Security, Privacy & Data Handling

• Member and administrator sign-in uses email and password backed by the platform's managed authentication service.
• Passwords are stored as one-way hashes by the auth provider; the application does not see plaintext passwords.
• Administrative actions are gated by role checks and recorded in an internal audit log.
• Role assignments are stored separately from user profiles and require an existing administrator to grant.

• All traffic to getmadalsan.com is served over HTTPS.
• The application database enforces row-level security policies so that records are only readable by the intended role (public content, member, or administrator).
• Uploaded identity documents and signatures are stored in a private storage bucket that is not publicly readable. Administrators access them via short-lived signed URLs.

• Membership applications: name, contact details, geographic location, and supporting documents you choose to upload.
• Engagement: event registrations, volunteer interest, donation pledges, and contact-form messages.
• Account activity: sign-in timestamps and administrative actions for security auditing.
• We do not knowingly collect data from children. Submissions should be made by adults eligible for party membership.

• To review and process membership applications, candidate nominations, and volunteer registrations.
• To issue digital membership cards and to verify membership status.
• To communicate party news, event invitations, and campaign updates to people who registered for those communications.
• To meet legal and organisational record-keeping obligations.

• Active member records are retained for the duration of membership and a reasonable archival period afterwards.
• Operational logs (sign-in activity, notifications) are kept for a limited window and then aggregated into anonymous statistics.
• Backups are taken on a regular schedule and are retained for disaster recovery.
• You can request deletion of your personal data by contacting us at the address below; we will confirm what can be removed and what must be retained for legal or organisational reasons.

• Essential cookies and local storage are used to keep you signed in and to remember your language preference.
• The site does not embed third-party advertising trackers.
• If analytics are enabled in the future, this page will be updated to describe what is collected.

• Request a copy of the personal information we hold about you.
• Ask us to correct information that is inaccurate or out of date.
• Request deletion of your data, subject to the retention notes above.
• Withdraw consent for non-essential communications at any time.

Send requests to privacy@madalsan.so.

If you believe you've discovered a vulnerability in the Madalsan platform, please contact us privately first so we can investigate and remediate before any public disclosure. Include steps to reproduce and any supporting screenshots.

security@madalsan.so