Home
Sign inCreate account

Privacy Policy

Last updated: March 12, 2026

1. Information We Collect

When you use Volntir, we collect information you provide directly:

  • Account information: name, email address, and password (or Google OAuth credentials).
  • Waiver information: name, date of birth, phone number, emergency contact, and electronic signature.
  • Family member information: names and dates of birth of minors added to a waiver.
  • Device information: IP address and user agent string, recorded at the time of waiver signing for legal validity.

2. How We Use Your Information

  • To create and manage your account.
  • To process and store signed liability waivers.
  • To facilitate event check-in for organizers.
  • To send transactional emails related to your account (e.g., password reset).
  • To respond to support requests you submit through our contact form.

3. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

  • With event organizers: When you sign a waiver for an event, the organization running that event can view your waiver details.
  • Service providers: We use third-party services to host and operate Volntir (e.g., Vercel for hosting, Neon for database). These providers process data on our behalf under strict agreements.
  • Legal requirements: We may disclose information if required by law or legal process.

4. Cookies

Volntir uses only essential cookies required for authentication and session management. We do not use tracking, analytics, or advertising cookies. The cookies we set are:

  • Session cookie: Keeps you signed in while you use the app.
  • CSRF token: Protects against cross-site request forgery attacks.
  • Cookie consent: Remembers that you acknowledged this policy.

5. Data Security

We protect your data with industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), bot protection (Cloudflare Turnstile), and input sanitization to prevent cross-site scripting attacks. Database access is restricted and encrypted in transit.

6. Data Retention

We retain different categories of data for different periods based on legal requirements and operational needs:

  • Signed waivers: Retained for the duration specified by the organizing entity, or a minimum retention period of 3 years after the event date, whichever is longer.
  • Account data: Retained while your account is active and for 30 days following a deletion request, after which it is permanently removed.
  • Volunteer time tracking records: Retained for the same period as the associated waiver and event data.
  • Device and usage data: Retained alongside the waiver record it is associated with.

Event organizers may request deletion of their event data at any time. Individual participant data may be retained beyond an organizer's deletion request if required by applicable law or ongoing legal obligations.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal retention requirements for waivers).
  • Withdraw consent where processing is based on consent.

8. Children's Privacy

Volntir is committed to protecting the privacy of children in compliance with the Children's Online Privacy Protection Act (COPPA) and similar regulations.

  • Volntir does not knowingly collect personal information directly from children under 13.
  • Minor participant data (such as name and age) is collected only through parent or legal guardian submissions during the waiver signing process.
  • No accounts are created for minor participants. All minor data is attributed to and managed under the parent or guardian's record.
  • We do not send emails, notifications, or any other communications directly to minor participants.
  • Parents or legal guardians may request access to, correction of, or deletion of their child's participant data at any time by contacting us at privacy@volntir.com.

If we become aware that we have inadvertently collected personal information directly from a child under 13 without verified parental consent, we will take steps to delete that information promptly.

9. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to know: You have the right to request information about the categories and specific pieces of personal information we have collected, the purposes for collection, and any third parties with whom it has been shared.
  • Right to delete: You have the right to request deletion of your personal information, subject to certain legal exceptions (such as waiver records required for legal compliance).
  • Right to opt out of sale: Volntir does not sell personal information to third parties. We have not sold personal information in the preceding 12 months.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, service quality, or access as a result of exercising your privacy rights.

Categories of information collected: Identifiers (name, email address, IP address), contact information (phone number, emergency contact), signature data (electronic signatures and timestamps), and device/usage data (user agent, IP address at time of signing).

To submit a verifiable consumer request under the CCPA, contact us at privacy@volntir.com. We will verify your identity before processing your request and respond within 45 days.

10. Data Breach Notification

Volntir is committed to the security of your personal information. In the event of a data breach that compromises personal information, we will notify affected users within 72 hours of confirming the breach.

Breach notifications will include:

  • A description of the nature and scope of the breach.
  • The types of personal data affected.
  • The steps we are taking to address the breach and mitigate its effects.
  • Recommended actions you can take to protect yourself.
  • Contact information for follow-up questions.

We will also notify relevant regulatory authorities as required by applicable law.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

12. Contact Us

If you have questions about this privacy policy or your data, please contact us.