Privacy & Data Security

We take your privacy and security seriously. The Pilot Program is designed so that your personal information is protected at every stage.

Data Collection & Anonymization

All data collected during the Pilot Program is anonymized at the point of entry. You will be assigned a Household ID and individual User IDs. These IDs are used on all forms and submissions instead of your name or email. The mapping between IDs and any personally identifiable information (such as your name or email address) is stored separately in Original Position’s secure database.

Because of this, the information you provide in intake forms and exercises cannot be linked back to you without access to the secure mapping database, which is restricted to authorized OP staff.

Systems We Use

Paperform
We use Paperform to collect intake and program responses. Paperform follows industry best practices, including SOC 2and GDPR compliance. All submissions are anonymized with your User ID and Household ID before being stored. You can learn more at the Paperform Trust Center.

Google Drive & Google Sheets
During the Pilot Program, some data is stored and processed in Google Sheets and Google Drive for operational purposes. Google secures all files with encryption in transit and at rest and strong access controls. Access to these files is limited to OP staff directly involved in the Pilot Program.

Secure Database (OP)
The mapping of IDs to personally identifiable information is stored in Original Position’s secure database, separate from Paperform and Google Drive. This ensures that personal information and program responses are never stored together in a single location.

Data Types Collected

We do not collect or store sensitive financial data such as bank account numbers, Social Security Numbers, or tax IDs. The information we collect is limited to what is needed for the Pilot Program, such as self-reported income, spending, and giving preferences.

Access & Security Controls

  • All systems we use rely on encryption in transit (TLS/SSL) and encryption at rest.
  • Access to identifiable information is restricted to authorized OP staff.
  • Internal access to Google Drive and Sheets is monitored and limited.
  • Payment information, if you choose to use OPDAF, is handled exclusively by Stripe, which is PCI-DSS compliant. OP does not store your payment details.

Transition Beyond the Pilot

Once the OP app is fully built, all data will be stored in a secure, SOC 2-compliant database (Supabase), reducing reliance on third-party tools such as Google Sheets. Data will no longer be anonymized at collection, but it will remain encrypted and securely managed.