Privacy Policy

ODU Platform (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and store it, and your rights regarding that data.

By using the Platform, you agree to the collection and use of information described in this Policy. If you do not agree, please stop using the Platform.

We collect the following categories of personal data:

Account and profile data

• Email address — collected when you sign up with email/password or via Google.
• Display name — chosen by you at signup; visible to other members if your profile is public.
• Username — a unique handle you choose; always visible to logged-in members.
• Member type — Worker, Company, or Supporter; chosen at signup.
• Bio — optional free-text description; visible if your profile is public.
• Profile avatar and banner images — optional photos you upload; stored in Firebase Storage.
• Privacy setting — whether you have chosen to show your name and profile publicly.

Activity data

• Community posts — messages you publish in the community feed.
• Reports — if you report a post, we store the report and the content of the reported message.
• Last seen timestamp — updated when you interact with the Platform (not shown publicly).

Contact form data

• Name, email, and message content submitted via contact forms on the Platform.

Technical data

• Standard server and infrastructure logs (IP address, browser type, page requests) are collected by our hosting provider (Netlify) as part of normal operation. We do not actively process or store these ourselves.

Anonymous authentication

• If you use “Join Anonymously”, Firebase creates a temporary anonymous auth session. You are still required to complete a profile (username, member type). No email is collected for anonymous accounts unless you later link one.

We use your personal data for the following purposes:

• To provide the Platform — creating and managing your account, displaying your profile and posts, enabling community features.
• To moderate the community — reviewing reports of content that may violate our Terms of Service.
• To communicate with you — responding to contact form enquiries, sending waitlist confirmations, and notifying you of material changes to these policies.
• To improve the Platform — understanding how users interact with the Platform to guide development priorities.
• To comply with legal obligations — retaining data where required by law, and responding to lawful requests from authorities.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

Where applicable data protection law requires a legal basis for processing personal data (e.g., GDPR), we rely on the following:

• Performance of a contract — processing necessary to provide you with the Platform and its features.
• Legitimate interests — operating and improving the Platform, community moderation, fraud prevention. These interests do not override your fundamental rights.
• Consent — where we explicitly ask for your consent (e.g., optional analytics in future).
• Legal obligation — where we are required by law to process your data.

ODU Platform uses the following third-party services to operate. Each has its own privacy policy:

We do not sell your personal data to third parties. We do not share your data with third parties except as described in this Policy or as required by law.

Your data is stored in Google Firebase infrastructure. Firebase uses industry-standard security measures including encryption at rest and in transit.

Profile images (avatars and banners) are stored in Firebase Storage with public read access (so other members can see them if your profile is public). Only you can overwrite your own images.

We apply Firestore security rules to restrict data access:

• Member profiles are publicly readable (to support community features) but only writable by the account owner.
• Community posts are publicly readable; only authenticated users can create posts.
• Reports are only readable and writable by authenticated users.

No system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

By default, your account is anonymous: your real name, avatar, and member type are hidden from other community members. You appear as “Anonymous Member” in the feed and on profiles.

You can choose to make your profile public in your profile settings. When public:

• Your display name, avatar, bio, and member type are visible to all logged-in members.
• Your username is always visible to logged-in members regardless of privacy setting.
• Platform administrators can always see your real identity for moderation purposes.

You can switch between public and private at any time in your profile settings.

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request that we correct inaccurate or incomplete data. You can update most profile data directly in your account settings.
• Erasure — request deletion of your account and associated data.
• Portability — request your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Restriction — request that we restrict processing in certain circumstances.

To exercise any of these rights, contact us at hello@odu-standard.com. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection authority.

We retain your personal data for as long as your account is active or as needed to provide the Platform. If you request account deletion:

• Your profile data (name, bio, avatar) will be deleted from Firestore and Firebase Storage.
• Your community posts will be anonymised (uid reference removed) or deleted, at your request.
• Your Firebase Auth account will be deleted.

Some data may be retained for a limited period as required by law or for legitimate purposes such as fraud prevention and dispute resolution.

The Platform is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will notify registered members via the Platform.

Your continued use of the Platform after any change is posted constitutes your acceptance of the updated Privacy Policy.