Privacy Policy

Updated February 15th, 2025

1. Introduction

Communify Limited ("Communify", "we", "us", or "our") is committed to protecting the privacy and personal data of all individuals who use or interact with our platform. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information.

We are a company registered in Ireland and operate a digital platform to support communication, collaboration, and innovation within and across organisations. This Privacy Policy applies to all services provided under the Communify brand, including all modules and platform features.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), and apply technical and organisational controls aligned with security standards such as ISO 27001 and SOC 2, while on our journey towards formal certifications.

2. Who This Policy Applies To

This Privacy Policy applies to any individual who accesses or uses the Communify platform, regardless of their role, organisation, or reason for engagement.

This includes anyone whose personal data is processed via Communify’s services, such as employees, partners, customers, consultants, or other external collaborators.

3. How We Collect Your Information

We collect personal data:

  • Directly from you – via registration, profile setup, content submissions, feedback forms, or customer support

  • From your employer or organisation – when they create user accounts, assign roles, or configure platform access

  • Automatically – through cookies, usage analytics, and technical integrations when you interact with the platform or visit our website

4. Types of Personal Data We Collect

a) Identity & Profile Data

  • Name, email address, job title, department, office location

  • Hire date (for milestone recognition features)

  • Profile photo (optional)

b) Platform Activity Data

  • Submitted content (ideas, comments, feedback)

  • Participation in campaigns, challenges, surveys, events, or communities

  • User preferences, roles, and usage patterns

c) Technical Data

  • IP address, browser type, device details

  • Platform interaction logs and session metadata

  • Cookies and similar technologies (see Section 11)

We do not knowingly collect or process sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric information.

5. How We Use Your Data

We use your data to:

  • Set up and manage user accounts

  • Provide access to collaboration, communication, and innovation tools

  • Enable challenge participation, engagement, and recognition features

  • Monitor platform usage to enhance performance and improve features

  • Deliver customer support and technical troubleshooting

  • Provide anonymised insights and analytics to customers

  • Comply with legal obligations and service agreements

We do not sell your personal data.

6. Marketing and Communications

We may send you platform-related updates, onboarding messages, or educational content to help you get the most value from your experience.

If you are a customer representative, partner, or have opted in, we may also send occasional product updates, event invites, or thought leadership content.

You can opt out at any time by:

  • Clicking the "unsubscribe" link in any non-essential email

  • Updating your email preferences within your account settings

  • Contacting us at info@communify.ai

We respect your communication preferences and will ensure marketing-related messages stop upon request.

7. Legal Basis for Processing

Depending on your relationship with us and the nature of the processing, we rely on the following legal bases:

  • Contractual necessity – to fulfil platform functionality as part of our agreement with your organisation

  • Legitimate interests – to improve, secure, and personalise the platform experience

  • Consent – for marketing, personalisation, or optional features

  • Legal obligation – to meet regulatory requirements or respond to lawful requests

8. Data Hosting and Residency

All personal data is securely hosted on Amazon Web Services (AWS) infrastructure located in Dublin, Ireland. No personal data is stored or transferred outside the European Economic Area (EEA).

AWS services used by Communify support encryption, access control, and service resilience in line with industry best practices.

9. Data Security

We implement robust security measures, including:

  • TLS 1.2+ encryption for all data in transit

  • AES-256 encryption for all data at rest

  • Role-based access controls and least-privilege enforcement

  • Two-factor authentication for administrative access

  • Secure development lifecycle (SDLC) practices

  • Audit logging and monitoring of platform access and activity

We assess our technical and organisational measures regularly and align them with ISO 27001 and SOC 2 best practices.

10. Data Retention

We retain personal data only for as long as necessary:

  • Active users: While your account is in use or your organisation remains a customer

  • Former users: Your data is deleted upon deactivation or removal

  • Aggregate data: Anonymised usage data may be retained for product improvement, benchmarking, or reporting

We also retain data as required to comply with legal obligations, resolve disputes, and enforce our agreements.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain secure login sessions

  • Remember user preferences

  • Analyse user engagement

  • Improve product features and performance

You can manage or disable cookies in your browser settings. Some essential platform functionality may require cookies.

For a full breakdown, refer to our Cookie Policy (available upon request).

12. Sharing of Personal Data

We may share your data only with:

  • Your organisation – where they act as data controller and manage your user account

  • Trusted sub-processors – for infrastructure, communication, analytics, or support (bound by data processing agreements)

  • Regulators or authorities – when legally required under applicable law

We do not share personal data with unauthorised third parties or advertisers.

13. Sub-processors and Third Parties

We rely on a small number of vetted third-party service providers to deliver aspects of the platform. These include:

  • Cloud hosting providers (e.g. AWS)

  • Email delivery platforms

  • Analytics tools

  • Customer support platforms

All sub-processors are subject to contractual obligations regarding data protection and security. A full list is available upon request.

14. Your Rights (Under GDPR)

As a data subject, you have the right to:

  • Access your personal data

  • Correct or update inaccurate information

  • Request deletion of your data (subject to legal limits)

  • Restrict or object to specific types of processing

  • Withdraw consent where processing is based on consent

  • Request portability of your data

  • File a complaint with your national data protection authority

To exercise your rights, you may contact your employer (as platform controller) or Communify directly at privacy@communify.ai.

15. Data Breach Response

In the event of a data breach, we will:

  • Notify affected customer contacts without undue delay

  • Report to the relevant supervisory authority (where required)

  • Inform individuals if their rights or freedoms are likely to be impacted

We have internal incident response protocols to minimise risk and ensure timely communication.

16. Changes to This Privacy Policy

We may update this policy from time to time to reflect new features, changes in law, or best practice improvements. Material updates will be communicated through the platform or by email.

The most current version will always be published at: www.communify.ai/privacy-policy

17. Contact

For questions, feedback, or data-related requests, contact us at:

Communify Limited
 📍 Dublin, Ireland
📧 info@communify.ai
🌐 www.communify.ai