1. Introduction
This privacy policy explains what personal data Called 2 Work DBA Zia Code LLC(“Called 2 Work,” “we,” “us”) collects, why we collect it, who we share it with, how long we keep it, and what choices and rights you have. It applies to visitors of called2work.com, members who sign up with an invitation, and business owners who post job opportunities.
Called 2 Work is an invitation-gated job board for a faith-based community. Membership requires an invitation; business owners require a separate vouching step before posting. We treat the trust this implies as a baseline for how we handle personal data: we collect what is needed to make the service work, we keep it only as long as necessary, and we are explicit about the third parties involved.
2. Personal data we collect
- Account data. Name, email, authentication factors, role (member, business owner, admin), and the invitation token that brought you in.
- Profile data. Bio, skills, location (city / region / postal code), professional links, optional photo, and any business profile fields a business owner publishes.
- Files you upload. Resumes, cover letters, and other application attachments. These are stored at rest in Cloudflare R2 with the rest of the application.
- Application + listing data. Job applications you submit, listings you post, and the chat messages you exchange with the other party.
- Donation data. If you donate via Stripe, the donation amount and Stripe-issued transaction identifiers are recorded in our database. Card numbers and other sensitive billing fields are handled by Stripe directly and never traverse our servers.
- Technical metadata. IP address, user-agent string, request timing, and similar metadata used for security, fraud prevention, abuse mitigation, and audit logging.
- Cookies and similar technologies. See the cookie policy at /legal/cookies for an inventory and our preference center.
3. How we use your data
We use personal data to deliver the service, keep it safe, and comply with the law:
- Matching members to job postings and serving the public anonymized search index.
- Routing chat messages between business owners and applicants.
- Sending transactional email (sign-in links, application confirmations, account-deletion confirmations) and any opt-in notifications you have enabled.
- Detecting and preventing abuse, fraud, and unauthorized access; supporting law-enforcement requests when legally required.
- Recording donation receipts and meeting US tax / accounting obligations.
- Maintaining an audit trail of security-significant actions.
Where GDPR or a similar law requires us to identify a legal basis, see the EU/EEA addendum below.
Sharing and sub-processors
Called 2 Work engages the following sub-processors to provide services to our users. Each is bound by a Data Processing Addendum (DPA) where the vendor publishes one. The list below is reproduced from our machine-readable sub-processor source-of-truth and is also published in full at /legal/sub-processors.
- StripeUSA
Payments processing and donor billing
Data categories: donor name, donor email, billing details
- ResendUSA
Transactional email delivery
Data categories: recipient email, email content, delivery metadata
- CloudflareGlobal
CDN, WAF, and DNS in front of the application
Data categories: request metadata, IP addresses, user-agent strings
- Cloudflare R2Global
Object storage for resumes and uploaded attachments
Data categories: resumes, uploaded attachments, file metadata
- Sentry / BugSinkEU/USA
Error telemetry and exception monitoring
Data categories: error stack traces, request metadata, user identifiers
- Oracle Cloud InfrastructureUSA
Compute and primary database hosting
Data categories: all application data at rest
- CoolifySelf-hosted (USA)
Self-hosted deployment orchestration. Touches environment variables and runtime logs; technically a sub-processor of the infrastructure layer.
Data categories: environment variables, runtime logs
- Called 2 Work self-hosted LibreTranslate (translate.ziacode.dev)USAConditional
UI and user-generated-content translation
Data categories: translated UI strings, translated user-generated content
Activates when self-hosted LibreTranslate ships per infra issue #408
- Planning CenterUSAConditional
Optional church-directory sync for opted-in members
Data categories: church directory profile, opted-in member contact info
Only when church-directory-sync ships and a member opts in
We will update this list before adding any new sub-processor. Material changes that affect EU/EEA data subjects will be communicated in advance per GDPR Article 28(2).
5. International transfers
Our application infrastructure and primary database are located in the United States. When you use the service from outside the US, your personal data is transferred to and processed in the US. Where required (notably for EU/EEA personal data), the transfer is governed by the European Commission's Standard Contractual Clauses signed with each US-based sub-processor and, where applicable, the EU-U.S. Data Privacy Framework.
Data retention
We keep personal data only for as long as needed for the purpose it was collected, plus any legal, accounting, or reporting requirements. The schedule below is the operator-confirmed retention table; the canonical version with vendor cross-references is published at /legal/retention.
| Data category | Retention period | Legal basis |
|---|---|---|
| User accounts | Active for the life of the account, then a 30-day soft-delete grace period before hard delete | Contractual necessity; user-initiated deletion right |
| Job postings | Active until expiry, then retained 90 days post-expiry | Legitimate interest in audit trail and dispute resolution for closed listings |
| Job applications | Retained for 180 days after the related job posting closes or the application is withdrawn | Legitimate interest in employment-records compliance and dispute resolution |
| Messages and chat | Retained for the lifecycle of the conversation; deleted when both participants delete their accounts or 90 days after the last activity in an abandoned thread | Contractual necessity (delivering the chat feature); legitimate interest in safety review |
| Audit logs | 7 years | Security investigation, fraud prevention, and compliance recordkeeping |
| Donation records | 7 years | US tax law recordkeeping requirements (IRS § 6501) |
| Resumes and uploaded attachments | Until replaced by the user, or 30 days after account deletion (matches the soft-delete grace window) | Contractual necessity; user-initiated deletion right |
| Cookie consent records | 3 years rolling from the most recent consent action | GDPR Art. 7(1) accountability — proof that consent was obtained |
| Email magic-link tokens | 15 minutes | Authentication security |
| Account-deletion confirmation tokens | 24 hours | Required to verify the user's identity before processing an account-deletion request |
7. Security
We use industry-standard administrative, technical, and physical safeguards: TLS in transit, encryption at rest for the primary database and object storage, role-based access control on the internal admin surface, append-only audit logging of security-significant actions, automated rate limiting on sensitive endpoints, and security-event monitoring through the error-telemetry sub-processor. No system is perfectly secure; in the event of a personal-data breach affecting EU/EEA residents, we will notify the relevant supervisory authority within 72 hours where the breach is likely to result in a risk to the rights and freedoms of natural persons, in line with GDPR Article 33.
Your rights and how to exercise them
Depending on your jurisdiction, you have the right to access, correct, delete, port, restrict the processing of, or object to the processing of your personal data. You also have the right to withdraw any consent you previously provided. Specific regional addenda below describe the rights granted by GDPR, CCPA / CPRA, other US state privacy laws, PIPEDA, Quebec Law 25, LGPD, the Australian Privacy Principles, and POPIA.
We honor every request from a verified account, regardless of jurisdiction, by exposing self-service endpoints in the application:
- Export your data. /api/me/export returns a structured JSON copy of every record we hold about you, including conversation participation in messages.
- Delete your account. /api/me/delete starts an email-confirmed soft-delete. Once confirmed, your account enters a 30-day grace period before hard deletion, during which it can be restored on request to [email protected].
- Manage consents. /api/me/consents lets you view and withdraw any non-essential consent (analytics, marketing email, optional integrations) without losing access to the service.
If you cannot exercise a right through the self-service endpoints above — for example, you no longer have access to the email associated with your account — write to [email protected] and include enough information for us to verify your identity. We respond to verifiable requests within the timelines required by the applicable law (one calendar month under GDPR; 45 days under CCPA / CPRA, extendable once by 45 days where allowed).
9. Cookies and tracking technologies
We use a small set of strictly necessary cookies to keep you signed in and to remember your consent choices. We do not use cookies for cross-context behavioral advertising. The full inventory and the per-category opt-in preference center are published at /legal/cookies.
10. Children's privacy
Called 2 Work is for adults. The Terms of Service require all users to be 18 or older. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected personal data from someone under 18, we will delete it as soon as practicable. If you believe a child under 18 has provided personal data to us, please write to the privacy address above.
11. Updates to this policy
We may update this policy as the service or the surrounding law changes. The version and effective date at the top of the page track every published revision; substantive changes that affect your rights or how we process your data are also surfaced in-product the next time you sign in. The append-only history is stored in source so that prior versions are auditable.
Regional addenda
The following addenda describe additional rights and obligations that apply to specific jurisdictions. Where a right described in an addendum overlaps with a right described in the main policy above, both apply; we honor the more protective interpretation.
European Union / EEA — GDPR
If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies to processing of your personal data by Called 2 Work.
Legal bases (Art. 6). We rely on: contractual necessity for delivering the service you signed up for; legitimate interests for fraud prevention, security, audit logs, and product analytics where consent is not required; consent for non-essential cookies, marketing email, and any optional integration; and legal obligations for tax / accounting recordkeeping. You may request the specific basis we are relying on for any processing.
Your rights (Art. 15-22). Access, rectification, erasure, restriction, portability, objection, and the right not to be subject to solely automated decision-making. Requests are answered within one calendar month, extendable by two further months for complex requests with notice.
Lodging a complaint. You have the right to lodge a complaint with your national data protection authority. A directory is available at the European Data Protection Board (edpb.europa.eu).
International transfers.The controller is established in the United States. EU/EEA personal data is transferred to the US under the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework. A copy of the SCCs we rely on is available on request to the privacy address above.
California — CCPA / CPRA
If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA / CPRA) gives you specific rights with respect to your personal information.
Categories collected (last 12 months). Identifiers (name, email, IP address); commercial information (donation history); internet / network activity (logs, request metadata); professional information (resume, employment history you choose to upload); and inferences drawn from any of the above for the purpose of matching members with relevant listings.
Sale or sharing of personal information. We do not sell your personal information for money, and we do not share it for cross-context behavioral advertising. We have no need to provide a “Do Not Sell or Share My Personal Information” opt-out at this time, but a placeholder link is published in the site footer to make this position visible.
Sensitive personal information. We do not use sensitive personal information for any purpose other than what is reasonably expected by an average consumer using a job board (for example, processing a resume you choose to upload). The right to limit the use of sensitive personal information is therefore not engaged in our normal operation; you may still write to [email protected] if you believe it has been engaged.
Authorized agents. You may designate an authorized agent to make a request on your behalf. We will require written authorization signed by you and verification of your identity.
Other US state privacy laws (VA, CT, CO, UT, TX, OR, DE, MN, TN, IA)
If you are a resident of Virginia, Connecticut, Colorado, Utah, Texas, Oregon, Delaware, Minnesota, Tennessee, or Iowa, the privacy law of your state grants you a substantially similar set of rights to those described in the GDPR section above: access, correction, deletion, portability where the processing is automated, and the right to opt out of targeted advertising and the sale of personal data. Several states (Colorado, Connecticut, Texas, Oregon, Delaware, Minnesota) also recognize a right to opt out of profiling that produces legal or similarly significant effects.
Called 2 Work does not sell personal data, does not engage in targeted advertising, and does not perform profiling that produces legal or similarly significant effects on members. Requests under any of these state laws can be sent to the privacy address above and are answered within the timeline required by the applicable law (typically 45 days, extendable once where allowed).
State-specific appeal mechanisms apply where the underlying law requires them (Colorado, Virginia, Connecticut). If we decline a request you may appeal in writing; if the appeal is also declined you may contact your state Attorney General.
Canada — PIPEDA + Quebec Law 25
If you are located in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) applies. Quebec residents are additionally covered by the Act respecting the protection of personal information in the private sector (Law 25), which provides rights to access, correction, deletion, and portability, plus an obligation on us to inform you of significant automated decision-making (we do not currently perform any).
Requests should be sent to the privacy address above. We respond within 30 days of a verified request and will identify our designated privacy officer on request.
Brazil — LGPD
If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) applies. You have rights of access, correction, anonymization, portability, deletion, information on data sharing, revocation of consent, and the right to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD). A Brazilian representative will be appointed if and when active processing of Brazilian residents' data warrants one; until then, requests should be sent to the privacy address above.
Australia — Privacy Act 1988 + APPs
If you are located in Australia, the Privacy Act 1988 and the Australian Privacy Principles (APPs) apply. You have rights of access and correction, and we will not use sensitive information without your explicit consent. Privacy complaints that we cannot resolve directly may be referred to the Office of the Australian Information Commissioner (OAIC).
South Africa — POPIA
If you are located in South Africa, the Protection of Personal Information Act (POPIA) applies. You have rights of access, correction, deletion, objection to processing, and the right to lodge a complaint with the Information Regulator. The controller's information officer can be reached at the privacy address above.
Out-of-scope jurisdictions
We do not currently accept signups from the United Kingdom or mainland China. Signup attempts originating from those regions are blocked at the application layer with a friendly explanation and a return-to-home link. The UK gate will lift once a UK GDPR Article 27 representative is appointed; mainland China is out of scope for the foreseeable future. Hong Kong, Macau, and Taiwan are not affected by the China gate.
Coverage of US state privacy laws by jurisdiction
- United States — Virginia — VCDPA
- United States — Connecticut — CTDPA
- United States — Colorado — CPA
- United States — Utah — UCPA
- United States — Texas — TDPSA
- United States — Oregon — OCPA
- United States — Delaware — DPDPA
- United States — Minnesota — MCDPA
- United States — Tennessee — TIPA
- United States — Iowa — ICDPA