Your Privacy

Data we collect about you and your project

Your Account

In order to use this tool, you must hold a valid account with the Open Data Institute. You can register for a new account here.

Upon logging in, this tool collects the following data about you:

Project Data

All the data you create is stored in a cloud database. System maintainers have access to the database for administration. Reading and extracting data for purposes other than ensuring the system is online and functioning is strictly prohibited.

In addition to what you see on the screen, each project has the following data associated with it:

Interactions Data

The system sends an "interaction message" to the ODI Customer Relationship Management (CRM) system (HubSpot) each time you do any of the following:

This data is shared so the ODI can monitor:

This data helps us measure the popularity of the system and make the case for additional development and funding.

This data is stored against your record in the CRM system and can be managed alongside your account via the Open Data Institute website.

Exercising your rights over data about you and projects

User Data

The system stores very little user data. Access to user data is not necessary as it will only tell you your own name and email.

If you wish to delete your account, you can do this from the profile page.

Note: This does not delete your ODI account, just the associated record in this system. We do not archive the account, it is deleted, and we do not store a record of this operation.

Project Data

All project data can be downloaded from within the system as JSON, which is the format it is stored in, so there is very little difference between this and the stored data. The main difference is that we remove the IDs of users your project might be shared with.

If you delete a project, it is gone. We do not archive; it is deleted there and then. The only place it will exist is within an automated backup.

Backups

We take backups of the system purely to ensure that in the event of a disaster we can restore the system to a good state. Should this happen, it may be discovered that data has been restored that a user has deleted. This is a rare occurrence, and we will contact users to let them know that a backup has been restored and communicate the impact on saved/restored data.

Tool hosting, security and data storage

The CARE tool is hosted on a Digital Ocean server in the UK which is maintained with the latest security updates.

Cloudflare is used as the content devlivery platform and to protect against attacks.

Account data (name, email, time and date of login etc) and project data is stored in MongoDB atlas which is in turn hosted on Microsoft Azure infrastructure located in Ireland. Data is encryted at REST in Azure, so Microsoft/Mongo cannot see the data. System maintainers have access to the database for administration. Reading and extracting data for purposes other than ensuring the system is online and functioning is strictly prohibited.

The tool is developed in NodeJS and regular valnerability audits are automatically carried out, reported and actioned as necessary.

The tool integrates with the ODIs website for authenticate and HubSpot for statistics reporting, please refer to the ODI privacy policy for more details.

Use of AI (OpenAI ChatGPT)

You can choose to make use of ChatGPT to assist you in the process of Consequence Scanning. Throughout the tool, you will have the option to generate suggestions and ideas for your project in order to help you identify consequences and plan risk mitigation.

In order to utilise the AI plugin, we process your input data and pass it through the plugin. You can see what data is passed to ChatGPT, along with the exact prompt we ask the AI, before choosing if you want to make use of it.

Important: No data will be passed to ChatGPT without receiving your confirmation. You are able to use the tool without using the AI functionality, simply select 'No' or 'Continue without' when prompted.

When using this tool, please consider whether it is appropriate to utilise the AI functionality and avoid entering any personally identifiable, sensitive, or commercially sensitive information into the tool. You should also refer to your own organisation's policy and apply it to the use of this tool, as required.

Always refer to OpenAI's official privacy policy and terms of service for the most up-to-date information on data handling and privacy practices.

We are not tied to OpenAI. Like many organisations, we are continually evaluating other options as well as the ability to offer a number of different models.

Contact Us

For Bugs and Issues

Please use GitHub issues to raise an issue with functionality, etc.

Everything Else

Contact us