Committed to Keeping Your Personal Information Safe.

We collect this standard basic information so that we can contact you regarding Tribe. This also helps with safeguarding so that we know who our users are, for example, a person needing help in their community can identify the user they have asked help from. Your details are not shared publicly without your permission, such as when you accept help from someone.

For Tribe Members, only your name will appear on the help you request and no other information is shared publicly.

We collect this information if you are interested in becoming a Community Support Provider. This is so we can carry out checks as to whether you are trustworthy to help people around you, and carry out jobs on behalf of the Tribe platform.

If you offer to help a Tribe Member, or advertise yourself as a Community Support Provider then your experience, qualifications, hourly rate, transport, and basic information, with the exception of your location, is shared publicly.

We may ask you for your location. This is so we can help identify support in your community and provide a relevant list of support providers close to you. Your location is never shared without your explicit consent. Locations are also masked to other users so that they will not know your exact location.

We use analytics software on our website and apps. This is to help identify areas of improvement on the Tribe platform. It is also used to help identify need in your community. No personal data is transmitted during your searches.

Your personal information may be shared with local authorities. Information is passed to local authorities to help identify communities that need additional support, this information is shared under the public interest and allows your local authorities to better support residents and ensure those using Tribe are safe. In cases where a user receives part of their direct payment for care and support within Tribe, information is shared with local authorities for financial auditing purposes.

If you provide paid support in your community, or register your interest in this, we may pass your details to local teams that are in place in your area. They are experts in developing new micro-providers and can help ensure you are operating as a legal business. Your personal information and activity inside Tribe is not sold and you will never be targeted by advertisers.

You shall be informed about what information you will be sharing when performing any action within the Tribe apps for both Android and iOS.

If required by law or subpoena, we will disclose personal information of users to law enforcement agents.

If required, in breach of Tribe terms of service, we shall disclose personal information to the relevant authority. This includes but not limited to instances that involves crime, abuse, and general safeguarding.

We may also pass on personal information to government bodies, such as the NHS and first responders, in the event of a personal emergency to yourself or in the event of pandemic control such as contact tracing.

Tribe undergoes routine penetration testing to ensure that your data is secure at the highest standards. Our latest tests have been performed by Mitigate Cyber using the OWASP Testing guide V3 and found zero vulnerabilities across the Tribe platform.

Tribe is also compliant with GDPR and meets NHS Data Security & Protection toolkit standards that is set out by the National Data Guardian's (NDG) data security standards. The NDG advises and challenges the health and care system to help ensure that citizens’ confidential information is safeguarded securely and used properly. These standards assess 10 areas:

• Personal Confidential Data
• Staff Responsibilities
• Training
• Managing Data Access
• Process Reviews
• Responding to Incidents
• Continuity Planning
• Unsupported Systems
• IT Protection
• Accountable Suppliers

Find out more about the NDG

Your data is kept on a secure cloud service. The data is encrypted during storage using an AES encryption algorithm, the encryption key is then also encrypted and rotated regularly to minimise risk.

Data is encrypted during transit between our secure server and your mobile app too. We use the latest SSL/TLS protocols to ensure data can not be read or modified during transit.

Some data can be deleted whenever you like, some is removed or hidden automatically and some is retained for longer periods of time, where necessary.

Tribe user data which makes up your profile, can be corrected or deleted at any time. Some data, like community groups visible in Tribe, may be hidden if a page is inactive. Some information is retained for an extended period of time, this includes payments that have been processed through Tribe, and is kept for financial auditing purposes and to prevent fraud.

If you request to have your data removed from Tribe, or the retention period expires, the data is deleted and overwritten on our storage hardware to obscure your data, this is in line with industry standards. Any physical hardware containing user data is also obsfucated and destroyed when being replaced.

We collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, your location, mobile type, mobile OS, the pages and content of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics. We use Google Analytics to gather this information.

Tribe is compliant with the NHS Data Security & Protection toolkit.

Tribe takes the following measures to ensure accessibility of Tribe:

• Include accessibility throughout our internal policies
• Assign clear accessibility targets and responsibilities
• Employ formal accessibility quality assurance methods

The Web Content Accessibility Guidelines (WCAG) defines requirements for designers and developers to improve accessibility for people with disabilities. It defines three levels of conformance: Level A, Level AA, and Level AAA. Tribe is partially conforming with WCAG 2.1 level AA and WCAG 2.1 level AAA.

Although our goal is WCAG 2.1 Level AA conformance, we have also applied some Level AAA Success Criteria: Re-authentication after a session expires does not cause loss of data.

Tribe is designed to be compatible with the following technologies:

• Our preferred browser for Tribe is Google Chrome
• iOS support on iPhone and iPad from iOS 11. Below iOS 11 can cause some issues but is compatible
• Android support from Lollipop 5.0
• Browsers such as Firefox, Opera, Safari, Internet Explorer and Edge are compatible, but have some known issues

Tribe is not compatible with Internet Explorer 10 and below

Accessibility of Tribe relies on the following technologies to work with the particular combination of web browser and any assistive technologies or plugins installed on your computer:

• HTML
• CSS
• JavaScript

These technologies are relied upon for conformance with the accessibility standards used.

Despite our best efforts to ensure accessibility of Tribe, there may be some limitations. Below is a description of known limitations, and potential solutions. Please contact us if you observe an issue not listed below.

User generated content such as uploaded images may not have text alternatives and language is not internationalised as we cannot ensure the quality of contributions. We monitor user activity and typically respond to issues within 24 hours. We are also implementing artificial intelligence to control user generated content, such as profile photos that are not conformant. Please report any issues you encounter via the app, or by direct contact.

We have assessed the accessibility of Tribe by the following approaches:

• Internal & external evaluation
• Tribe has adhered to a formal quality assurance process throughout the design and development process internally using British Association Standards for Accessibility
• Tribe has adhered to a formal quality assurance process via external co-production, this began with Shropshire Council, University of Suffolk, and Dorset Council, our current processes have been designed and developed by Design Humanly, and are now in practice with our internal user experience team with consortium partners and our deployed areas
• Tribe has been through user experience and usability testing by several external sources including University of Suffolk Usability Testing Department throughout the development process
• Tribe has been through accessibility testing by several external sources throughout the development process
• Tribe has been assessed and accredited by The Organisation for the Review of Care and Health Apps (ORCHA), the World’s leading health app evaluation and advisor organisation

If you decide you wish to create a payment account to receive payments on the support you provide, you will be required to verify your identity and store your banking information within Stripe in order to receive payments. This information is encrypted and bypasses the Tribe system directly to Stripe. No information is shared.

When paying a support provider, Tribe adds an application fee on every transaction to cover our running costs including technology, feature development, support planning, community services and the business tools available to you. This fee is payable by the support provider for gaining work by using the Tribe service and is taken automatically from each transaction.

When making a payment, your card details are securely stored with Stripe. You are provided with the option to remove your payment sources and details from the 'make a payment' screen in the Tribe app. Alternatively, you can contact Tribe to remove all of your payment data from Stripe. Tribe does not store any banking data.

When you create an account with us, you must provide us information that is accurate, complete, and current at all times. Failure to do so constitutes a breach of the Terms, which may result in immediate termination of your account on our Service.

You are responsible for safeguarding the password that you use to access the Service and for any activities or actions under your password, whether your password is with our Service or a third-party service.

You agree not to disclose your password to any third party. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.

Our Service may contain links to third-party web sites or services that are not owned or controlled by Tribe.

Tribe has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services. You further acknowledge and agree that Tribe shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.

We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or services that you visit.

We may terminate or suspend access to our Service immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.

All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.

We may terminate or suspend your account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.

Upon termination, your right to use the Service will immediately cease. If you wish to terminate your account, you may simply discontinue using the Service.

All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.

These Terms shall be governed and construed in accordance with the laws of the country in which you reside, without regard to its conflict of law provisions.

Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service, and supersede and replace any prior agreements we might have between us regarding the Service.

To report an incident, you can either contact us using the information on this page, or report in-app using the Tribe mobile app on iOS and Android. You can also report an incident to your local authority.

The procedure is as follows once an incident has been reported:

• The incident is logged in our security incident resolution center
• The incident is marked as open and flagged to Tribe staff for review
• Tribe staff use Tribe Terms of Service and legal guidelines such as the Human Rights Act 1998 to determine the outcome of an incident
• Once reviewed, Tribe staff will determine the course of action in three ways:
  • Safe: We have determined that Tribe Terms of Service have not been breached and take no further action
  • Undetermined: We are unsure that there is a potential for intervention and consult relevant authorities
  • Escalation: We have determined that there is a need for intervention and escalate the incident to the relevant authorities
• The incident is then marked as closed

However, if the incident is of imminent danger to life, please refer to the Community Guidelines and contact the emergency services immediately.

Tribe staff also use an internal management system, so that if any incidents arise concerning Tribe staff or the system in general they are to be logged by the operations lead, initially reviewed by the operations lead using the same method as above and escalated to the Tribe board or the relevant authorities if found to be in breach of Tribe Terms of Service.

We actively review our policies and procedures to make sure that they are up-to-date and relevant to the current needs of the service. Reviews take place at least once yearly, but policies and procedures are updated more regularly to accommodate new changes in legislation and when new features are added to the service.

Data is never 100% secure when stored digitally, and although we have procedures and tests in place to reduce risk, as detailed in our security section, we must put procedures in place to follow in the event of a data breach.

Personal data breaches can include the following:

• Access to personal data by an unauthorised third party
• Deliberate or accidental action (or inaction) by a controller or processor
• Sending personal data to an incorrect recipient
• Hand-held devices / laptops containing personal data being lost or stolen
• Alteration of personal data without permission
• Loss of availability of personal data

It is the responsibility of everyone at Tribe to ensure they keep personal data safe. In the event of personal data being breached, our procedure is to act fast and follow the procedure below:

• Identify the breach extent and user(s) affected
• Log the breach using our internal management system
• Report the breach to the Data Protection Officer (DPO) with a detailed review of the breach
• The DPO reviews the breach and makes a decision as to whether the breach will result in a risk to individuals' rights and freedoms
• Report the breach to the Information Commissioners Office (ICO) with a detailed review of the breach if required to do so
• Notify affected users of the breach with appropriate actions to reduce risks/li>
• Potentially suspend or isolate part of the service until the breach has been contained
• Once contained, review the breach internally and action any improvements for prevention
• Update our Data Privacy Impact Assessments if required

If you believe you may have encountered a data breach, you must report it using the contact details on this page or in-app using the Tribe mobile app on iOS and Android.

Tribe ensures system access and data security are maintained by performing annual penetration tests and complying with data security standards. We also make sure that staff systems have no direct access to personal data to reduce risk. Our DPO and Operations Lead have sole access to live encrypted database content and are able to decrypt content in the event of breaches and reporting.

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.

We use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to partial Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

If required by law or subpoena, we will disclose personal information of users to law enforcement agents.

Our Service does not address anyone under the age of 16 ("Children").

We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we discover that a Children under 16 has provided us with Personal Information, we will delete such information from our servers immediately.