Privacy

Log in to your account and go to the "My Connections" page. Here you'll see every organization
you've interacted with on Equipoise, along with a summary of your activity with each one.
Each organization can only see their own records—they cannot see your activity with other organizations.

Go to "My Connections" and click "Download My Data" at the bottom of the page. You'll receive
a complete export of your data in JSON format, including your contact information, all organization
connections, purchase history, donation history, and email preferences. This complies with GDPR's
right to data portability.

Go to "My Connections" and click "Delete My Account" at the bottom of the page. This will
permanently anonymize your personal information across all organizations. We retain anonymized
transaction records for legal/accounting purposes, but they will no longer be linked to your
identity. This process is irreversible—consider downloading your data first.

No. Each organization can only see their own records with you. Organization A cannot see your
purchases, donations, or subscriptions with Organization B. Your cross-organization activity
is completely private. Only platform administrators have access to cross-account data, and all
such access is logged for auditing.

You have two options. First, you can click the unsubscribe link at the bottom of any email
from that organization. Second, go to "My Connections", click on the organization, and update
your communication preferences. You can control email, physical mail, and SMS preferences
separately for each organization.

Disconnecting unsubscribes you from all communications and disconnects your contact record with
that organization. Your transaction history (purchases, donations) is preserved but you'll
no longer receive any marketing or communications from them. You can reconnect later if you
make another purchase or donation.

Your personal data is protected with industry-standard AES-256-GCM encryption at rest and TLS 1.3
encryption in transit. Here's specifically what we encrypt:

Encrypted data includes:

• Email addresses (encrypted but searchable for login)
• Names on administrative user accounts
• Phone numbers
• Physical addresses (mailing, shipping, billing)
• IP addresses from logins and transactions
• Private notes and messages
• API keys and authentication tokens

Not encrypted (with good reason):

• Contact/member names (to enable search functionality - email and phone remain protected)
• Organization/business names (public business information)
• Public content you create (event names, product descriptions)
• Transaction amounts (needed for financial reporting)

We never store credit card numbers - all payments go through PCI-DSS Level 1 certified
payment processing. We never sell your data to third parties.

We carefully balance security with functionality. Some data isn't encrypted because:

Search functionality: To search contacts by name, the database needs to read the names.
Encrypted data can't be searched with partial matching (like typing "joh" to find "John").
We encrypt highly sensitive data like email addresses, phone numbers, and addresses, while
keeping names unencrypted to enable the search features you need. Names are considered
lower-sensitivity compared to contact details.

Public information: Things like event names, product titles, and organization names are
meant to be publicly displayed. Encrypting and decrypting them would add overhead without
security benefit since they're shown publicly anyway.

Financial reporting: Transaction amounts must be readable for analytics, tax reporting,
and reconciliation. The amounts themselves aren't personally identifiable—it's the connection
to your email and address (which ARE encrypted) that matters.

We focus encryption on data that could directly identify or harm you if exposed: email addresses,
phone numbers, physical addresses, and authentication credentials.

We use only essential cookies required for the platform to function: session cookies for login,
CSRF protection tokens for security, and preference cookies to remember your settings. We do not
use any advertising, tracking, or third-party analytics cookies. See our Cookie Policy for details.

Yes. Equipoise is fully GDPR compliant. You can access your data, correct inaccuracies, request
deletion, export your data, and manage your consent preferences at any time. All data processing
has a lawful basis, and we maintain records of processing activities as required. Contact
legal@equipoi.se for any GDPR-related requests.

Each organization can have a different shipping address for you. Go to "My Connections", click
on the organization, and update your address in the contact settings. By default, organizations
use your global contact address, but you can override this with organization-specific addresses
for more control.