Privacy-Safe Data Handling
Teaching volunteers real-world data privacy practices
Why This Matters
Most data projects use sanitized toy datasets. We're teaching volunteers to handle real personally identifiable information (PII) responsibly - a valuable skill for any data career. This page documents our approach.
Personal Data We Handle
We collect the following types of data across Bot Army (chatbot) and Web Garden (websites):
| Data Type | Source | Sensitivity | Retention |
|---|---|---|---|
| Name | Contact forms, chat conversations | Low | 90 days raw, indefinite aggregated |
| Contact forms, lead inquiries | Medium | 90 days raw, indefinite aggregated | |
| Phone | Contact forms (optional) | Medium | 90 days raw, indefinite aggregated |
| Chat messages | Bot conversations | Medium (may contain PII) | 90 days raw, then anonymized |
| IP address | Web server logs | Low (anonymizable) | Truncated immediately, 30 days hashed |
| Page views | Website analytics | None (already anonymized) | Indefinite (no PII) |
Our Privacy Safeguards
We implement multiple layers of protection to handle PII responsibly:
Data Minimization
Collect only what's needed for the service. No tracking pixels, no third-party analytics, no unnecessary fields.
Anonymization
Hash/truncate IP addresses. Aggregate before display. Volunteers see "47 conversations" not individual chat logs.
Access Control
Volunteers see aggregated data only. Client owners see their own raw data. Project lead has full access for troubleshooting.
Retention Limits
Chat logs kept 90 days, then anonymized. Contact forms archived after response. No indefinite raw PII storage.
Secure Storage
PostgreSQL with encrypted connections. Self-hosted (no third-party data processors). Regular security updates.
PIPEDA Compliance
Consent via client terms of service. Privacy policy posted. Individuals can request deletion.
How Aggregation Works
We never show volunteers raw PII. Here's what aggregation looks like:
❌ Raw Data (NOT Shown)
Name: John Smith
Email: john@example.com
Message: "How much for landscaping?"
Time: 2026-01-15 14:32:11
IP: 192.168.1.42✅ Aggregated Data (Shown)
This Week:
- 47 conversations
- 8 leads submitted
- Top question: "pricing"
- Peak time: 2-4pm weekdays
- Avg response time: 45 secondsThe Learning Value
Volunteers learn to design SQL queries that aggregate before display, implement role-based access control, and think about privacy at the architectural level - not as an afterthought.
PIPEDA Compliance
Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) sets rules for private sector data handling. Here's how we comply:
Consent
Users consent via website terms of service. We explain what data we collect and why. Opt-in for marketing (none currently).
Purpose Limitation
Data used only for stated purposes: answering questions (chatbot), responding to inquiries (contact forms), analytics (dashboards).
Transparency
This page documents our practices. Privacy policy posted on all client sites. Contact email for questions.
Individual Access
Individuals can request their data or deletion. Email info@laic.mywebgarden.qzz.io with requests.
Safeguards
Technical measures described above (encryption, access control, retention limits) protect against loss or unauthorized access.
Questions About Privacy?
We're happy to explain our practices in detail. Transparency builds trust.
Contact Us