HomePrivacy & termsSoGood Community: Privacy and Cookie Policy

SoGood Community: Privacy and Cookie Policy

Last updated: 24 August 2025

This Privacy & Cookie Policy (“Policy”) explains how SoGood Partners Limited (“SoGood”, “we”, “us”) collects, uses, shares and protects personal data when you use the SoGood Community web and mobile applications and related services (the “Platform” or the “Services”). SoGood Partners Limited is a company registered in England and Wales (No. 14889615), registered office: 20 Wenlock Road, London, N1 7GU, United Kingdom. We are registered with the UK Information Commissioner’s Office (ICO) under registration number ZB688255.

The Platform is an invite-only collaboration space for charities and approved participants, with organisation-specific workspaces, channels and messaging.

1) Who is responsible for your data?

Role overview. Responsibilities differ by processing activity:

  • Your Organisation (workspace owner) will typically act as a data controller for workspace membership and workspace content (e.g., posts, files, messages) and instructs SoGood about processing for the Organisation’s purposes. In doing so, SoGood generally acts as a processor/service provider to that Organisation.
  • For platform operations that SoGood determines (e.g., account security, fraud/abuse prevention, service analytics, legal compliance), SoGood may act as an independent controller.

If you are unsure which controller is responsible for a particular use of your data, contact your Organisation Admin first, or reach us at [email protected].

2) Personal data we collect

We collect the following categories of data (depending on how you use the Services and your Organisation’s configuration):

  • Account & profile data (e.g., name, email, organisation, optional profile text). Some items are mandatory to create an account; without them you cannot access the Platform.
  • Workspace content you provide: posts, messages, comments, files, events, reactions.
  • Usage & device data: app version, device type, OS version, log and diagnostic data, IP address, security event logs, and performance metrics (used to operate, secure and improve the Services).
  • Notifications data: push notification tokens and preferences; email delivery logs.
  • Support & correspondence: messages you send to SoGood or to your Organisation Admin via the Platform.
  • Special category data: we do not require special category data (e.g., health, religious belief). If you choose to share such data in a workspace, your Organisation may determine the lawful basis for that processing; SoGood processes it only as necessary to provide the Services and to enforce safety and acceptable-use rules.

We use personal data only where we have a lawful basis under UK GDPR and the Data Protection Act 2018. Typical purposes and legal bases include:

To provide and administer the Services (create/maintain your account; enable invites; deliver posts, files, channels, and messaging; send transactional emails/notifications).

Legal basis: Contract (performance of our agreement with you and/or with your Organisation).

To keep the Platform secure and enforce policies (access control, abuse prevention, safety response, incident logging, fraud/spam prevention).

Legal basis: Legitimate interests (to keep the service safe and reliable) and, where required, legal obligation.

To improve the service (quality, reliability, diagnostics, usage analytics in aggregate form; feature usage to inform roadmaps).

Legal basis: Legitimate interests (service improvement). Where analytics are non-essential (e.g., on the web), we will seek consent via a cookie/SDK prompt.

To provide support and communicate with you (respond to queries, service notices, updates about material changes).

Legal basis: Legitimate interests / Contract.

To comply with law (regulatory and lawful requests; defending or establishing legal claims).

Legal basis: Legal obligation / Legitimate interests.

4) How your Organisation uses your data

Within your private workspace, your Organisation Admin sets local rules (e.g., who can join, what data is requested, what channels exist). The Organisation is typically the controller for workspace content and membership. Where you exercise a data right (e.g., deletion) in relation to workspace content, we may direct you to your Organisation Admin, and SoGood will assist them as processor.

5) Age threshold

  • The Platform is for users aged 16 and over.
  • Users under 16 are not permitted to use the Services.
  • Organisations are responsible for verifying that their invited users meet this requirement.

6) Sharing your data (recipients)

We may share personal data with:

  • Your Organisation Admins and authorised members inside your private workspace (as required to operate the workspace).
  • Trusted service providers (processors) that help us deliver the Services (e.g., hosting, email delivery, crash reporting), under contracts that require security and confidentiality.
  • Professional advisers (legal, accounting), and authorities or courts where legally required or to protect users and our services.
  • Successor entities in the event of a merger, acquisition or reorganisation, in accordance with data protection law.

7) International data transfers

We aim to host and process data in the UK and EEA. If we transfer personal data outside the UK/EEA, we will do so using a valid transfer mechanism (e.g., adequacy regulations/decisions, Standard Contractual Clauses with the UK Addendum/IDTA, or other appropriate safeguards), and we will take steps to protect your information.

8) Data retention

We keep personal data only for as long as necessary for the purposes set out in this Policy, including to comply with legal, accounting, or reporting requirements. As a guide:

  • Account data: retained while your account is active. Inactive accounts may be deleted after two years of inactivity.
  • Workspace content: retained while your account/workspace is active and, after termination, typically deleted within 30–90 days (subject to legal holds, backup cycles, and your Organisation’s requirements).
  • Security logs and diagnostics: retained for a limited period consistent with our security needs and legal obligations.

Backups and disaster-recovery copies may persist briefly beyond the above periods, after which they are overwritten.

9) Security

We apply technical and organisational measures to protect personal data, including TLS encryption in transit, access controls (role-based permissions), audit logging, and staff training. We continually review our safeguards against evolving threats.

10) Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to processing of your personal data, and (where processing is based on consent or contract and carried out by automated means) the right to data portability. You also have the right to withdraw consent at any time where consent is the legal basis. To exercise your rights:

  • Workspace content/membership: please contact your Organisation Admin (controller for those data). SoGood will assist them as processor.
  • SoGood-controlled processing (e.g., account security, abuse prevention, service analytics): contact [email protected].

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) (www.ico.org.uk).

11) Cookies & SDKs

Web app (browser): We use strictly necessary cookies (for login/session). With your consent, we may use analytics cookies to improve the service. You can manage web cookies via your browser settings and (where shown) our cookie banner.

Mobile apps (iOS/Android): We may use app SDKs for crash reporting, performance, and optional analytics, and device tokens for push notifications. You can manage push notifications in your device settings and in-app preferences. We will request consent where required for non-essential analytics.

12) How to contact us

  • Email: [email protected]
  • Post: Data Protection Officer, SoGood Partners Limited, 20 Wenlock Road, London, N1 7GU, United Kingdom
  • ICO registration: ZB688255

13) Changes to this Policy

We may update this Policy from time to time. We will take reasonable steps to notify you of significant changes (e.g., in-app notice or email). Please review this Policy periodically for updates. Your continued use of the Services after an update takes effect means you acknowledge the revised Policy.

Appendix — Summary of the current Platform

The current SoGood Community Platform is an invite-only collaboration platform featuring organisation-specific workspaces, channels, posts, direct/group messaging, file sharing, notifications, admin tools (onboarding, invites, role assignment, audit logs), and usage reporting/analytics. Security controls include RBAC, TLS in transit, audit logs, and configurable conduct policies.

SoGood Partners: Empowering charities through digital tools and technologies.
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Please see our cookie notice and privacy notice for full details