Customer data belongs to the customer
EMPOBase processes customer records to operate the service. We do not sell, license, mine, or train models on customer data.
Privacy
Practical data protection for humanitarian work.
EMPOBase holds operational records that can affect staff, partners, donors, and communities. This page summarises the privacy position in plain language. Formal DPA terms are available on request.
Last updated June 1, 2026.
Sensitive programme data needs extra care
Beneficiary names, photos, GPS coordinates, identity documents, safeguarding records, and HR records should be treated as sensitive personal data.
Access should be explainable
User roles, tenant boundaries, signed URLs, and audit logs are designed so teams can explain who had access to which records and why.
Deletion and export are part of the service
Customers can request account export or purge support. Backup expiry and retention windows are handled through the security and DPA process.
DPA and privacy requests
Procurement, legal, and data protection teams can request the current DPA, sub-processor list, and security questionnaire responses. Use the privacy route for DPA terms and the security route for technical controls.
Contact points
- Privacy and DPA
- privacy@empobase.com
- Security disclosures
- security@empobase.com