Privacy Notice — community.group

Last updated: 23 May 2026.

In plain words

We’re Cultural Educational Association CIC, a UK non-profit. We run community.group.
We keep your name, email and a password (scrambled so we can’t read it) so you can log in.
We ask your date of birth once, to check some features are for over-18s. We don’t show it to others.
When you post or react, other people in your community can see it — that’s the point of the space.
Your feed is shown in time order (newest first). We do not use a computer system to profile you or decide what you see to keep you scrolling.
We don’t sell your information and we don’t use it for adverts.
A person, not a computer, makes the final call on any moderation decision. If one affects you, you can ask us to look again (appeal).
You can see, correct or delete your information any time — just ask us on the contact page.
Not happy with how we handle your data? You can tell the ICO (ico.org.uk).

This is a short summary. The full notice below is the complete version.

Who we are

community.group is operated by Cultural Educational Association CIC (“CEA”, “we”), a Community Interest Company registered in the United Kingdom. CEA is the data controller for personal data processed on community.group. For data-protection requests, contact us via our contact page.

What this notice covers

How we handle personal data when you use community.group, including the Community features: city/topic spaces, messages, reactions, follows, the activity feed (shown in time order) and presence indicators.

The personal data we process

Account — name, email, password (stored hashed), role, region — to run your account, authenticate you and control access.
Date of birth (self-declared) — to apply a residual over-18 age gate to any adult-only features.
Messages & content you post — to provide the community service.
Social graph — who you follow and the spaces you join — to show your feed and let you find communities.
Activity signals — reactions and presence/typing — for basic community features. By default we do not use them to rank or personalise what you see.
Technical — IP, device/browser, session — for security and operation.

We do not intentionally collect special-category data (such as political, religious or ethnic data). Participation in cultural spaces may imply such matters; we do not use it to build special-category profiles.

How and why we use it (purposes and lawful bases)

Provide the service (accounts, messaging, spaces, time-ordered feed) — performance of a contract.
Moderation, safety and prevention of illegal or abusive content — legitimate interests and legal obligation (including UK Online Safety Act duties).
Security, fraud prevention and audit — legitimate interests / legal obligation.

Profiling and automated decisions

Your home feed is shown in chronological order (newest first). We do not currently run an automated recommender, rank you, or profile you to decide what you see. The software contains a recommender capability, but it is switched off by default; we would only enable it following a deliberate decision with appropriate age-assurance safeguards, and we would update this notice first. We do not make solely automated decisions producing legal or similarly significant effects about you: moderation enforcement (such as content removal, suspensions and bans) is decided by a person, not a computer. If a decision affects you, you can request human review and appeal. You may also object at any time to any profiling.

Children

Because we run the service safe-by-default — a chronological feed with no recommender, engagement-profiling or nudge mechanics — we do not profile users, including children. Age is self-declared and used only for a residual over-18 gate on any adult-only features. We do not operate identity-based age verification, and we keep age-assurance under review should we ever enable higher-risk features.

Who we share data with

Service providers (processors) — hosting/database, application hosting and payment processing (for donations) — acting on our instructions under contract.
Authorities — where required by law or to address illegal content or safety risks.
We do not sell your personal data or use it for third-party advertising.

International transfers

Some providers may process data outside the UK; where they do, we rely on appropriate safeguards (such as UK adequacy, the IDTA or standard contractual clauses).

Retention

We keep account and content data while your account is active and as needed for the service, legal and audit purposes, then delete or anonymise it. Moderation and audit records are kept for accountability. Your date of birth is stored to enforce the age gate; our logs record only a derived “adult” indicator, not the date.

Security

Passwords are hashed; access is role-controlled; database access is restricted; actions are audit-logged.

Your rights

You may access your data; correct it; erase it; restrict or object to processing (including profiling); request portability; withdraw consent where used; and complain to the Information Commissioner’s Office (ico.org.uk). To exercise your rights, contact us via our contact page.

How to raise a concern or complaint

There are three separate routes, depending on what you need:

Report content (something illegal or abusive) — use the in-product report button, including the illegal-content and child-safety fast-paths.
Appeal a moderation decision that affected you (your post removed, you were muted or banned) — a person reviews it at /community/appeals.
Complain about the service or how we handle your data — contact us via our contact page. We aim to acknowledge promptly and respond substantively. If you are not satisfied, you can complain to the Information Commissioner’s Office (ico.org.uk) about data matters, or to Ofcom about online-safety matters as they apply.

Changes

We will update this notice as the service evolves; we will notify you of material changes.

In plain words

We’re Cultural Educational Association CIC, a UK non-profit. We run community.group.

We keep your name, email and a password (scrambled so we can’t read it) so you can log in.

We ask your date of birth once, to check some features are for over-18s. We don’t show it to others.

When you post or react, other people in your community can see it — that’s the point of the space.

Your feed is shown in time order (newest first). We do not use a computer system to profile you or decide what you see to keep you scrolling.

We don’t sell your information and we don’t use it for adverts.

A person, not a computer, makes the final call on any moderation decision. If one affects you, you can ask us to look again (appeal).

You can see, correct or delete your information any time — just ask us on the contact page.

Not happy with how we handle your data? You can tell the ICO (ico.org.uk).

This is a short summary. The full notice below is the complete version.

The personal data we process

Account — name, email, password (stored hashed), role, region — to run your account, authenticate you and control access.

Date of birth (self-declared) — to apply a residual over-18 age gate to any adult-only features.

Messages & content you post — to provide the community service.

Social graph — who you follow and the spaces you join — to show your feed and let you find communities.

Activity signals — reactions and presence/typing — for basic community features. By default we do not use them to rank or personalise what you see.

Technical — IP, device/browser, session — for security and operation.

How and why we use it (purposes and lawful bases)

Provide the service (accounts, messaging, spaces, time-ordered feed) — performance of a contract.

Moderation, safety and prevention of illegal or abusive content — legitimate interests and legal obligation (including UK Online Safety Act duties).

Security, fraud prevention and audit — legitimate interests / legal obligation.

Profiling and automated decisions

Children

Who we share data with

Service providers (processors) — hosting/database, application hosting and payment processing (for donations) — acting on our instructions under contract.

Authorities — where required by law or to address illegal content or safety risks.

We do not sell your personal data or use it for third-party advertising.

Retention

How to raise a concern or complaint

There are three separate routes, depending on what you need:

Report content (something illegal or abusive) — use the in-product report button, including the illegal-content and child-safety fast-paths.

Appeal a moderation decision that affected you (your post removed, you were muted or banned) — a person reviews it at /community/appeals.

Complain about the service or how we handle your data — contact us via our contact page. We aim to acknowledge promptly and respond substantively. If you are not satisfied, you can complain to the Information Commissioner’s Office (ico.org.uk) about data matters, or to Ofcom about online-safety matters as they apply.