Privacy Policy
Last updated: May 11, 2026
1. Who we are
CareConnect is operated by CareConnect BV, a private limited company registered in the Netherlands (Chamber of Commerce / KVK number available on request), and governed in part by the CareConnect Foundation (Golden Share), whose mission is to ensure the platform remains in the public interest.
Our registered address is in The Hague, Netherlands. For all data-protection enquiries, contact us at privacy@care-connect.support.
2. What data we collect and why
Category | Data collected | Legal basis | Purpose |
|---|---|---|---|
Account | Full name, email address, country, password hash, role (NGO / Expert / Company) | Contract (Art. 6(1)(b) GDPR) | Creating and authenticating your CareConnect account |
Organisation profile | Legal name, org type, sectors, needs, offers, founding year, tagline, size | Contract + Legitimate interest | Building your public directory profile and enabling partner discovery |
Expert profile | Expertise field, skills, languages, experience, availability, bio, certifications, optional CV | Contract + Consent (CV upload) | Enabling expert matchmaking and verified profile display |
Trust Score inputs | Governance documents, project reports, verification status, referrals | Legitimate interest | Computing and displaying your transparent Trust Score |
Usage data | Pages visited, search queries, match feed interactions, timestamps | Legitimate interest | Platform analytics, fraud prevention, and product improvement |
Communications | Connection request messages, crisis response submissions | Contract | Facilitating verified introductions between platform members |
We do not collect special-category data (health, ethnicity, religion, etc.) and do not sell your data to any third party.
3. How long we keep your data
Account data — retained for the lifetime of your account plus 12 months after deletion, unless a longer period is required by law.
Organisation and expert profiles — retained while your account is active. Soft-deleted profiles are purged after 90 days.
Usage logs — anonymised after 12 months and retained for up to 5 years for aggregated analytics.
Connection messages — retained for 24 months after the last activity in the connection thread.
CV uploads — stored until you remove them from your profile.
4. Who we share data with
Other platform members — your public profile (name, organisation, sectors, Trust Score) is visible to logged-in members. Contact details are only shared after a mutual connection is approved.
Supabase (EU region) — our database and authentication provider, operating under a Data Processing Agreement compliant with GDPR. Data is stored in the EU.
Vercel — our hosting provider. No personal data is stored on Vercel infrastructure beyond server logs.
Verification partners — for NGOs seeking national verification, limited profile data may be shared with accredited third-party auditors under NDA.
Legal authorities — only where required by applicable law or a valid court order.
We do not use your data for advertising or share it with data brokers.
5. Your rights under GDPR
As a data subject in the EU/EEA (or where equivalent laws apply), you have the right to:
Access — request a copy of all personal data we hold about you.
Rectification — correct inaccurate or incomplete data at any time via your Account Settings.
Erasure ("right to be forgotten") — request deletion of your account and associated personal data.
Restriction — ask us to stop processing your data while a dispute is resolved.
Portability — receive your data in a structured, machine-readable format (JSON/CSV).
Objection — object to processing based on legitimate interest at any time.
Withdraw consent — where processing is based on consent (e.g. CV upload), you may withdraw at any time.
To exercise any of these rights, email privacy@care-connect.support with the subject line “Data Rights Request”. We will respond within 30 days.
6. Cookies and tracking
CareConnect uses only strictly necessary cookies for session management (Supabase auth tokens stored in HttpOnly cookies). We do not use third-party advertising cookies or tracking pixels.
7. Data security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production databases is restricted to authorised personnel via role-based access control and MFA.
8. Contact
CareConnect BV
The Hague, Netherlands
Email: privacy@care-connect.support