TEMPLATE INSTRUCTIONS FOR SPACE OWNERS
This is a Privacy Policy template for your Space. As a Space Owner, you are a data controller for Member data you collect. Replace [BRACKETED TEXT], customize for your actual data practices, delete inapplicable sections, have legal/privacy counsel review, then delete these instructions.
Your Privacy Policy must accurately describe your actual data practices. This is a starting point only.
[SPACE NAME] PRIVACY POLICY
Last Updated: [DATE]
1. Introduction
This Privacy Policy explains how [YOUR LEGAL BUSINESS NAME] ("[SHORT NAME]," "we," "us," or "our") handles your personal information when you use our Space at [YOUR SPACE URL]. [CUSTOMIZE: Add sentence about your Space.]
BY JOINING OUR SPACE, YOU CONSENT TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT JOIN.
2. Relationship with Commonspace and Stripe
[SHORT NAME] is responsible for your data within our Space.
Our Space is hosted on Commonspace — also review their Privacy Policy at https://common.space/privacy-policy.
Payments are processed by Stripe — see https://stripe.com/privacy.
3. Information We Collect
From Commonspace when you join: Name, email, @username, Profile info, city/location.
Member Questions: [CUSTOMIZE — List your Member Questions or state "We do not collect additional information."]
Content you create: Posts, comments, messages, uploaded files.
Transactions: Purchase history, Membership status. (Payment card details stored by Stripe, not us.)
Activity: Content viewed, Channels accessed, Benefit usage.
4. How We Use Your Information
To: operate our Space and manage Memberships; process transactions and deliver Benefits; communicate with you; improve our Space; enforce Terms and Community Guidelines; comply with law. [CUSTOMIZE: Add any other uses.]
5. How We Share Your Information
We do not sell your personal information.
With other Members: Profile, posts, Directory listing (based on settings).
Service providers: Commonspace (platform), Stripe (payments). [CUSTOMIZE: List others you use.]
Integrations: [CUSTOMIZE: If you use Discord/Zoom/etc., describe data sharing. Delete if not used.]
Legal: When required by law or to protect rights.
Business transfers: In a sale or merger.
6. Data Retention
We retain your information only as long as necessary to operate our Space and serve you. Membership data and content you create are deleted or anonymized within 90 days after you leave our Space or close your account. [CUSTOMIZE if you need a longer period for legitimate business reasons.] Transaction records are kept for 7 years as required by tax and financial regulations. Some information may be retained longer where required by law or to resolve an active dispute.
7. Your Rights
You can update your profile via Commonspace account settings, manage your notifications, and leave our Space at any time. Depending on your location, you may also have the right to access, correct, delete, or receive a copy of your personal information, object to or restrict certain processing, and withdraw consent where processing is based on consent.
To exercise any of these rights, contact us at [YOUR PRIVACY EMAIL].
8. EEA, UK, and Swiss Users (GDPR)
[KEEP this section if you are based in the EEA, UK, or Switzerland, OR if any of your Members are located there. If unsure, keep it.]
We process your personal data on the following legal bases: performance of our membership contract with you; our legitimate interests in operating the Space; your consent where requested; and legal obligations.
You have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. To exercise these rights, contact us at [YOUR PRIVACY EMAIL]. We will respond within 30 days.
[CUSTOMIZE: If you transfer Member data outside the EEA to an external tool or service, specify your legal transfer mechanism. If you only use Commonspace's platform without exporting Member data externally, Commonspace's Standard Contractual Clauses cover this transfer — no action needed.]
You may lodge a complaint with your local data protection supervisory authority. A list of EEA authorities is available at edpb.europa.eu. UK residents may contact the ICO at ico.org.uk.
9. California Residents (CCPA/CPRA)
[KEEP this section if any of your Members are based in California.]
Subject to certain limitations, you have the right to know what personal information we collect and how we use it, request deletion or correction of your personal information, opt out of the sale or sharing of your personal information (we do not sell personal information), limit the use of your sensitive personal information, and not be discriminated against for exercising your privacy rights.
To exercise any of these rights, contact us at [YOUR PRIVACY EMAIL]. We will respond within 45 days of receipt.
10. Children's Privacy
Our Space is available only to individuals who are 18 years of age or older, consistent with Commonspace's platform requirements. We do not knowingly collect personal information from anyone under 18. Contact us if you believe we collected information from someone under 18.
11. Security
Your data is protected by Commonspace's security infrastructure, including encryption in transit and at rest, secure access controls, and Stripe's payment security standards. We limit internal access to your personal information to what is necessary to operate the Space.
[CUSTOMIZE: If you export or use Member data in external tools such as email marketing platforms or CRMs, describe the security measures you apply to that data here.]
No method of transmission or storage is 100% secure. If you suspect unauthorized access to your data, contact us at [YOUR SUPPORT EMAIL].
12. Cookies and Analytics
Our Space uses Commonspace's platform cookies necessary to operate the Service. [CUSTOMIZE: If you use additional analytics tools on your custom domain, list them here with a link to their privacy policy and an opt-out mechanism.] [DELETE this customize prompt if you use no additional tracking tools.]
13. Third-Party Links
Our Space may link to third-party sites. This Policy doesn't apply to them.
14. Changes
We may update this Policy. Material changes notified via Space or email. Continued use = acceptance.
15. Contact Us
[YOUR LEGAL BUSINESS NAME]
Privacy: [YOUR PRIVACY EMAIL] | Support: [YOUR SUPPORT EMAIL] | Website: [YOUR SPACE URL] | [YOUR MAILING ADDRESS]
[Note: A physical address is required for GDPR compliance if you have EEA Members. If you prefer not to use a home address, consider a registered agent or P.O. Box.]
For Commonspace platform privacy: https://common.space/privacy-policy
16. Summary
Key points: We receive info from Commonspace when you join; we may collect additional info via Member Questions; we use data to operate our Space; we don't sell data; payments handled by Stripe; you control your data via settings; we comply with applicable privacy laws.
BY JOINING [SPACE NAME], YOU ACKNOWLEDGE THIS PRIVACY POLICY.
CHECKLIST — DELETE BEFORE PUBLISHING
□ [SPACE NAME] □ [YOUR LEGAL BUSINESS NAME] □ [SHORT NAME] □ [YOUR SPACE URL] □ [DATE]
□ [YOUR PRIVACY EMAIL] □ [YOUR SUPPORT EMAIL] □ [YOUR MAILING ADDRESS]
□ Member Questions listed □ Service providers listed □ Integrations (or deleted)
□ GDPR section (keep/delete) □ CCPA section (keep/delete) □ Age requirement
□ Security measures □ Matches actual practices □ Legal review