications.
9. Measure performance, conduct analytics, improve features, train staff, debug systems, and maintain service reliability.
10. Comply with legal obligations, enforce terms, preserve evidence, cooperate with lawful requests, and defend legal claims.

Where GDPR, UK GDPR, or similar laws apply, Verdant processes personal data under one or more recognized legal bases. The applicable basis depends on the data, context, feature, and purpose.

• Contract necessity. To provide requested services, manage accounts, process applications, support placements, and administer platform features.
• Consent. For optional marketing, certain cookies, selected sensitive data, and other processing where consent is required or appropriate.
• Legal obligation. To comply with tax, accounting, sanctions, payment, consumer, safety, employment, privacy, reporting, and regulatory obligations.
• Legitimate interests. To secure the platform, prevent fraud, improve services, support users, conduct analytics, enforce terms, and protect Verdant, users, and communities, balanced against individual rights.
• Vital interests and public interest. Where processing is necessary to protect life, safety, safeguarding interests, emergency response, or legally recognized public interest purposes.

Verdant may process sensitive data only where lawful, proportionate, and relevant to a defined purpose. Sensitive data may include identity documents, background information, safeguarding information, health or accessibility information you choose to provide, payment risk signals, precise location where enabled, or data relating to children or vulnerable persons.

Where required by law, we rely on explicit consent, substantial public interest, vital interests, legal claims, employment or social protection obligations, safeguarding obligations, or other lawful grounds for processing special categories of data.

Users should avoid submitting sensitive data unless it is requested by Verdant, required for a placement or safety purpose, or voluntarily provided with awareness of the context and visibility settings.

Verdant is generally intended for adults. Where minors lawfully participate in volunteering or related programs, processing must comply with applicable age, consent, parental or guardian involvement, child protection, safeguarding, education, labor, privacy, and local law requirements.

We apply heightened care to personal data involving children, young people, elderly persons, persons with disabilities, refugees, displaced persons, survivors of abuse, patients, low income communities, and other vulnerable persons.

Verdant may restrict features, require additional verification, limit visibility, remove content, preserve evidence, or report concerns where safeguarding or legal risk is identified.

Verdant supports public and community-facing volunteer activity. Certain information may be visible to other users or the public depending on the feature, settings, and context.

• Placement titles, descriptions, host names, organization names, locations, images, videos, updates, and public impact information may appear on public pages.
• Reviews, testimonials, comments, profile details, country information, first names, and participation highlights may be visible where you submit or choose to publish them.
• Community posts, reactions, forum activity, and public support content may be visible to other users or visitors depending on the feature.

Users are responsible for ensuring they have permission before posting personal data, images, stories, or private details about another person.

Verdant may share personal data where necessary and lawful, including with:

• Hosts, volunteers, applicants, organization representatives, and project partners as needed to coordinate placements, applications, participation, reviews, and support.
• Payment processors, banks, card networks, mobile money providers, tax providers, and financial compliance partners.
• Identity verification providers, background screening providers, fraud prevention services, sanctions screening providers, and trust and safety vendors.
• Cloud hosting, infrastructure, analytics, monitoring, security, communications, translation, customer support, email, and collaboration providers.
• Professional advisers, auditors, insurers, regulators, courts, law enforcement, child protection authorities, and other competent bodies where required or appropriate.
• Successor entities in connection with a merger, acquisition, financing, restructuring, sale of assets, change of control, insolvency, or similar corporate transaction.

We do not disclose personal data for unrelated third party use unless permitted by law, directed by you, necessary for the service, or covered by appropriate notice and choice.

Verdant uses service providers and processors to support secure and reliable operations. We conduct risk-based vendor review and require appropriate contractual protections, including confidentiality, security, processing instructions, data protection obligations, audit rights, subprocessor controls, and assistance with legal compliance where applicable.

Service providers are authorized to process personal data only for approved purposes and must implement safeguards appropriate to the nature of the data and services they provide.

Where a provider acts as an independent controller, its own privacy notice governs its independent processing. Verdant is not responsible for independent processing by third parties except where applicable law provides otherwise.

Verdant operates globally and may process personal data in countries other than where you live. These countries may have data protection laws that differ from those in your jurisdiction.

Where required, Verdant uses appropriate transfer safeguards, which may include adequacy decisions, standard contractual clauses, international data transfer agreements, transfer impact assessments, vendor due diligence, encryption, access controls, data minimization, and other technical and organizational measures.

By using Verdant services, you understand that global platform operations may involve cross border processing for hosting, security, support, analytics, payment, verification, compliance, and service delivery purposes.

Verdant retains personal data only as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law. Retention periods vary based on data type, account status, user activity, legal obligations, risk, disputes, safety needs, and business requirements.

• Account, profile, and preference data may be retained while the account is active and for a reasonable period after closure.
• Payment, invoice, tax, accounting, and transaction records may be retained for periods required by financial and tax laws.
• Identity verification, fraud prevention, sanctions, safety, and compliance records may be retained as needed to meet legal and risk management obligations.
• Support, dispute, incident, moderation, and safeguarding records may be retained to protect users, resolve disputes, and comply with law.
• Security logs and technical records may be retained for threat detection, investigation, audit, and platform integrity purposes.

When personal data is no longer required, Verdant deletes, anonymizes, aggregates, or securely archives it according to applicable retention controls.

Verdant maintains administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, disclosure, alteration, loss, misuse, and unlawful processing.

• Encryption in transit and, where appropriate, encryption or protected storage at rest.
• Role-based access controls, least privilege, access reviews, authentication controls, and logging.
• Vendor security review, contractual controls, and risk-based third party oversight.
• Secure development practices, monitoring, backups, vulnerability management, and incident response procedures.
• Staff confidentiality obligations, privacy awareness, and internal policy controls.

No method of transmission or storage is completely secure. Verdant continually evaluates and adjusts safeguards based on risk, technology, legal requirements, and platform operations.

Verdant maintains procedures to identify, assess, contain, investigate, remediate, document, and notify appropriate parties regarding security incidents involving personal data.

If an incident creates a legal notification obligation, Verdant will notify affected individuals, regulators, partners, processors, or other relevant parties as required by applicable law and contractual obligations.

Users must promptly report suspected unauthorized access, account compromise, data exposure, fraud, safeguarding incidents, or misuse of personal data through available Verdant support or safety channels.

Depending on your location and relationship with Verdant, you may have rights relating to your personal data. These rights may include:

• Accessing and receiving a copy of personal data.
• Correcting inaccurate or incomplete personal data.
• Deleting personal data where deletion is legally available.
• Restricting or objecting to certain processing.
• Withdrawing consent where processing is based on consent.
• Receiving data in a portable format where required by law.
• Opting out of certain marketing, targeted advertising, sale, sharing, or profiling activities where applicable.
• Requesting information about, human review of, or the opportunity to contest certain automated decisions where applicable law provides those rights.
• Appealing certain privacy request decisions where local law provides an appeal right.

Verdant may need to verify your identity, confirm your authority, clarify your request, or retain certain information where required for legal, security, fraud prevention, accounting, safety, or dispute resolution purposes.

Verdant applies regional privacy protections where applicable, including rights and obligations under laws in the European Union, United Kingdom, Switzerland, United States states, Canada, Australia, New Zealand, and other jurisdictions with mandatory privacy or data protection requirements.

European, UK, and Swiss users may have rights under GDPR-style laws, including rights to access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to a supervisory authority.

Certain United States residents may have rights to know, access, correct, delete, opt out of sale or sharing, limit certain sensitive personal information uses, appeal decisions, and avoid discrimination for exercising privacy rights, subject to applicable exceptions.

Where regional requirements conflict, Verdant interprets this policy in a manner designed to preserve mandatory rights and comply with applicable local law.

Verdant uses cookies, pixels, SDKs, local storage, device identifiers, and similar technologies for essential service operation, security, fraud prevention, preference management, analytics, performance measurement, outreach, and legally permitted personalization.

Where required, we obtain consent before using non-essential cookies or similar technologies. Users can manage cookie choices through available cookie controls, browser settings, device settings, and other controls described in our Cookie Policy.

Verdant may use automated systems, rules, risk models, matching tools, moderation assistance, fraud detection, sanctions screening, trust and safety signals, recommendations, summaries, translations, support assistance, and AI-assisted workflows to operate, secure, and improve the platform.

Automated tools may help rank listings, detect suspicious activity or fake accounts, identify possible campaign misuse or payment risk, support identity, account, campaign, content, and activity reviews, recommend opportunities, route support requests, summarize content, or identify potential policy violations. The personal data considered may include account, identity, verification, device, usage, transaction, campaign, content, communication, support, moderation, and security information relevant to the review.

Automated signals may be incomplete or incorrect and do not necessarily establish that a violation has occurred. We use risk-based safeguards intended to support accuracy, security, proportionality, human review where appropriate, and the prevention of unlawful discrimination.

Where applicable law restricts solely automated decisions that produce legal or similarly significant effects, Verdant will use an applicable lawful basis and provide required notices and safeguards. Depending on the law and decision, those safeguards may include meaningful human involvement, an opportunity to provide information or express your point of view, and a way to request review or contest the decision.

Verdant may disclose personal data where required or permitted by law, including in response to subpoenas, court orders, regulatory requests, law enforcement requests, tax inquiries, sanctions obligations, payment network requirements, or other legally valid demands.

We review requests for legality, scope, authority, and necessity where appropriate. We may challenge, narrow, reject, or delay requests that appear invalid, overbroad, or inconsistent with applicable law.

Verdant may also disclose information where we reasonably believe it is necessary to protect users, children, vulnerable persons, staff, communities, the public, legal rights, platform security, or the integrity of the service.

Verdant maintains governance practices intended to support accountability for personal data. These practices may include data inventories, privacy impact assessments, vendor reviews, transfer assessments, security assessments, policy reviews, training, access reviews, audit logs, and incident documentation.

We evaluate higher-risk processing, including safeguarding, verification, fraud prevention, profiling, sensitive data, cross-border transfers, and third party integrations, through risk-based review processes.

Verdant may update governance controls as laws, technologies, risks, business operations, and platform features evolve.

Verdant may update this Privacy Policy from time to time to reflect changes in law, platform operations, technology, data practices, security requirements, service providers, or available user rights.

We will post the updated version with a revised date. Where required by law, we may provide additional notice or request consent. Continued use of Verdant after an updated policy becomes effective means the updated policy applies to your use, except where additional consent is required.

Effective date 20 February 2023. Last updated 6 June 2026.

To exercise privacy rights, submit a data protection request, raise a privacy concern, or ask questions about this Privacy Policy, contact Verdant Volunteers at:

For urgent safety concerns, contact local emergency services first, then notify Verdant through the available support channels.