Privacy

Workshop Commitment Tracker is an invite-only platform for client workshops and follow-up programmes. It is operated by Smart Minds Ltd., 1 Edison Str., Slatina district, Sofia 1111, Bulgaria.

For platform privacy questions, support, or rights requests, contact platforms@smart-minds.space.

The organisation that invited you to a workshop is normally the controller of workshop data. It decides why the programme runs, who participates, and how outputs are used.

Smart Minds Ltd. normally acts as processor for client workshop data in WCT and processes that data to provide secure access, workflow delivery, reminders, support, auditability, and compliance assistance.

Smart Minds may act as an independent controller for its own limited platform operations, such as account administration, security logs, support handling, and legal or business records. If Smart Minds itself decides the workshop purpose, participants, and output use for a specific engagement, the controller role may differ.

Depending on your role, WCT may process account details, business contact details, workspace membership, workshop assignment, commitments, check-ins, support requests, team wall items, final reflections, notification history, communication events, and audit logs.

WCT is designed for development follow-up. The MVP does not use scores, rankings, peer evaluation, or AI interpretation.

Participants see their own commitments, check-ins, support requests, and final reflections. They choose what to share where the workshop settings allow participant choice.

Managers see visible commitments, named check-in completion status, shared wins, aggregated support themes, aggregated momentum, and aggregated final summaries. Managers do not see private answers.

Facilitators see workshop setup, named completion, dashboard summaries, and individual private or final responses only where the workshop configuration and participant choice allow it.

Aggregated momentum is shown only when at least 3 participants responded.

Workshop data is shared only with authorised users in the relevant workspace and with service providers needed to run the platform.

Current platform providers include Supabase for authentication and database hosting, Vercel for application hosting and server-side execution, and Brevo for transactional email delivery.

Workshop records should be kept only as long as needed for the agreed service, support, legal, security, and audit purposes, then deleted or anonymised according to the customer agreement.

Depending on applicable law, data subjects may request access, correction, deletion, restriction, objection, portability, or withdrawal of consent where applicable. Because the client organisation is normally the controller for workshop data, some requests may need to be handled together with that organisation.

WCT uses HTTPS/TLS, Supabase Auth, role-based access checks, row-level security, workspace scoping, controlled server-side privileged access, essential secure-session cookies, notification controls, and audit logs.

These measures reduce risk and support accountability, but no digital system should be treated as risk-free.