Privacy, PII, and what we publish
Some colift tasks involve volunteers contributing observations or knowledge that can include personal information, their own or others'. This describes how that's handled.
Principles
We collect only the information a task actually needs to produce its deliverable.
Before any aggregate output is distributed, submissions are screened for personal information, and redacted where appropriate.
Personal data is retained only as long as it's needed for the deliverable and the verification record.
Outputs are distributed free to mission-aligned recipients, but "free" does not mean "fully public." Access is controlled to protect privacy. Some outputs are aggregated and de-identified before any release.
Health-adjacent data, images of identifiable people, and content about vulnerable individuals receive stricter handling.
What we ask of volunteers
Where a task could involve personal information, the instructions tell you what to include and what to leave out. As a general rule:
- Don't include your Social Security Number, full birth date, financial account numbers, or government ID numbers.
- Don't include personal information about identifiable other people without their knowledge.
- When photographing public spaces or storefronts, avoid capturing faces or identifying details of bystanders where possible.
What we don't do
We don't sell volunteer data. colift is funded by grants and donations. We are not a data broker.
We don't use AI to detect AI in your work. We are not surveilling your tooling. We are auditing whether genuine effort produced a usable contribution.
We don't require ID.me, facial recognition, selfies, or SSN collection. The state already verified your identity through SNAP enrollment. colift attests to your work, not your identity.
Activity monitoring
The platform monitors active engagement during a task. The timer, idle detection, and scroll/tap signals exist for one reason: to certify actual measured time. The monitoring is task-bound. It runs only while a task session is active. The Privacy Policy describes it in full.
Legal note
California nonprofits sit largely outside the CCPA/CPRA's core, but data-breach and other privacy duties remain. The privacy program is reviewed by counsel.