Privacy and Data Protection

Reframe is committed to user privacy. This is why we follow GDPR guidelines to ensure protection of user data. Click here for more information on what the GDPR is and why it is important.

We acknowledge that many of our users are from refugee communities and therefore experience heightened vulnerability compared to other groups. Reframe is created and managed by Cohere (formerly Xavier Project), an INGO specialised in refugee aid and development in partnership with 2 refugee-led organisations based in Kenya. Promoting and safeguarding the wellbeing of refugees and other vulnerable people is our top priority.

Data Storage

User data is stored across 2 separate services:

• All data, except for user-submitted images, is stored on Amazon AWS cloud servers in the United States. This service has world-leading security and data protection mechanisms in place and is also GDPR-compliant. You can read more about AWS security here.
• Images are hosted externally on Imgur, a popular image hosting service. You can read their privacy policy here. They remove all EXIF metadata from image uploads and randomise image filenames to maintain user privacy. They are also GDPR-compliant.

Public vs Private Data on Reframe

The vast majority of user-submitted data on Reframe is publicly visible and is designed to be this way. This is made clear both on the Sign Up page and on the Manage Profile page. Below is an overview of which user data is public, and which is private.

Private Data

All private user data on Reframe is stored exclusively on Amazon AWS servers and is encrypted. This includes:

• User Passwords
• Browser Login Tokens
• Activation Status of User Accounts
• Email Verification Tokens

Public Data

This is user-submitted data that is designed to be publicly visible, and includes:

• User Profile Photos
• Organisation Email Addresses
• Profile Promo Photos and their text Captions
• Profile Promo Videos
• Organisation Descriptions, Descriptions of Communities and Beneficiaries, and other text descriptions supplied by users on the Manage Profile Page
• Location, Annual Budget, Annual Participant Reach and other data types supplied by users on the Manage Profile Page

Cookies

Reframe does not utilise cookies, except for browser login tokens for normal account fuctionality. This is only relevant for users who have signed up and activated their accounts.

Account Deletion

An option for users to delete their accounts is available in the Manage Profile page. Upon account deletion ALL user data is deleted from the site's servers and is irretrievable. This is an intentional measure to protect user data and privacy.

Data Protection Officer and Contact Information

Reframe has a designated Data Protection Officer who can be contacted at info@xavierproject.org. All queries about Data Protection or the running of the website should be sent to this address.