Health Matters Clinic — Volunteer Portal

Volunteer Portal Privacy Notice

Effective Date: April 1, 2026 · Applies to: volunteer.healthmatters.clinic

This Privacy Notice explains how Health Matters Clinic ("HMC") collects, uses, stores, and protects your personal information when you use the Volunteer Portal. This notice is specific to the portal — for our general site privacy policy, visit healthmatters.clinic/privacy-policy.

1. What We Collect and Why

Account & Identity

Legal name, preferred name, email address, phone number
Date of birth (to verify age eligibility)
Address / zip code
Gender identity and pronouns (optional)
Emergency contact name and phone number
Profile photo (optional)

Application & Eligibility

Skills, certifications, languages spoken, volunteer role interests
Availability (days/times)
Background check authorization and results (via third-party provider)
SSN authorization consent (required for background screening only — HMC does not store your SSN)
Uploaded documents (certifications, IDs if required)

Participation & Activity

Shift history, hours logged, attendance records
Role assignments and team lead assignments
XP points earned and milestone achievements
Training module completion status
Survey and feedback responses
Check-in timestamps and check-in method (QR, token link, manual)
Post-event outreach reports submitted

Compliance Acknowledgments

Waiver & Release agreement (with timestamp)
HIPAA Confidentiality acknowledgment (with timestamp)
Media/photo consent status
Intellectual property agreement
Terms of Service agreement (with timestamp)

Communications

Email delivery and open status (for portal notifications)
SMS delivery status (for shift reminders and urgent alerts)
SMS consent status and opt-out history

2. SMS Text Messages

    By providing your phone number during onboarding, you consent to receive SMS text messages from Health Matters Clinic related to scheduling, shift reminders, onboarding updates, event alerts, and urgent communications. Message frequency varies. Message and data rates may apply. Reply STOP at any time to opt out. Reply HELP for assistance. Your phone number will not be shared with third parties for their marketing purposes.
  

3. Technical Data Collected Automatically

Login timestamps and session activity
IP address and browser/device type (for security and rate limiting)
Portal feature usage (pages visited, actions taken) — used in aggregate to improve the portal
reCAPTCHA v3 scores (bot detection on form submissions — no CAPTCHA shown to you)

4. HIPAA-Adjacent Information

Volunteers in clinical or client-facing roles may encounter protected health information (PHI) during events. The portal does not store client PHI. Your HIPAA acknowledgment is recorded, and all volunteers are required to complete HIPAA training before accessing client-facing roles. Any PHI encountered during service must be kept strictly confidential per HMC policy and applicable law.

5. How We Use Your Information

Process and review your volunteer application
Verify eligibility and conduct background screening
Assign you to appropriate roles and shifts
Send shift reminders, scheduling updates, and urgent alerts
Track participation hours for grant reporting and compliance
Award XP and recognize milestones
Improve the portal and volunteer experience
Comply with legal, grant, and contractual obligations

6. Who Has Access

You — your own profile, shift history, training records
Your team lead — your contact info, availability, shift assignments
HMC staff and admins — full portal access for coordination and compliance
Background check provider — name, DOB, SSN authorization only, for screening

We do not sell your information. We do not share it with advertisers.

7. Third-Party Services Used

Google Firebase / Firestore Google Cloud Run Twilio (SMS) Google reCAPTCHA v3 Google Workspace (email) Webflow (main site hosting)

All vendors operate under data protection agreements. None use your data for their own marketing.

8. Data Retention

Active volunteer profiles: retained while you are active
Shift and participation records: minimum 3 years (grant reporting requirements)
Background check results: retained per screening provider policy, not stored by HMC
Compliance acknowledgments: retained indefinitely as legal records
You may request deletion of your profile at any time — retention minimums apply to participation records

9. Your Rights

Access the personal information HMC holds about you
Request correction of inaccurate data
Request deletion of your volunteer profile (subject to retention requirements)
Opt out of SMS at any time by replying STOP
Withdraw media/photo consent at any time

10. Security

The portal uses HTTPS/SSL encryption, Firestore security rules with role-based access controls, multi-factor authentication for admin accounts, rate limiting on all public endpoints, and session token expiration. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

11. Updates

We may update this notice as the portal evolves. The effective date above reflects the most recent revision. Material changes will be communicated via email to active volunteers.

Questions about your data?

Email: privacy@healthmatters.clinic
General: contact@healthmatters.clinic
Health Matters Clinic · Los Angeles, California · healthmatters.clinic