By design, no. Standard surveys do not ask for names, ID numbers, phone numbers, email addresses, or exact addresses. Responses are tagged to stakeholder group, site, and selected demographic categories (for analysis), not to an individual. The only PII held in ValueScope relates to platform users (your staff, reviewers, and account managers) so they can sign in, collaborate, and appear in the review/approval trail.

Most project data in ValueScope is anonymous or effectively anonymised monitoring data. Your organisation remains the data controller and chooses the lawful basis under applicable law (e.g., UK GDPR). In practice, teams typically rely on: • Legitimate interests (monitoring social value, safeguarding, “do no harm”), and/or • Contractual obligations (requirements in grants, standards, or procurement). If you elect to collect any information that could reasonably identify a person, you must reflect that in your privacy notices and safeguards. ConnectGo acts as data processor, providing the platform under contract.

Consent is collected at the point of data collection. Before answering, participants are told: • Who is collecting the data and why • What topics are covered and how long it takes • That participation is voluntary; they may skip questions or stop at any time • How responses will be used (e.g., combined and reported as anonymous statistics) and who will see them For children and other vulnerable groups, participation follows your existing safeguarding and consent/assent procedures, even though ValueScope does not store direct identifiers.

Yes. ValueScope is designed so responses are anonymous upon entry. Protections include: • Instruments that do not ask for names, IDs, or contact details • Storage under group, site, and demographic codes, not personal identifiers • Aggregated dashboards (e.g., “Women in Site A”), not individual records • Optional suppression rules (minimum group sizes) and category aggregation for small or sensitive groups If you keep any contact links for follow-up, manage those outside ValueScope under your own procedures.

You own your data. Your organisation is the data controller; ConnectGo is the data processor. Access is controlled by: • Roles and permissions in your tenant (e.g., Manager, Project Creator, Reviewer, Field Agent, Viewer) • Need-to-know access for your named Account Manager to support onboarding, review, and sense-making No data is sold. No third party receives your project data for their own purposes without your explicit agreement.

Yes, carefully and only in fully anonymised and aggregated form, to: • Improve question banks and indicators (e.g., which items perform well) • Identify common themes, risks, and outcomes • Produce non-identifying learning notes and guidance We do not publish project-specific insights that could harm your organisation or communities without your explicit consent. Cross-project learning uses are described in our contracts and data processing documents.

ValueScope provides the digital backbone for good practice and nudges safer behaviour: • Stakeholders are named as groups, not “the community” in general • Risks identified during mapping feed directly into a Risk Register with owners and mitigations • The Theory of Change centres “what changes for whom,” including possible harms • Account Managers support teams and challenge weak stakeholder or risk work Your organisation remains responsible for field ethics, safeguarding, and feedback/grievance mechanisms.

ValueScope uses reputable cloud infrastructure with: • Encryption in transit and at rest • Role-based access control and audit trails • Regular backups and environment hardening Regional hosting options can be agreed contractually where required by procurement or regulation.

Retention is led by your policy. ValueScope supports: • Project-level retention settings and archival • Export of datasets and reports • Deletion requests for tenant content, subject to contractual and legal obligations We encourage archiving over deletion where appropriate, so longitudinal learning is preserved without exposing personal data.

If cross-border processing is required (e.g., UK ↔ East Africa), it is handled under appropriate transfer safeguards (such as Standard Contractual Clauses or equivalent mechanisms). Details are set out in our data processing terms.

AI features operate on anonymised, permission-scoped data within your tenant. The system respects role permissions and never reveals suppressed small-group outputs. Model prompts and outputs are not used to train external models.

We operate an incident response process covering detection, containment, assessment, notification, and remediation. If an incident materially affects your data, we will notify you without undue delay and cooperate to meet any regulatory duties.

You remain the owner of your project data at all times. If you decide to stop using the platform (for example, at the end of an early adopter period), you can take your data with you. 1. What data can we export? From within the Reporting area you can export the underlying data that sits behind your reports. This can include, depending on what you have used: • Project and site configuration • Stakeholder mapping • Theory of Change entries • Risk Register entries • Survey structures and survey responses • Any other modules that are surfaced in the reporting portal The export reflects what is visible in your reports, including any filters you have applied, rather than a raw dump of the entire internal knowledge base. 2. In what formats is data exported? You will be able to export your data in standard, machine-readable formats: • CSV (tabular format, easy to open in Excel or import into many tools) • JSON (structured format that most databases and data platforms can ingest directly) Because some survey and indicator data are nested, JSON is often the most faithful representation, but CSV is available where helpful. 3. What about dashboards and visualisations? From the reporting module you can also export static versions of your reports (for example as PDFs). This means you can keep: • Snapshot views of charts and tables • Executive summaries and risk overviews • Any filters or views you have selected at the time of export You receive the analysed data and static outputs, not the underlying analysis code or internal configuration scripts. 4. Who initiates the export? Exports are triggered from within the reporting interface for each relevant module. If you need a more tailored export (for example, a specific combination of modules, or support choosing between CSV and JSON), your Account Manager can help you decide what is most useful and guide you through the process. 5. What happens to our data after we leave? Details of data retention and deletion are set out in your contract and End User Licence Agreement (EULA) between the commercial partner (for example, Level) and your organisation. These documents specify: • How long project data is retained • Under what conditions it is archived or deleted • How and when you may request a final export If you are unsure of your specific retention terms, your Account Manager can point you to the relevant clause in your agreement. 6. Is exported data still anonymised? Yes. The platform is designed so that community-level data is non-identifiable: • No names, ID numbers, personal contact details or free-text personal identifiers are stored for community respondents. • Survey responses are tagged by stakeholder group, site, and demographic categories, not by individual identity. Your exports keep this structure. You retain rich, disaggregated data for analysis without accessing personally identifiable information about community members.