We collect as little as possible and protect everything we do collect.

GivBase is a product of Wortham Innovations LLC. We build free check-in and reporting software for volunteer-run food pantries. This policy explains what data we collect, why we collect it, and how we protect it.

We collect only what is necessary to operate the service. For pantry clients, that means: a first and last name (or a self-chosen identifier), a phone number (encrypted at rest — never stored in plaintext), and optional demographic information used solely for food bank reporting (household size, age ranges, income range, race/ethnicity). We do not collect or store dates of birth. Age is recorded as a range (e.g., "30–64") only.

For pantry staff and administrators, we collect an email address used for sign-in and account management.

We collect standard server logs (IP address, browser type, timestamps) for security and debugging purposes. These are not linked to client records.

Client data is used exclusively to support the food pantry that collected it. Visit history enables accurate monthly reporting to regional food banks (TEFAP, CSFP, and similar programs). Demographic data, when collected, is used only in aggregate reporting — never for profiling or targeting.

We do not use client data for marketing. We do not sell, rent, or share client data with third parties for any commercial purpose. We do not share any client data with government agencies, immigration authorities, or law enforcement except when compelled by a court order with proper legal process.

GivBase enables food pantries to send SMS text messages to clients who have provided a phone number. These messages are limited to operational communications: appointment reminders, pantry closures or schedule changes, and pickup notifications. We do not send promotional or marketing SMS messages.

Phone numbers collected for SMS purposes are used solely to deliver messages on behalf of the pantry that collected them. We do not sell, rent, or share phone numbers with third parties for any commercial purpose.

Message frequency varies based on pantry activity. Message and data rates may apply.

To opt out of SMS messages, reply STOP to any message. To request help, reply HELP. After opting out, you will receive one final confirmation message and no further texts. You may opt back in at any time by contacting your pantry administrator.

Every organization's data is isolated at the database level using row-level security. It is technically impossible for one pantry to access another pantry's client records. Volunteers can check clients in and view visit history for their own pantry only. They cannot export data, access settings, or view the full client list — those actions are restricted to administrators.

Sessions expire after 30 minutes of inactivity.

We retain client records for as long as the organization's account is active and for a reasonable period thereafter to support reporting obligations. Organizations may request deletion of their data by contacting us. We will fulfill deletion requests within 30 days.

Sensitive fields (phone numbers) are encrypted at rest using pgsodium. All data is transmitted over HTTPS. Our database enforces append-only audit logs — records cannot be silently modified or deleted. We use Supabase for database hosting, which maintains SOC 2 compliance.

Pantry clients have the right to request access to their records, request corrections, or request deletion. These requests should be directed to the pantry administrator, who can act on them within GivBase or contact us directly.

Pantry administrators may contact us at any time to request a full export or deletion of their organization's data.

Questions about this policy or requests regarding your data: contact@worthaminnovations.com