Privacy notice — Enrollment
How the Cooperative Computing Alliance handles the personal information you share when you apply for a CCA account.
This page is the short version. For the full picture of what we collect, what we share, and what we don't, read how CCA uses participant data.
What we collect
- Your name (and preferred name and pronouns, if you choose to provide them).
- Your date of birth (optional).
- Your primary email address.
- Your chosen CCA username (account-only path) or your organization's SAML metadata (federation path).
- Your phone number and postal address (optional).
- Technical signals used to detect abuse: IP address, user-agent, Cloudflare Ray ID, bot-management score and the result of Turnstile challenges.
How we use it
- To process and review your application for CCA membership.
- To contact you about your application.
- To prevent fraud and abuse of this service.
- To create your CCA account if your application is approved.
Who we share it with
Email and address validation is performed by upstream providers: Cloudflare Email Routing for delivery, the Phone Carrier Lookup partner for phone validation, USPS for address validation, and the Domain Security Information service for sender-domain classification. None of these providers receive identifying combinations of fields — they receive only the field they are asked to validate.
We use Cloudflare Turnstile as our bot-protection challenge. When you submit a form, Turnstile processes a limited set of signals (IP, user-agent, behavior heuristics) to decide whether the request is human. Turnstile is operated by Cloudflare and its data handling is governed by the Cloudflare Turnstile Privacy Addendum.
How long we keep it
- Drafts not submitted: deleted after 24 hours.
- Submitted applications: kept for 12 months after approval or rejection.
- Audit logs of your interactions with this service: kept for 24 months.
Your rights
You can request a copy, correction or deletion of your data at any time by contacting privacy@coopalliance.org.