Last updated: 2026-06-07 · Version 0.1 (draft)

The Online Amateur Radio Community (“OARC”, “we”, “us”) is a volunteer-run amateur radio community operating primarily online using various services and platforms. We aim to be open, transparent, and respectful of our members' privacy.

This Privacy Policy explains what personal data we collect, how and why we use it, how it is stored and shared, and the rights you have under UK data protection law.

This is a general policy covering OARC as a whole. Some services we run have additional, service-specific notes, listed at the end of this document.

Contact email: [email protected]

OARC is an amateur radio online club run by volunteers. It is an informal, unincorporated collective — not a registered company or charity. We use external platforms to connect our community, and we operate some services directly while others are run by individual members associated with OARC.

Where a service is not owned or directly operated by OARC, this is stated in the service-specific section.

For data protection purposes, OARC acts as the data controller for services it operates directly. In practice this responsibility is held by the volunteers who administer those services.

Depending on how you interact with OARC, we may collect:

• Username or display name
• Email address
• Callsign (if provided)
• Discord user ID

When you register for training classes or licence-related activities:

• Full name
• Email address
• Callsign (if applicable)
• Training progress, attendance, and assessment results

• IP address
• Browser or client information
• Log files for security, diagnostics, and abuse prevention

See the service-specific sections below.

We use personal data only where necessary, including to:

• operate and moderate our community platforms (e.g. Discord, forums, websites)
• archive and analyse community activity (see the Discord section)
• deliver training courses and related communications
• manage access to services such as OARC Compute or the OARC Wiki
• maintain the security and reliability of our systems
• comply with legal or regulatory obligations

We do not use your data for advertising or sell it to third parties.

Under UK GDPR, we process personal data using one or more of:

• Consent — where you explicitly provide information (e.g. signing up for training)
• Legitimate interests — for running, analysing and securing community services
• Legal obligation — where required by law

Where we rely on legitimate interests, we have judged that our use is proportionate and does not override your rights. You can object at any time (section 8).

We only share personal data when necessary:

• with service providers (e.g. hosting providers) who help us operate our services
• with instructors or volunteers involved in training activities
• with third-party AI providers, where we use AI tools (see the Discord section)
• if required by law or a lawful request from authorities

All third parties are expected to handle data responsibly and securely.

Some third-party services we use (such as Discord or Zoom) process data outside the UK under their own privacy policies, which we encourage you to review.

Where we transfer data abroad ourselves — for example via hosting or AI providers — we rely on appropriate safeguards, such as UK adequacy regulations or standard contractual clauses.

We keep personal data only as long as necessary, then delete or anonymise it:

• Community account data is retained while you remain active
• Training records are retained for administrative and regulatory reasons [period]
• Logs are retained for security and operational purposes, then deleted [period]
• Archived community activity is retained for [period]

You may request deletion of your data where appropriate.

Under UK data protection law, you have the right to:

• access your personal data
• request correction of inaccurate data
• request deletion of your data
• restrict or object to processing
• request portability of your data
• withdraw consent where consent is the legal basis

We do not carry out automated decision-making with legal or similarly significant effects. To exercise any right, contact us using the details at the top of this document.

OARC is intended for users aged 13 and over. We do not knowingly collect data from children under 13. Some training activities may involve under-18s; where they do, we take their needs into account and collect only what is necessary. If you believe we hold data on a child under 13, contact us and we will delete it.

Our website and wiki use only essential cookies needed to operate the site [adjust if you use analytics or other non-essential cookies, which require consent].

We take reasonable technical and organisational measures to protect personal data against loss, misuse, or unauthorised access. However, no system can be guaranteed completely secure. Where a security incident has occurred we will let our community know about it, and its impacts, as soon as we can.

If you have a concern about how we use your data, please contact us first at [email protected] and we will respond. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

We may update this policy from time to time. The latest version, with its revision date, will always be available on our website.

The following provide additional detail for specific OARC-related services. For questions about this policy or any service, contact us using the details at the top of the document.

• Discord is operated by a third party; your data is also subject to

Discord's own privacy policy.

• OARC moderators may access messages and logs for moderation and safety.
• We also operate bots and tooling that retain and analyse server activity

(for example message archives, per-user posting statistics, activity

  timelines, and linking activity across username changes) to run the
  community, support moderation, and produce community summaries. We rely on
  legitimate interests and retain this data for [period].
* Server activity, including messages, may be processed by AI tools and
  language models (including third-party providers, possibly outside the UK)
  to generate summaries and analysis. If you do not want your activity used
  for AI processing, you can opt out by [opt-out mechanism — e.g. messaging an
  admin / requesting a role]; we will then exclude your data from these
  features. You may also object or request erasure under section 8.

• Zoom is used occasionally for meetings and training.
• Attendance and display names may be visible to other participants.

• These services collect and redistribute radio signal data.
• Contributed data is provided freely and not sold.
• Personal data is not intentionally collected.

• Account information is used to provide access to computing resources.
• Activity may be logged for security, abuse prevention, and capacity planning.