This Privacy Policy explains how R2 Innovative Technologies, LLC ("R2IT," "we," "us") collects, uses, and shares information in connection with the Teamworks volunteer management platform (the "Service").
1. Who We Are and Our Role
R2IT provides the Service to organizations that manage volunteers — for example, events, tournaments, and nonprofit programs (each, a "Customer"). When a Customer uses the Service to manage their volunteer program:
- The Customer is the controller of personal information about their administrators, coordinators, and volunteers ("Customer Data"). The Customer decides what data to collect and how it is used within the Service.
- R2IT is a service provider / processor that hosts and operates the Service on the Customer's behalf, under the terms of the agreement between R2IT and that Customer.
If you are a volunteer, coordinator, or administrator using the Service through a Customer, please consult that Customer's own privacy notice for information about how they handle your data. Questions about Customer Data should be directed to the Customer first.
This Policy also applies to information R2IT collects directly through the Teamworks public website (teamworks.r2it.com) and direct interactions with R2IT (sales inquiries, support requests).
2. Information We Collect
2.1 Information you provide
Depending on how you use the Service, we may receive the following categories of personal information:
| Category | Examples |
|---|---|
| Identifiers | Name, email address, phone number |
| Contact information | Postal addresses (home, seasonal, shipping) |
| Demographic information | Date of birth, gender (optional and Customer-controlled) |
| Emergency contact | Emergency contact's name, phone number, relationship |
| Medical information | Physician name and phone, voluntarily disclosed conditions or accommodations |
| Affiliation | Employer, school, or other group affiliation |
| Role credentials | Driver's license number, collected only when required by an assigned role (e.g., cart operation) |
| Account credentials | Authentication identifiers managed through our identity provider |
| Order and payment information | Merchandise orders; payment card brand and last four digits only |
| Communications | Messages you send to R2IT or that are sent through the Service |
We do not collect or store: Social Security numbers or other government-issued identifiers (other than driver's license numbers where required by a role); full payment card numbers (handled by a PCI-DSS-compliant payment processor); biometric identifiers; or precise geolocation data.
2.2 Information collected automatically
When you use the Service, we automatically collect limited technical information: device and browser information (user agent, screen size); IP address (for security, abuse prevention, and operational diagnostics); log data (timestamps, URLs accessed, error data); and session and authentication cookies necessary to keep you logged in. We do not use third-party advertising or cross-site tracking cookies.
2.3 Information from third parties
If a Customer imports volunteer records from another system, that data is provided to us by the Customer. We are not the source of that data.
3. How We Use Information
We use personal information to:
- Provide the Service. Authenticate users, render the appropriate views, process registrations and orders, deliver notifications, and otherwise operate the Service.
- Maintain security. Detect and prevent unauthorized access, fraud, and abuse; audit user activity.
- Communicate with you. Send transactional messages (assignment confirmations, password resets), respond to inquiries, and provide support.
- Improve the Service. Diagnose technical issues, measure feature usage in aggregate, and develop new features. We do not use Customer Data to train machine-learning models without that Customer's consent.
- Comply with legal obligations. Respond to lawful requests, enforce our agreements, and protect our rights.
We do not sell personal information and we do not share it with third parties for cross-context behavioral advertising.
4. How We Share Information
We share personal information only in the following circumstances:
- With the Customer. Customer Data is accessible to that Customer's administrators in accordance with the role-based permissions they configure.
- With subprocessors. We use a small number of vendors to operate the Service (hosting, authentication, email delivery). Each is contractually required to protect personal information. The current list is published at /security/subprocessors.
- For legal reasons. If required by law, subpoena, or other legal process, or to protect the rights, property, or safety of R2IT, our Customers, or others.
- In a business transfer. If R2IT is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and provide options where required by law.
5. How We Protect Information
We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Key controls include:
- TLS encryption for all data in transit
- AES-256 encryption at rest for databases and backups
- Federated authentication with optional multi-factor authentication
- Role-based access control with tenant isolation
- Audit logging of changes to records
- Access to production systems limited to authorized R2IT personnel using least-privilege, short-lived credentials
A summary of our security program is available at /security.
No system can be guaranteed completely secure. In the event of a security incident affecting your information, we will notify affected Customers and, where required by law, affected individuals.
6. Data Retention
We retain personal information for as long as needed to provide the Service to the Customer. After a Customer's subscription ends, Customer Data is retained for 30 days to allow for export, then purged from production systems within 60 days. Encrypted backups age out within 30 days thereafter.
We may retain limited information for longer where required by law (for example, financial records) or where necessary for fraud prevention and legal claims.
7. Your Rights and Choices
Depending on where you live and your relationship to a Customer, you may have the following rights:
- Access. Request a copy of the personal information we hold about you.
- Correction. Ask us to correct inaccurate information.
- Deletion. Ask us to delete information, subject to legal retention requirements.
- Portability. Receive a copy of certain information in a portable format.
- Opt out of "sale" or "sharing" (as those terms are defined under California law). We do not sell or share personal information as defined.
If you provided your information to a Customer, please direct requests to that Customer first; we will assist the Customer in fulfilling verified requests.
To exercise rights with respect to information R2IT controls directly, email privacy@r2it.com. We will respond within the time required by applicable law (generally 45 days under CCPA).
Authorized agents. You may designate an authorized agent to submit a request on your behalf. We will require verification of the agent's authority.
Non-discrimination. We will not deny service, charge a different price, or provide a different level of service because you exercised a privacy right.
8. State-Specific Disclosures
This section provides disclosures required by certain U.S. state laws.
California (CCPA/CPRA). Categories of personal information collected in the past 12 months are listed in § 2. We have not sold or shared personal information for cross-context behavioral advertising in the past 12 months. Sensitive personal information collected (medical and demographic data) is used only to provide the Service and is not used for purposes requiring opt-out.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA). R2IT acts as a processor on behalf of Customers. Consumers should direct rights requests to the relevant Customer; we will assist as required.
New York (SHIELD Act). We maintain reasonable administrative, technical, and physical safeguards as described in § 5.
Additional state-law disclosures will be added as new laws take effect.
9. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If a Customer uses the Service for programs involving minors, that Customer is responsible for obtaining any required parental consent. If you believe a child under 13 has provided information directly to R2IT, please email privacy@r2it.com and we will delete it.
10. International Users
The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. Teamworks is not currently offered for use by data subjects in the European Economic Area, the United Kingdom, or other jurisdictions with comprehensive cross-border transfer requirements.
11. Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will revise the "Last Updated" date and, where appropriate, provide additional notice (such as a banner in the Service or email to Customer administrators). Continued use of the Service after a change takes effect constitutes acceptance.
12. Contact Us
R2 Innovative Technologies, LLC
3380 Fairlane Farms Rd, Suite 9
Wellington, FL 33414
United States
Email: privacy@r2it.com
Security inquiries: security@r2it.com