Privacy Policy - The Commons

Template attribution: This Privacy Policy is adapted from the Automattic Legalmattic Privacy Policy template, available under the Creative Commons Attribution-ShareAlike 4.0 International License. This Privacy Policy is similarly licensed under CC BY-SA 4.0. A detailed changelog documenting all adaptations is available upon request.

Your privacy is critically important to us. At The Commons, we have a few fundamental principles:

We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
We store personal information for only as long as we have a reason to keep it.
We aim to make it as simple as possible for you to control what information is shared publicly (or kept private) and permanently deleted.
We aim for full transparency on how we gather, use, and share your personal information.

1. Who We Are and What This Policy Covers

We are Commons Infrastructure LLC, a Delaware limited liability company (“The Commons,” “we,” “us”). We operate the software tools and services available at thecommons.cc, including Forge™ IDE, Scheduling, Email Marketing, and other products on our platform.

This Privacy Policy applies to information that we collect about you when you use our website (thecommons.cc) and our products and services (collectively, our “Services”).

Throughout this Privacy Policy we’ll refer to our websites, products, and other services collectively as “Services.”

2. Information We Collect

We only collect information about you if we have a reason to do so - for example, to provide our Services, to communicate with you, or to make our Services better.

Information You Provide to Us

We collect information that you provide to us directly. Here are some examples:

Account information: We ask for basic information when you create an account, such as your name and email address. If you use a Paid Service, we collect payment information via our payment processor (Stripe) - we do not store credit card numbers on our servers.
Product data: Content you create within our tools (calendar events, email campaigns, documents, computational notebooks, etc.).
Communications: If you contact us for support, send us an email, or communicate with us in any way, we collect the information you provide.

Information We Collect Automatically

We also collect some information automatically:

Log information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information.
Usage information: We collect information about your usage of our Services. For example, we collect information about pages visited, features used, and timestamps. We use this information to, for example, provide our Services to you, get insights on how people use our Services so we can make our Services better, and understand and make predictions about user retention.
Location information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
Information from cookies & similar technologies: We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns.

Information from Forge™ IDE (Desktop Application)

If you use Forge™ IDE, we may collect anonymized telemetry data including session duration, function usage counts, and error counts. This data is used exclusively for improving the product and is not linked to your personal identity. You can opt out of telemetry in the application settings.

3. How and Why We Use Information

We use information about you for the purposes listed below:

To provide our Services. For example, to set up and maintain your account, host your data, process payments, and provide customer support.
To ensure quality, maintain safety, and improve our Services. For example, by providing automatic upgrades and new versions of our Services, and by monitoring and analyzing how users interact with our Services so we can create new features and improve existing ones.
To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; and enforcing our Terms of Service.
To communicate with you. For example, to send transactional communications such as confirmations, receipts, security alerts, invoices, and account-related notices. We may also send product updates, which you can unsubscribe from at any time.

4. Sharing Information

We share information about you in limited circumstances, and with appropriate safeguards on your privacy. We do not sell your personal data. We do not share data with advertisers or data brokers.

Service providers: We share information with third-party vendors who need the information to provide services to us or on your behalf. This includes hosting providers, email delivery services (such as Amazon SES for Email Marketing), and payment processors (Stripe).
Legal and regulatory requirements: We may disclose information about you in response to a subpoena, court order, or other governmental request.
To protect rights, property, and others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of The Commons, third parties, or the public at large.
Business transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
With your consent: We may share and disclose information with your consent or at your direction.
Aggregated or de-identified information: We may share information that has been aggregated or de-identified, so that it can no longer reasonably be used to identify you.

5. Data Portability and Deletion

You can export all your data at any time in standard formats at no additional charge. You can delete your account at any time. Upon deletion, all personal data is permanently removed within 30 days, except where retention is legally required.

If you are located in certain parts of the world, including some US states and countries that fall under the scope of the European General Data Protection Regulation (aka the “GDPR”), you may have certain rights regarding your personal information, like the right to request access to or deletion of your data. To make such a request, please contact us at info@thecommons.cc.

6. How Long We Keep Information

We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it, and we’re not legally required to keep it. For example:

Server logs are retained for approximately 30 days.
Account data is retained for the life of your account plus the 30-day deletion window after account closure.
Billing records may be retained for up to 7 years for tax and accounting compliance.

7. Security

We use TLS encryption for all connections, hash passwords with industry-standard algorithms, and implement access controls and monitoring. While no online service is 100% secure, we work hard to protect information about you against unauthorized access, use, alteration, or destruction. We also take measures to keep our Services secure, including monitoring for potential vulnerabilities and attacks through our Autonomous Maintenance System.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent you from logging in or using core features of our Services.

9. Email Communications

We send transactional emails (account confirmations, password resets, billing receipts, security alerts). We may also send product updates, which you can unsubscribe from at any time. We comply with CAN-SPAM and applicable anti-spam laws.

10. Children’s Privacy

Our Services are not directed to children under 13 (or 16 in Europe). We do not knowingly collect personal information from children. If we learn that we have collected personal information of a child under the relevant age, we will take steps to delete the information as soon as possible. If you believe that a child has provided us with personal information, please contact us at info@thecommons.cc.

11. Privacy Policy Changes

Although most changes are likely to be minor, we may change our Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service. We encourage you to frequently check this page for any changes to the Privacy Policy. Your continued use of our Services after any change in this Privacy Policy will constitute your consent to such change.

12. Contact

Privacy questions? Contact us at info@thecommons.cc.

Commons Infrastructure LLC · Delaware, USA