Legal · Privacy
Privacy Policy
Last updated: 30 June 2026
Universal Law Community Trust (ULCT) (“ULCT”, “we”, “us”) operates the website at https://ulctrust.org and the related member services (the “Service”). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and the rights you have over it.
1. Who is responsible
Data controller: Universal Law Community Trust (ULCT).
Contact for privacy questions, access requests and deletion requests: admin@ulctrust.org.
2. What data we collect
- Account data — name, email address, password hash (when you sign up with email).
- Google sign-in data — when you choose “Continue with Google”, we receive your Google account’s name, email address, profile picture and a unique identifier (
openid) from the scopesopenid email profile. We do not request, read or write your Gmail, Google Drive, Calendar, Contacts or any other Google product data. - Member application data — information you submit through the Assignment of Consent (AOC), Kindness Credits, debt-assignment and ministry forms (phone, address, photo, signature, account references, documents you upload).
- Wallet and contribution data — Razorpay payment references, contribution amounts, top-up records and Kindness Credits balance.
- Technical data — IP address, device, browser, referring URL, anonymous analytics events used to keep the site working and safe.
- Cookies and local storage — session/authentication tokens, theme preference, offline PWA cache.
3. Google user data — what we do and do not do
We use the data Google provides only to (a) create or sign you into your ULCT member account, (b) display your name and avatar inside the Service, and (c) send you service-related notifications you have opted into.
- We do not sell Google user data.
- We do not use Google user data for advertising, ad personalisation or retargeting.
- We do not transfer Google user data to third parties except the infrastructure subprocessors listed in section 5, which act on our instructions and under contract.
- We do not use Google user data to train generalised AI / ML models.
- Google user data is stored in the same protected database as the rest of your account, encrypted in transit and at rest, behind row-level security and role-based access controls.
You can disconnect ULCT from your Google account at any time from your Google account permissions page.
4. How we use your data
- Operate the Service, create and authenticate your account, recover access.
- Process AOC, KC card, ID card, debt-assignment and ministry submissions and route them to admins for review and approval.
- Record contributions and Kindness-Credit balances and issue receipts.
- Send transactional notifications (approvals, replies, meeting reminders).
- Detect, prevent and respond to fraud, abuse and security incidents.
- Comply with lawful obligations and protect the rights of the Trust and its members.
5. Who we share data with (subprocessors)
We rely on a small number of vetted infrastructure providers to run the Service:
- Lovable Cloud (Supabase) — database, authentication, storage, server functions.
- Cloudflare — hosting, content delivery, DDoS protection.
- Razorpay — payment processing for contributions and wallet top-ups (we never see your card details).
- Email delivery provider — sending transactional emails (sign-in, approvals, receipts).
- Jitsi Meet — community video sessions (subject to its own privacy notice).
We do not sell or rent personal data to anyone.
6. How long we keep data
We keep account and ledger data for as long as your account is active and for the period required to settle obligations, defend lawful claims and meet regulatory requirements. You may request deletion at any time by emailing admin@ulctrust.org; we will delete or irreversibly anonymise data that is no longer needed.
7. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion (right to be forgotten).
- Restrict or object to certain processing.
- Receive a portable copy of your data.
- Withdraw consent at any time without affecting prior lawful processing.
To exercise any right, email admin@ulctrust.org. We respond within 30 days.
8. Security
We use TLS in transit and encryption at rest, row-level security on the database, role-based access control for staff, two-factor authentication for admins, audit logging for sensitive admin actions, and rate limiting on public endpoints. No system is perfectly secure; we will notify you and the relevant authorities if a breach affects your personal data.
9. Cookies and local storage
We use strictly necessary cookies / local storage to keep you signed in, remember your theme, and enable offline use of the app (PWA). We do not run third-party advertising cookies.
10. Children
The Service is not directed to children under 18 and we do not knowingly collect their data. If you believe a child has provided personal data, contact us and we will delete it.
11. International transfers
Our subprocessors operate globally. Where data crosses borders, we rely on the standard protections offered by those providers (such as Standard Contractual Clauses where applicable).
12. Changes to this policy
We may update this policy. Material changes will be announced on the site and, where appropriate, by email. The “Last updated” date at the top always reflects the current version.
13. Contact
Universal Law Community Trust (ULCT)
Email: admin@ulctrust.org
Website: https://ulctrust.org
See also: Terms of Service · Contact