The Shared World Project

Legal

Privacy policy

How The Shared World Project collects, uses, and protects information. Last updated 2026-05-21.

Last updated: 2026-05-21.

What we collect

  • Information you give us when you donate, volunteer, contact us, sign up for the newsletter, or submit a form: name, email, phone, location, and any free-text notes you include.
  • Payment information when you donate. Card details are processed by Stripe and never stored on our servers. We retain only the donation metadata Stripe returns to us (amount, date, designation, last-four of card, transaction ID).
  • Standard server logs: IP address, user agent, and request timestamps for security and debugging. Logs are retained for 30 days unless needed for incident response.
  • Cookies: minimal, only what's needed for the site to function. We do not run third-party advertising trackers.
  • Electronic-signature records when you sign a waiver: the typed name and / or drawn-signature PNG you submit, the SHA-256 hash of the waiver body you signed, the timestamp, the hashed IP address and user-agent string of your browser at sign time, and confirmation of the two required ESIGN checkboxes (intent and affirmation). The signature, hash, and chain entry are stored in a tamper-evidence chain so we can prove later that the record has not been altered.
  • Background-check disclosure data when a host organization requires a screening: only the metadata of the invitation (invited by which org, status, outcome). Your SSN, date of birth, address history, and any other PII required for the screening go directly from your browser to the third-party provider (Checkr, Sterling, or Verified First). Shared World never receives or stores those fields.
  • SMS / phone number if you provide one during signup (for example, a guardian's phone number for a supervised-service placement). We use it only for the volunteer-relationship purpose you provided it for. We do not text marketing messages.

How we use information

  • Process and acknowledge donations.
  • Match volunteers with opportunities and follow up.
  • Reply to your messages.
  • Send the newsletter (only if you opted in).
  • Improve the site and detect abuse.

Who else sees it

We share information only with service providers necessary to operate:

  • Stripe: payment processing.
  • Amazon Simple Email Service (SES): transactional email (receipts, form acknowledgements, account notifications).
  • Mailchimp: newsletter delivery, only if you opt in.
  • Cloudflare: DNS, edge security, and content delivery.

We do not sell, trade, or rent your information to anyone.

Your rights

You can ask us to:

  • Show you what we have on file for you.
  • Correct it if it's wrong.
  • Delete it (except records we are legally required to retain, e.g. donation records for tax compliance).
  • Stop emailing you (one-click unsubscribe in every newsletter; transactional emails like donation receipts continue as required by law).

Email hello@sharedworldproject.com for any of the above.

Children

This site is not directed at children under 13. We do not knowingly collect information from anyone under 13. If you believe we have, please contact us and we will delete it.

For supervised-service placements involving a minor (ages 13–17), Shared World collects the minor's first and last name, the guardian's full name and contact information, and the program identifier of the placement. A signed guardian consent is required before the minor's account can be used. Minors cannot sign their own waivers; the guardian signs on their behalf.

Waivers and electronic signatures

When you electronically sign a waiver on Shared World, the following happens:

  • Before you click "Sign waiver," you must check two boxes: intent to sign electronically and this is my signature. Without both boxes the form will not submit. This satisfies the ESIGN Act's "intent to sign" and "affirmation" requirements.
  • You can type your name, draw your signature on a touchscreen / trackpad, or both. Drawn signatures are stored as a PNG image on our servers; typed names are stored as plain text. We also store the SHA-256 hash of the typed name and the PNG so future audits can detect tampering.
  • The exact waiver body you signed is hashed with SHA-256, and that body hash is recorded with your signature. Anyone can re-compute the hash from the document text and confirm what you signed. The hash is included in the signed-copy email we send you.
  • We send a copy of the signed record to your email immediately after you sign. If the waiver belongs to a host organization (not Shared World's own platform release), the host organization's primary contact also receives a copy.
  • Each signature is sealed into a per-waiver-version hash chain. Removing or editing any past signature would break the chain and is detectable by anyone, including you.
  • Retention: Shared World keeps signed waivers for at least 7 years per IRS substantiation guidance for nonprofit volunteer service records. After 7 years we may retain the integrity chain (without your signature image) indefinitely for the protection of past counterparties.
  • Your ESIGN rights: you may request a paper copy of any signed record at any time by writing to hello@sharedworldproject.com. You may also withdraw consent to electronic delivery for future records by the same address; withdrawal does not revoke past signatures.
  • Hardware required: a modern HTML5 browser (Chrome, Edge, Safari, or Firefox) with JavaScript enabled. A touchscreen or trackpad is needed for drawn signatures; a keyboard for typed names.

If a host organization (a coalition nonprofit, a court-supervision agency, or a corporate partner) presents its own waiver during your application, that waiver is a separate agreement between you and that organization. Shared World facilitates the signature capture and stores the signed record; Shared World is not a party to that organization's waiver and assumes no liability for its terms or for the project it covers.

Security

We use HTTPS everywhere, store secrets off-docroot on the server, and limit access to donation and volunteer data to staff who need it. No system is perfectly secure; we'll notify affected users promptly if we ever discover a breach.

Changes

If we change this policy materially, we'll update the "last updated" date and (for active newsletter subscribers) send a notification.

Contact

Email hello@sharedworldproject.com.