Skip to content

Privacy Policy

FundedYouth (“FundedYouth,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains what personal information we collect through our public website at fundedyouth.org (the “Site”), how we use it, and the choices you have about that information.

This Policy covers the public marketing website and related services we provide directly through it. Use of the FundedYouth Portal at portal.fundedyouth.org is governed by separate agreements available at docs.fundedyouth.org/agreements/.

FundedYouth is a 501(c)(3) educational nonprofit registered in California (EIN 93-4090260) with a physical location at 415 Parkway Plaza, Suite 519, El Cajon, CA 92020.


This Policy applies to:

  • Visitors to fundedyouth.org
  • People who submit forms on the Site (e.g. sponsor applications, newsletter signups)
  • Parents and guardians acting on behalf of a child under 13
  • Children under 13 only to the extent their personal information may be received by us through the Site

If you are under 13, please do not submit any personal information to us directly. Have a parent or guardian help you, or use the portal sign-up flow which is COPPA-compliant.

  • Sponsor application form (corporate sponsorship inquiries): company name, your first and last name, work email, phone number (optional), job title, industry, sponsorship level of interest, areas of interest, and any free-text message you include.
  • Newsletter signup (via embedded Zeffy form): name and email address, processed by Zeffy on our behalf.
  • Donation forms (via Zeffy and Stripe through our Portal): payment information is collected directly by Zeffy or Stripe; we do not receive or store your full payment-card details. We do receive donor name, donation amount, donation date, and email address from those processors.
  • Portal purchases and subscriptions (via Stripe): when you buy a one-time credit pack or subscribe to a monthly credit pack through the FundedYouth Portal, your card number, CVV, and expiration date are collected directly by Stripe (PCI-DSS Level 1 compliant). We do not receive or store your card details on our servers — our database only stores an opaque Stripe customer identifier so we can match your account to your Stripe records. From Stripe we receive transaction metadata (amount, date, status, the item purchased) used to display billing history and generate receipts. For monthly subscriptions, Stripe retains your card on file in their PCI-compliant vault so the recurring monthly amount can be charged. You can cancel a monthly subscription at any time from the Portal; cancellation stops future charges.
  • Direct communications: when you email, call, or visit us, we may keep records of what was discussed.

When you visit the Site, we and our service providers may automatically collect:

  • Device and browser data: IP address, browser type and version, operating system, screen size, referring page.
  • Usage data: pages visited, time spent on pages, clicks, scroll depth, search terms used on the Site.
  • Cookies and similar technologies: small files placed on your device. See Section 6 below.

[ATTORNEY REVIEW] Verify the list above matches our actual analytics and ad-tech stack at launch. If Google Analytics, Plausible, Cloudflare Web Analytics, or any pixel-based tracking is enabled, add specifics.

We may receive limited information from:

  • Zeffy (our donation and newsletter platform): donor and subscriber records.
  • Stripe (payment processing via the Portal): payment confirmations and dispute notifications.
  • Cloudflare (hosting and edge services): security logs and performance data.
  • Eventbrite or Google Calendar (when integrated for event listings): public event metadata.

We do not purchase personal information from data brokers.

The Site is not directed at children under 13. We do not knowingly collect personal information from children under 13 through the public Site.

The FundedYouth Portal at portal.fundedyouth.org is COPPA-compliant for users under 13. When a child under 13 signs up on the Portal:

  1. We collect only the minimum necessary information to create the account (name, grade, parent or guardian email, emergency contact).
  2. A separate email is sent to the parent or guardian requesting verifiable parental consent before the child’s account is activated.
  3. We do not require a child to disclose more information than is reasonably necessary to participate.
  4. Parents may review their child’s information, request deletion, or refuse further collection at any time by contacting us at info@fundedyouth.org or the dedicated COPPA channel listed in our portal agreements.

[ATTORNEY REVIEW] Verify that the portal’s actual COPPA flow matches this description. Confirm with the Portal team that:

  • Parental consent is obtained through a verifiable method (signed form, credit card transaction, government-ID check, video conference, or other FTC-approved method).
  • The verifiable consent record is retained.
  • Disclosures to third parties relating to children under 13 are accurately disclosed below.

If a parent believes their child under 13 has provided personal information through the Site, contact us at info@fundedyouth.org and we will delete the information.

We use the information we collect to:

  • Respond to inquiries (sponsor applications, partnership requests, general contact)
  • Send the newsletter to people who subscribed
  • Process and acknowledge donations
  • Operate, maintain, and improve the Site (analytics, debugging, security)
  • Comply with legal obligations (tax reporting, recordkeeping, responses to lawful requests)
  • Detect and prevent fraud, abuse, or security incidents
  • Communicate with you about programs, events, and operational changes

We do not sell personal information. We do not share personal information with third parties for their own marketing.

We share personal information only as described below.

We share limited information with vendors who help us run the Site. These vendors are contractually limited to using the information only to provide services to us:

  • Cloudflare Inc. — hosting, DNS, CDN, edge security.
  • Cloudflare Pages Functions — server-side proxy and form processing.
  • Zeffy Inc. — donation processing and newsletter management.
  • Stripe, Inc. — payment processing (Portal).
  • Google LLC — workplace email and document collaboration via Google Workspace.

[ATTORNEY REVIEW] Confirm the current vendor list. Add or remove vendors to match reality. Verify that Data Processing Agreements (DPAs) are in place with each. For each, note in which country/region they primarily process data.

We may disclose information if we have a good-faith belief that disclosure is necessary to:

  • Comply with a subpoena, court order, or other lawful request
  • Enforce our agreements (including this Policy, the Terms of Service, and Portal agreements)
  • Protect the rights, property, or safety of FundedYouth, our participants, or the public
  • Investigate suspected fraud, abuse, or security incidents

If FundedYouth merges with another organization, transfers programs to another nonprofit, or undergoes any similar transition, personal information may be transferred as part of that transaction. We will notify affected individuals before any such transfer.

We use cookies and similar technologies to:

  • Remember your preferences (e.g. dismissed banners)
  • Measure how the Site is used so we can improve it
  • Provide security (Cloudflare bot mitigation, rate limiting)

You can control cookies through your browser settings. Most browsers let you refuse cookies or alert you when cookies are sent. If you block cookies, parts of the Site may not work correctly.

[ATTORNEY REVIEW] Decide whether a cookie banner is required for your operational context. CCPA does not strictly require a cookie banner for non-targeted-advertising cookies, but if any third-party trackers (Google Analytics with advertising features, Meta pixel, etc.) are added, you likely need one + a “Do Not Sell or Share My Personal Information” link.

You may:

  • Request a copy of the personal information we hold about you
  • Correct inaccurate information
  • Delete information we hold about you (subject to legal exceptions, e.g. tax records we must retain)
  • Opt out of the newsletter at any time (every email includes an unsubscribe link)
  • Withdraw consent to processing we rely on consent for

Submit requests to info@fundedyouth.org. We will respond within a reasonable time and in any event within the periods required by applicable law.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, use, disclose, and sell or share
  • Right to delete personal information we have collected from you
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information — we do not sell or share personal information for cross-context behavioral advertising
  • Right to limit the use and disclosure of sensitive personal information — we do not collect sensitive personal information beyond what is necessary
  • Right to non-discrimination for exercising any of these rights

To exercise any right, email info@fundedyouth.org with the subject line “CCPA Request” or call (619) 728-5002. We will verify your identity before responding. You may also designate an authorized agent to make a request on your behalf.

A parent or legal guardian may request access to, correction of, or deletion of a child’s information at any time. We will honor verified parent requests promptly.

[ATTORNEY REVIEW] Decide whether to add a dedicated COPPA contact email (e.g. privacy@fundedyouth.org) and whether to publish a separate child-facing privacy notice as encouraged by AB 2273 (Age-Appropriate Design Code Act).

We retain personal information only as long as necessary for the purposes described in this Policy and to comply with our legal obligations. Specifically:

  • Donor records: retained per IRS recordkeeping requirements (currently 7 years).
  • Sponsor inquiries: retained for [ATTORNEY REVIEW — DEFAULT 3 YEARS], then deleted.
  • Newsletter subscribers: retained until unsubscribe, then suppression-list retention for [ATTORNEY REVIEW — DEFAULT 2 YEARS].
  • Portal-side data: governed by Portal agreements.
  • Server logs: typically retained for [ATTORNEY REVIEW — DEFAULT 90 DAYS].

After applicable retention periods, we either delete personal information or anonymize it so it can no longer be linked to you.

We use reasonable administrative, technical, and physical safeguards to protect personal information against loss, theft, and unauthorized access. Specifically:

  • HTTPS (TLS) for all data in transit
  • Access controls on backend systems
  • Vendors selected for SOC 2 or equivalent attestations where available
  • Limited staff access on a need-to-know basis

No system is perfectly secure. If we become aware of a breach affecting your information, we will notify you and the appropriate authorities as required by California law (Cal. Civ. Code §1798.82).

The Site is operated from the United States. If you access the Site from outside the U.S., you understand that your information may be transferred to, stored in, and processed in the United States, which may have different data-protection rules than your country.

[ATTORNEY REVIEW] If you accept donations or process applications from EU/UK residents, you may need to add a GDPR/UK GDPR section with lawful-basis disclosures and transfer mechanisms (Standard Contractual Clauses, etc.).

The Site links to external sites we do not control (Zeffy donation pages, Eventbrite events, social media, the docs site, etc.). This Policy does not apply to those sites. Review their privacy policies separately.

We may update this Policy from time to time. When we do, we will:

  • Update the “Last updated” date at the top
  • Post the new Policy at the same URL
  • For material changes that affect existing data subjects, provide notice (banner, email, or both) at least [ATTORNEY REVIEW — DEFAULT 30 DAYS] before the change takes effect

Your continued use of the Site after the effective date constitutes acceptance of the updated Policy.

For any privacy-related question or to exercise any right described in this Policy:

FundedYouth 415 Parkway Plaza, Suite 519 El Cajon, CA 92020 Phone: (619) 728-5002 Email: info@fundedyouth.org

EIN 93-4090260 · 501(c)(3) Nonprofit