Privacy Policy

Last updated: May 2026

1. Information We Collect

When you create an account, we collect:

• Account info: Name, email address, grade, school name, graduation year
• Volunteer data: Events registered, hours logged, check-in/out times, GPS coordinates at check-in
• Content: Reflections, reviews, photos, e-signatures uploaded by you
• Device info: Device type, OS version, app version (for crash reporting)

We do not collect: Social Security numbers, financial information, health data, or browsing history.

2. Children's Privacy (COPPA)

ImpactBadge is designed for students aged 11-18. For users under 13:

• We require a parent/guardian email address at signup
• Parental consent is required before the account is fully activated
• Messaging, leaderboards, and photo features may be restricted until consent is granted
• Parents can request deletion of their child's data at any time by contacting privacy@impactbadge.app

3. How We Use Your Information

• To provide the volunteer tracking service
• To verify volunteer hours with supervisors and organizations
• To generate certificates, transcripts, and college application exports
• To send notifications about events, verifications, and account activity
• To improve the app through anonymized, aggregated analytics

4. How We Share Your Information

We share data only in these cases:

• With your school: If your school uses ImpactBadge, administrators can view your hours and compliance status
• With supervisors: When you submit self-reported hours, your supervisor receives an email with your name, hours, and activity description
• With parents: Linked parent accounts can view your volunteer activity
• With your consent: When you export data to Common App, Naviance, or share achievements

We never sell your personal data to third parties.

5. FERPA Compliance

When ImpactBadge is used by a school or district, student volunteer records may constitute education records under FERPA. Schools control access to these records through their administrator dashboard. We act as a "school official" with a legitimate educational interest under FERPA.

6. Data Security

We use Firebase (Google Cloud) infrastructure with encryption in transit (TLS) and at rest. Authentication uses industry-standard protocols (OAuth 2.0, Firebase Auth). We do not store passwords — they are managed by Firebase Authentication.

7. Data Retention & Deletion

Your data is retained while your account is active. You can delete your account at any time from Settings, which permanently removes all your data including hours, badges, and certificates. Parents can request deletion of a child's data by emailing privacy@impactbadge.app.

8. Your Rights

You have the right to: access your data (via in-app exports), correct inaccurate data (via profile settings), delete your account and data, and opt out of non-essential notifications.

9. Contact

For privacy questions or data requests:
privacy@impactbadge.app