Services that we use & applicable policies

As a fully remote organisation, we use a range of services and tools. Below, we describe some of our tools and choices, and how they might affect the way we collect and store data. Please read their relevant privacy policies accordingly.

• Hosting & servers: We distribute the hosting of our open source applications in cloud68, Greenhost, Hetzner, as they bring strong values of ethics and privacy in their hosting, which we really appreciate. We have some applications in DigitalOcean, which we plan to migrate by the end of 2024.

• Web analytics: For our numun.fund website, we use privacy-focused, open source web analytics Plausible that does not store cookies and is fully compliant with GDPR, CCPA and PECR. Plausible is made and hosted in the EU, powered by European-owned cloud infrastructure.

• Document storage: We use open source Nextcloud for storing documents that may contain confidential or sensitive information, hosted in our own server.

• Email communication: Our email is hosted in Proton, which automatically encrypts end-to-end all of our internal emails, and any emails with Proton users.

• Databases: We use open source Baserow to manage relational databases, including our contact database, hosted in our own server.

• Forms: We use Jotform for more complex forms as it allows more granular data retention and auto deletion, along with end-to-end encryption option. We use our own self-hosted NextCloud and/or Baserow for simpler forms such as signing up to events.

• Organisational planning, notes & work-in-progress documentation: Notion.

• Website: We use open source WordPress for numun.fund, hosted in our own server.

• Team and constellation communications: We communicate internally using open source Mattermost, hosted in our own server.

• Meeting scheduling: We use open source Cal, previously on their cloud, but beginning 2024 we’re moving it to our own server.

• Newsletters: We send our newsletters using open source MailTrain, hosted in our own server. MailTrain stores subscribers’ email addresses. We only send our newsletter to people who actively sign up for it, and they have options to manage their subscription preferences and unsubscribe anytime.

• Video/audio calls: we mostly use Whereby, and open source Jitsi hosted in our own servers. However, when we need to have simultaneous multi-language interpretations, we use Zoom.

How do we collect your information?

When you use Numun Fund websites and services, we may collect information about you while you:

• Access any of our websites, applications, or platforms;
• Create, register an account, or administer your account;
• Input, post, or upload information, data, or other content through any of our applications or platforms;
• Contact us, submit questions, requests, or other communications to us via various communication channels; or
• Interact with other users and guests in our forums.

What kind of information do we collect?

The data we collect from our applications, platforms and websites include:

1. Automated collection of non-personal information through cookies and analytics
2. Personal information intentionally shared with us, either voluntarily or upon request, whether via email, online forms, or other methods.

Automated collection of non-personal information through cookies and analytics

We improve our websites and services via analytics, and, in the process, automatically record some data through trackers and/or “cookies,” which are small data files placed on your hard drive to collect and store information. It collects information generated about your use of our websites, platforms, or applications. These include: IP address, ISP, browser type and version, operating system, visit time, session, actions per visits, page views per visit, returning visitors, and referring site information.

You may choose to remove or not accept our tracker and/or cookies by adjusting the settings of your browser, and continue to use our websites without any adverse effect. However, some animation, images, spacing, and forms may not load properly.

Intentionally shared personal information

If you opt in to receive newsletters or email notifications, or are applying for a grant, or a position in Numun Fund, you may be asked to provide some personal information, such as:

1. Name/pseudonym
2. Email address(es)
3. Phone or another way to contact you
4. Payment details, such as account numbers and ways of payment
5. Contact history
6. Other details that are actively provided while corresponding with Numun Fund

Numun Fund does not intentionally link browsing information or server logs to the personal information you submit to us.

Disclosures of personal information

We do not sell, rent, or lease the information that we collect about you or your usage of our websites to third parties.

We will only disclose personal information that we possess (whether about staff, contacts or anyone else) where compelled by law, and Numun Fund will use reasonable means to notify you promptly of that event, unless prohibited by law or if Numun Fund is otherwise advised in legal proceedings.

How do we use and share information we collect?

We use personal information collected only for direct purposes, such as to:

1. contact and communicate with all applicants to provide updates, request information, and to answer questions
2. contact you if this is required to deliver our grant
3. handle your payment
4. send you our newsletters
5. inform you of any changes in terms and conditions
6. meet legal requirements

We may use aggregated information (especially information shared in application forms, but explicitly in non-identifiable ways) to build knowledge and analysis that meet our mission.

How long do we retain your information?

We only hold your personal information on our systems for as long as is necessary for the purposes outlined above. The length of time each category of data will be retained will vary depending on how long we need to process it for, the reason it was collected, and in line with any statutory requirements. For contracting and financial obligation, we remove personal data from our systems after a period of 7 (seven) years or once it is no longer required.

How do we protect your information?

Our websites use encrypted in transit protocols to receive any information you share with us and for information that our website sends back to you. We also minimise the use of third party applications by self-hosting open source applications.

Your rights

You are entitled to access and correct your data, or ask us to delete it. You are also entitled to withdraw previously given consent to this privacy statement, or to object to our processing of your data. You are also entitled to data portability, which means that we will provide you with a copy of the data we have on you, upon your request. If you want to use any of these rights, please send your specific request to our personal data request form.

Note that these rights do not apply if they conflict with other legal obligations, such as the obligation to keep records for all contracts and invoices for a period of 7 years.

Changes & Updates to this Privacy Policy

We may occasionally update this policy. When we do, we will also revise the Page Last Updated date below. We encourage you to periodically review this policy to stay informed about how we are protecting the personal information we collect.

If you have any question regarding this policy, please contact us at tech@numun.fund (OpenPGP key).

Page last updated: