Legal

Privacy Policy

Last updated: 11 May 2026

 

Who We Are

Core Australia (“CORE”, “we”, “our”, “us”) is a not-for-profit, community-operated platform providing WordPress, CiviCRM, and other software tools to community groups, causes, and campaigns.

This Privacy Policy applies to:

  • The main CORE website (coreaustralia.org.au)
  • Any site hosted under a CORE subdomain (e.g. *.coreaustralia.org.au, *.cibapp.net)
  • Any custom-domain site hosted on the CORE platform
  • All plugins, integrations, and tools provided by CORE

Each CORE-hosted site is operated by the organisation that controls it (“Site Owner”). Site Owners act as data controllers for the information they collect. CORE itself acts as a platform provider — similar to a hosting provider.

What This Policy Covers

This Privacy Policy explains:

  • What information CORE collects and processes
  • What information individual CORE sites collect
  • How data is stored, used, and protected
  • Your rights
  • How to contact us

Information We Collect

CORE (the platform) collects some data automatically. Each individual CORE site may also collect additional information, such as supporter data.

Information You Provide Directly

Depending on your interaction, this may include:

  • Account registration details (name, email, password)
  • Contact forms, profiles, submissions, or survey data
  • Information you upload, publish, or store on your CORE site
  • Comments you submit on a CORE-hosted website
  • Volunteer or supporter information (if managed by a Site Owner)

Automatically Collected Data

CORE may collect:

  • IP address
  • Browser and device information
  • Access logs
  • Security logs (e.g. failed login attempts)
  • Error reports
  • Anonymous analytics data
  • Session information

Sensitive Data

CORE does not intentionally collect or require government ID numbers, financial account details, medical or health information, or other highly sensitive personal information. Site Owners should avoid storing such data unless they have lawful grounds to do so.

WordPress-Specific Data Collection

All CORE sites run on WordPress. The following behaviours apply automatically.

Comments

When visitors leave comments on a CORE-hosted site, WordPress collects the data entered in the comment form, the visitor’s IP address, and their browser user agent string. This helps with spam detection and security.

An anonymised hash of your email may be sent to Gravatar to check for an associated profile image. After approval, your profile image may become publicly visible.

Media Uploads

When uploading images to a CORE site, EXIF metadata — including GPS location — may be retained in the file. Visitors can download and extract this data if present. CORE does not automatically strip metadata.

Cookies

WordPress uses several types of cookies:

  • Comment cookies — if you leave a comment, you may opt to save your name, email, and website in cookies for convenience.
  • Login cookies — authentication cookies last up to 2 days; display preference cookies last up to 1 year. “Remember Me” extends login to 2 weeks. Logging out removes these cookies.
  • Temporary cookies — a cookie is set on the login page to test whether your browser accepts cookies.
  • Editor cookies — when editing or publishing a post, a cookie stores the post ID. It contains no personal data and expires after 1 day.

Embedded Content from Other Websites

Content on CORE sites may embed third-party media such as YouTube videos, social media posts, or maps. Embedded content from other websites behaves in exactly the same way as if you visited those websites directly. These third parties may collect data about you, use cookies, and monitor your interaction with that content — particularly if you are logged in to their service.

CiviCRM Data Collection

CiviCRM is the organising and relationship management system used by CORE-hosted sites. Site Owners use CiviCRM to manage their supporters, members, volunteers, donors, and campaign contacts.

CiviCRM may store:

  • Contact details (name, address, email, phone)
  • Membership and donation history
  • Event attendance and volunteer activity
  • Survey responses and custom fields
  • Email and SMS communication history
  • Tags, notes, and relationship data

CORE provides the platform; the Site Owner is responsible for the data they collect and store in CiviCRM. If you have questions about data held by a specific site, contact that Site Owner directly.

How We Use Your Data

CORE uses platform-level data to:

  • Operate, maintain, and improve the platform
  • Provide technical support and troubleshoot issues
  • Monitor security and prevent abuse
  • Meet legal and compliance obligations
  • Communicate with Site Owners about platform matters

We do not use your data for advertising, and we do not sell it — ever.

Data Storage and Security

All CORE platform data is stored on Australian servers. We take security seriously and implement appropriate technical and organisational measures to protect your data.

These include:

  • Encrypted connections (HTTPS/TLS) across all sites
  • Restricted access to production systems
  • Regular security monitoring and patching
  • Automated and manual backups

Site Owners are responsible for managing user access and permissions within their own sites. We strongly recommend using strong passwords and two-factor authentication.

Sharing Your Information

We may share data with trusted service providers for hosting and operations, including:

  • Amazon Web Services
  • Cloudflare
  • Email and SMS providers (SES, Mailgun, SendGrid, Twilio)
  • CiviCRM services
  • Backup systems
  • Volunteer developers administering the platform

We may also disclose information if required by law, court order, or regulatory authority, or to prevent harm or illegal activity.

We never sell personal data or use it for advertising.

Third-Party Services and Integrations

CORE sites often connect to external tools such as email gateways, payment processors (Stripe, PayPal), analytics platforms, mapping services, CAPTCHA tools, and form integrations. These services may collect and process data independently under their own privacy policies. CORE is not responsible for third-party privacy practices — we encourage you to review the privacy policy of any connected service.

Data Retention

CORE retains platform-level data only as long as necessary.

  • WordPress — comments may be stored indefinitely; user profile data is stored until deleted.
  • CiviCRM — the Site Owner controls retention periods.
  • Platform closure — when a site or account is closed, data may be deleted immediately. Backups are not guaranteed. You must export your data before requesting closure.

Some log files may be retained for security or compliance purposes.

Your Rights

Depending on your location, you may have the right to access your personal data, request corrections, request deletion, object to certain processing, or request data portability.

Requests relating to data held by a specific CORE-hosted site should be directed to that site’s owner. Requests relating to platform-level data can be made to CORE directly. We may refuse requests where required by law or to maintain platform security.

Automated Decision-Making and Spam Detection

CORE and individual sites may use automated systems for spam filtering, security alerts, duplicate detection, login protection, and email deliverability checks. These systems may analyse IP addresses, browser details, submitted content, and behaviour patterns to protect the platform and its users.

International Data Transfers

CORE’s primary infrastructure is based in Australia. Some third-party services used by the platform may store or process data in other countries. By using CORE, you consent to these transfers where they occur.

Children’s Privacy

CORE is not intended for children under 16 without adult supervision. Site Owners are responsible for ensuring their use of the platform complies with relevant child data protection laws.

Changes to This Policy

We may update this Privacy Policy at any time. Significant updates will be announced on coreaustralia.org.au. Continued use of the platform after changes indicates acceptance of the updated policy.

Contact Us

For platform-level privacy concerns:

📧 [email protected]

For data stored by a specific CORE-hosted site, please contact that Site Owner directly using their published contact details.

Scroll to Top