Last updated: December 2025
This privacy policy explains how we respect your privacy and protect your personal data on the Community Timebanks platform.
Our promises to you
- We only collect data to improve your experience.
- We ask for your consent before collecting personal details.
- We never sell your data.
- We explain why we collect information, unless it’s obvious.
- We keep your data safe.
- We respect your data preferences and rights.
- We only send emails about marketing if you opt in; otherwise, we send essential platform updates.
In short: no exploitation, no selling, no spam.
1. Who we are
We are Made Open - a limited company registered in England and Wales (No. 4309700), and registered with the Information Commissioner’s Office (No. Z2818556). Our business address is:
Unit FF26
Health and Wellbeing Innovation Centre
Truro
Cornwall
TR1 3FF
When handling your personal data, Made Open is the data controller. This means we are ultimately responsible for how your data is used, kept safe and handled lawfully.
Individual timebanks decide how data about their members is used within their own communities. We process that data only to provide, maintain and support the platform.
All data collected on this platform is securely stored with our hosting provider:
Cloud Above Ltd
Unit 1
1 King Mark House
Tregunnel Hill
Newquay
Cornwall
TR7 1GF
2. What personal data we collect
We collect personal data only as needed to provide our services. This includes:
- Identity data
Including your name, what you do, profile image, age verification, social media or website links. - Contact data
Email address (mandatory), phone number (optional), postal address (optional). - Financial data
Only if you licence a timebank (e.g. card details). - Marketing data
Including your preferences for newsletters or marketing emails (optional). - Activity data
Including activities, messages, connections, exchanges, badges and time credits. - Technical data
Including your IP address, login data, browser type and version, time zone, plugins and operating system.
We also collect aggregated data, which cannot identify individual users, to spot trends and improve the platform.
3. How we use your personal data
We only use your personal data for the purposes outlined in this policy. Our legal bases under GDPR include:
- Contractual necessity: To provide the services you request.
- Legitimate interests: To improve and manage the platform.
- Compliance with law: To meet legal obligations.
- Consent: Where you have agreed (e.g. marketing communications).
4. Who we share your data with
We share personal data only when necessary:
| Who | What | Why |
| Made Open | All data | Platform owner and data controller |
| Cloud Above Ltd | Technical data | Secure hosting |
| Mailgun | Contact data | System notifications |
| Mailchimp | Contact data | Website updates and newsletters |
| Google Analytics | Technical data | To improve user experience |
We may also share data if required by law, to protect our rights, or in the event of a sale or transfer of the business.
5. How we secure your personal data
Your data is stored securely on UK-based servers with protection measures including strong passwords, regular updates, firewalls, password hashing and other standard safeguards.
Keep your account password private and secure; we will never ask for it unnecessarily.
6. How long we keep your data
We retain your data until:
- You delete your account.
- You request to be forgotten.
- The law requires longer retention.
7. Your rights
You have the right to:
- Access and obtain a copy of your data.
- Correct inaccurate or incomplete data.
- Request deletion of your data.
- Object to processing for legitimate interests.
- Restrict processing temporarily.
- Receive your data in a portable format.
- Withdraw consent at any time.
8. Things to keep in mind
- The platform is for users aged 16+.
- Timebank admins may ask for references with your permission.
- External links may have different privacy rules.
- Refusing to provide required data may limit platform access.
9. Exercising your rights
To exercise your rights, email us at [email protected]. Requests are generally free, but excessive or repeated requests may incur a reasonable fee. We may need additional information to verify your identity. We aim to respond within one month.
10. Complaints
If you are unhappy with our privacy practices, contact us at [email protected]. If unresolved, you may contact your local data protection authority, such as the UK's Information Commissioner’s Office.