Privacy Policy

We hate legalese, so we've tried to make ours readable. If you've got any questions, feel free to ask us, and we'll do our best to answer.

This privacy statement ("Privacy Policy") covers the website theoryofchange.app owned ("we", "us", "our") and all associated services.

We use information you share with us for our internal business purposes. We do not sell your information. This notice tells you what information we collect, how we use it, and steps we take to protect and secure it.

Your privacy is critically important to us. We have a few fundamental principles:

  • We don't ask you for personal information unless we truly need it.
  • We don't share your personal information with anyone except to comply with the law, develop our products, or protect our rights. Registered users do have a publicly visible profile which contains information provided by you.
  • We don't store personal information on our servers unless required for the on-going operation of one of our services.
  • We aim to make it as simple as possible for you to control what's visible to the public, kept private, and permanently deleted.

If you have questions about deleting or correcting your personal data please contact us.

Information we automatically collect

Non-personally-identifying

Like most website operators, we collect non-personally-identifying information such as browser type, language preference, referring site, account statistics, and the date and time of each visitor request.

We collect this to understand how our visitors use our service, and use it to make decisions about how to change and adapt the service.

From time to time, we may release non-personally-identifying information in aggregate form (for instance, by publishing trends in site usage) to explain our reasoning in making decisions. We will not release individual information, only aggregate information.

Personally-identifying

We automatically collect personally-identifying information, such as IP address, provided by your browser and your computer.

We collect this information for several purposes:

  • To diagnose and repair network issues with your use of the site;
  • To estimate the number of users accessing the service from specific geographic regions;
  • To help prevent fraud and abuse.

Information from Miro we have access to

When you grant our app access to your Miro account, we receive permission to three scopes neccessary to provide our service.

These scopes are:

  • boards:read: Retrieve information about boards, board members, or items.
  • boards:write: Create, update, or delete boards, board members, or items.
  • identity:read: Read profile information for the current user, including email.

Financial information and transactions

Transaction data, including personal data, can be transferred to Mollie B.V. located in Amsterdam at Keizersgracht 126, zip code: 1015CW, in order to process payments.

You can engage in financial transactions with us to subscribe to our app. These transactions are optional. If you choose to subscribe, you will be referred to Mollie, an online payments provider. Mollie will ask you to provide financial information to complete the transaction. There are several payment methods available – including credit cards, debit cards and for various countries local payment methods – each of which requires disclosure of certain personal and financial information. Mollie will only use this information to process your payment. After processing your payment you will be redirected back to our site. We do not store any of your financial information.

Disclosure of personally-identifying information

We disclose potentially personally-identifying and personally-identifying information only to those of our employees, contractors and affiliated organisations that (i) need to know that information in order to process it on our behalf or to provide services available at our website, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organisations may be located outside of your home country. By using this website, you consent to the transfer of your information to them.

If all of our assets were transferred or acquired, your information would be one of the assets that is transferred or acquired by a third party.

We will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to our employees, contractors and affiliated organisations, as described above, we disclose potentially personally-identifying and personally-identifying information only when that release is required by law or by court order, or when we believe in good faith that disclosure is reasonably necessary to protect the safety or rights of us, third parties, or the public at large.

Cookies

Our site and app do not use any cookies. As a Miro extension, authentication is taken care of by Miro.

Confidentiality and security

No data transmission over the Internet can ever be guaranteed to be 100% secure. You use this service at your own risk. However, we do take steps to ensure security on our systems.

If we learn of a system security breach, we will notify you electronically so you can take appropriate steps to protect yourself.

Outside vendors

We reserve the right to contract with third-party vendors to provide features we are unable to provide ourselves or services that will assist us in administering and maintaining our service. We will only share personal information with third-party vendors to the extent that is necessary for such affiliates to provide these site features. We require our third-party vendors to provide the same level of privacy protection that we do, and they do not have the right to share or use personal information for any purpose other than for an authorized transaction. Some of our third-party vendors may be located outside of your home country. By using this website, you consent to the transfer of such information to them. Data you provide to a third party is governed by the privacy policy of the person creating or hosting that application or service.

We will clearly identify third-party vendors with which personal information is shared, in the privacy policy. Our current business vendors are:

  • Miro: As a Miro extension, our app cannot be used without a Miro account. For information on how Miro may use your information, see Miro's privacy policy.

  • Google Business Services : We use Google Business Services for their Google Analytics, Firebase database service, and Firebase hosting service. For information on how Google Business Services may use your information, see Google's Privacy Center. Google Analytics collects aggregate data on site usage, such as browser type and the navigational paths our users use, which helps us make decisions about how to improve the site. To opt out of your site use being included in our Google Analytics report, you can decline these cookies in the cookie consent modal or use a browser plugin to block the JavaScript being served by google-analytics.com. Data is hosted inside the European Union.

  • Cloudflare: We make use of Cloudflare's cloud networking services. For information on how Cloudflare may use your information, see Cloudflare's documents.

  • Mollie: Payments are serviced by Mollie. These transactions are optional and only apply when you decide to subscribe to our app. For information on how Mollie may use your information, see Mollie's legal documents.

  • Postmark: All emails are sent through Postmark. For information on how they use your information, see Postmark's data protection policy.

  • Sentry: We use Sentry to help improve the user experience. Sentry records user interactions, but it does not capture sensitive personal information. For information on how Sentry may use your information, see Sentry's trust center. To opt out of your site use being included in our Sentry report, you can decline these cookies in the cookie consent modal or use a browser plugin to block the JavaScript being served by sentry.io.

Privacy complaint

In case of a privacy complaint, please contact us and we will try to resolve matters swiftly. It is also possible to fill a complaint with the supervisory authority of your country.

Privacy policy changes

We may change our privacy policy from time to time. If these changes are minor, we will post them to this page. If the changes are major, we will post them to this page and notify users by email. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Creative Commons

This privacy policy is based on one developed by Automattic (http://automattic.com/privacy/) and amended by Dreamwidth (http://dreamwidth.org/legal/privacy) and is licensed under a Creative Commons Attribution-ShareAlike 2.5 and 4.0 license.


Last Updated: June 20, 2025