Privacy Policy

Effective Date: January 1, 2025  |  Last Updated: March 9, 2026

Introduction

The Foundation of Change (“we,” “us,” or “our”) is a registered 501(c)(3) nonprofit organization. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights regarding that data when you use our website and services at thefoundationofchange.org.

Our Core Commitment

✅ We NEVER sell, share, or market your personal information to third parties.

Your data is collected solely for the purpose of program administration, certificate issuance, and court verification. We do not engage in data harvesting, behavioral advertising, or any form of personal data monetization.

Information We Collect

We collect the following categories of information:

  • Registration Information: Full name, email address, phone number, date of birth, and mailing address — used for certificate issuance and court verification.
  • Coursework Data: Article progress, time-on-task measurements, reflection responses, and assessment answers — used to track completion and verify hours.
  • Payment Information: Processed exclusively through Stripe, a PCI DSS Level 1 certified payment processor. We never store credit card numbers, CVVs, or full payment card data on our servers.
  • Usage Analytics: Anonymized page views and site performance metrics collected through Google Analytics and Vercel Analytics for service improvement purposes only.
  • Communication Records: Messages sent through our contact form or customer support channels.

How We Use Your Information

Your information is used exclusively for:

  • Administering our community service and educational programs
  • Processing payments and managing your account
  • Issuing certificates of completion with unique verification codes
  • Generating hour logs for court and probation officer verification
  • Responding to verification requests from courts, attorneys, and probation officers
  • Communicating with you about your account and program updates

Data Security

We implement robust security measures to protect your personal information:

  • Encrypted Storage: All personal data is stored in our SOC 2 compliant database infrastructure (Supabase) with encryption at rest and in transit.
  • Secure Authentication: User accounts are protected through industry-standard authentication protocols with secure password hashing.
  • PCI Compliance: Payment processing is handled entirely by Stripe (PCI DSS Level 1), ensuring your financial data never touches our servers.
  • Access Controls: Personal data access is restricted to authorized administrative personnel on a need-to-know basis.

Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We may share limited data only in the following circumstances:

  • Court Verification: We respond to verification requests from courts, probation officers, and attorneys to confirm certificate authenticity and hours completed.
  • Payment Processing: Stripe receives payment data necessary to process your transaction. Stripe's privacy policy governs their use of this data.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental regulation.

Data Retention

We retain your personal information and coursework records for a minimum of 7 years from the date of certificate issuance, as these records may be needed for court verification purposes. After this period, data may be anonymized or securely deleted upon request.

Your Rights

You have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data (subject to our legal retention obligations)
  • Opt out of non-essential communications

Cookies & Tracking

Our website uses essential cookies for authentication and session management. We also use Google Analytics (with IP anonymization enabled) and Vercel Analytics for aggregate usage statistics. We do not use cookies for behavioral advertising or cross-site tracking.

Children's Privacy

Our services are intended for individuals aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. Your continued use of our services after changes are posted constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, contact us at:

The Foundation of Change
Email: info@thefoundationofchange.org
Website: thefoundationofchange.org