Effective Date: November 3rd, 2025

Everyday Humanitarians Association (“Everyday Humanitarians,” “EH,” “we,” “us,” “our”) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information. By using our website, you agree to this policy.

Controller & Contact. Everyday Humanitarians Association (a federal not-for-profit under the CNCA; registered office in British Columbia) is the data controller. Mailing address: 2830 Peatt Road, Langford. Contact: [email protected].

1. Information We Collect

We collect personal information in accordance with Canadian privacy laws, including PIPEDA and, where applicable, BC PIPA.

• General user data. Name, email address, phone number, and mailing address (e.g., when you subscribe to updates, donate, or contact us). We also collect non-personal data (e.g., IP address, device/browser, pages viewed) to improve performance and security.
  
  
• Donor information. Payment details are processed by third-party providers (e.g., Donorbox/Stripe). EH does not store full credit card numbers or sensitive banking data. We may receive your name, email, donation amount/frequency, designation preferences, and general location (e.g., country) to manage donations and send impact updates. Tips: If you add an optional tip at checkout, we receive the same donor info as for donations (e.g., name, email, amount/frequency); payment credentials remain with our processors.
  
  

Children’s privacy. Users under 18 should only provide information with a parent/guardian’s consent. Our site is not directed to children under 13.

Public transparency files. Our public receipts and ledger never include donor personal data. We publish only redacted receipts and the amount sent (Net to Action); we do not publish donor names, emails, addresses, or card details.

2. How We Use Your Information

We use personal information to:

• process donations, optional tips, and generate confirmations (via Donorbox/Stripe);
  
  
• send updates about funded Actions, Goal Pot progress, and new campaigns (you can opt out anytime);
  
  
• publish transparency artifacts (our redacted receipts and links to public pages/reports); these files exclude donor personal data;
  
  
• manage optional features like the Founders/Donor Wall (shown only with your explicit consent);
  
  
• improve website usability, donation flows, fraud prevention, and security;
  
  
• meet legal/financial obligations (e.g., record-keeping, audits).
  
  

We may anonymize or aggregate data to analyze trends and engagement without identifying individuals.

Legal bases. Depending on your jurisdiction, we rely on one or more of: performance of a contract (processing your donation/subscription), legitimate interests (operating a transparent donations platform, fraud prevention, site security, basic analytics), consent (newsletters/Donor Wall), and legal obligation (record-keeping, audit/tax).

3. Data Protection and Security

We implement reasonable safeguards (e.g., TLS encryption in transit, access controls, two-factor authentication on admin/payment portals, least-privilege access, regular exports/backups). Payment data is encrypted and processed by PCI-compliant providers. Public-facing transparency shows only redacted receipts and the amount sent (Net to Action), not donor personal data. No method of transmission or storage is 100% secure. If we become aware of a data incident involving your information, we will take appropriate steps and notify you and/or regulators where required by law. Where legally required, we will notify affected individuals of a data breach.

Public transparency files (receipts & ledger). To prove impact, we publish redacted receipts and link to public third-party pages. These artifacts do not include donor personal data (we mask emails, addresses, card details, and sensitive IDs). If you spot personal information in a public file, email [email protected] and we will promptly remove or further redact it.

4. Donor Privacy

We are committed to protecting the privacy of our donors and community members.

• We never sell, rent, or trade your personal information. We do not sell your personal information to third parties for monetary or other valuable consideration.

• All donations are processed through secure, PCI-compliant platforms (Donorbox, Stripe).

• You can update or revoke your communication preferences at any time by clicking the unsubscribe link in any email or by contacting us directly.

• You may request a copy, correction, or deletion of your data by emailing [email protected].

• We respect your privacy choices and will act on valid requests within a reasonable timeframe.

• Founders/Donor Wall: We only display your name/flag emoji with your explicit permission. You can opt in/out or request removal at any time.

• Anonymous giving: You can remain anonymous; we will not publish your name without consent.

• Public proof: Our public receipts/ledger never include donor personal details.

5. Sharing Your Information

We share personal data with third parties only when:

• necessary to operate core services (e.g., Donorbox for donations, Stripe for payments, website hosting/WordPress tools, Wise for treasury/transfer services, basic analytics, newsletter delivery, internal transparency tracking);
  
  
• required by law or to respond to a valid legal request; or
  
  
• necessary to protect the safety or legal rights of EH, users, or the public.
  
  

Service providers are contracted to protect your data and use it only to perform services for EH. Examples include: Donorbox/Stripe (payments), Wise (treasury/transfer services), our website host/WordPress tooling, Google Analytics or a comparable service (basic metrics), Google Workspace/Drive (email and files), and MailerLite (newsletters). This list may change; material changes will be reflected in this policy.

6. Cookies and Tracking

We use cookies and similar technologies to operate the site, remember preferences, and understand usage. You can manage cookies in your browser settings. Where required, we will present a simple consent banner with options. For analytics, you may use your browser’s Do-Not-Track or opt-out mechanisms offered by the analytics provider. You can also opt out of Google Analytics using the provider’s add-on or your browser’s built-in controls. You can decline non-essential cookies; essential cookies are required for core site functions (security, payments). For more details, see our Cookie Policy.

7. Third-Party Services and Links

Our service providers may process/store data outside Canada (e.g., US/EU) under their own privacy policies and contractual safeguards. Where required, we use contractual safeguards (e.g., Standard Contractual Clauses) to help protect your information. We also link to external public pages for transparency; links do not imply partnership or endorsement, and those sites have their own privacy policies.

Our website may contain links to external websites we do not control. We are not responsible for the content, privacy practices, or terms of those third-party websites. 

8. Your Rights

You may access, correct, or delete your personal information (subject to legal retention requirements) and opt out of marketing at any time. To submit a request, email [email protected]. We may request reasonable information to verify your identity and will respond within a reasonable period, typically within 30 days. We will not discriminate against you for exercising your rights. If we deny your request, you may submit an appeal by replying to our response email with “Privacy Appeal” in the subject line.

Do Not Sell or Share (US visitors). We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will provide a “Do Not Sell or Share” link and honor opt-out signals as required by law.

9. Data Retention

• Donation/transaction and compliance records: retained up to 7 years (or longer if required by law).
  
  
• Newsletter/contact records: retained until you unsubscribe or request deletion.
  
  
• Aggregated/anonymous analytics: may be retained without a time limit (not personally identifiable).
• Unredacted payment/finance originals (internal, restricted access): retained 7 years.
  
  

Where feasible, data is deleted or anonymized when no longer needed for the purposes above. Backups and system logs may retain limited metadata for a brief rollover period before deletion.

10. International Users

If you are in the EU/EEA/UK or another jurisdiction with data-protection laws, you have the right to access, correct, delete, restrict, or object to certain processing, and to withdraw consent (e.g., newsletters/Donor Wall) at any time.

Legal bases we rely on include: performance of a contract (processing your donation/subscription), legitimate interests (operating a transparent donations platform, fraud prevention, site security, basic analytics), consent (marketing emails, optional Donor/Founders Wall), and legal obligations (record-keeping, tax/audit).

Data transfers. Your data may be processed outside your country (e.g., Canada/US). When required, we use appropriate safeguards (e.g., Standard Contractual Clauses) with our processors.

To exercise your rights or lodge a complaint, contact [email protected] or your local data protection authority.

Canada/BC inquiries. You may also contact the Office of the Privacy Commissioner of Canada (OPC) or, if applicable, the Office of the Information and Privacy Commissioner for British Columbia (OIPC) about your privacy rights or to file a complaint.

11. Changes to This Policy

We may update this policy from time to time. Changes are effective when posted here with an updated Effective Date. If changes materially affect your rights, we will provide additional notice (e.g., banner, email) and, where required, request consent.

12. Contact Us

For privacy-related inquiries, contact [email protected].