1. What We Collect
We collect organizational data (legal name, registration ID, jurisdiction, EIN, tax status, age), document-vault content (Form 990s, audited financials, bylaws, board roster, COI/whistleblower/retention policies), beneficial-owner disclosures (name, ownership %, country, PEP status), personnel disclosures (name, role, FTE, signer status), application content (narrative, budget, outcome metrics), and account/usage data (email, role, IP, timestamps).
2. Why We Collect
To verify your eligibility, run sanctions and beneficial-ownership screening, score your applications via the Verdict Engine, generate CREB attestations, monitor active grants, and surface bad-actor patterns across the Foundation network.
3. Per-Jurisdiction Notes
- EU / UK / Switzerland: GDPR / Swiss FADP. Lawful basis: contract performance + legal obligation + legitimate interest. DPO: [email protected].
- Brazil: LGPD (Lei nº 13.709/2018). Lawful basis: contract + legal obligation + legitimate interest.
- Singapore: PDPA (Act 26 of 2012). Consent + legitimate interest.
- UAE: PDPL (Federal Decree-Law No. 45/2021). Contract + legal obligation.
- United States: Sectoral law (GLBA, state privacy laws as applicable). California residents have rights under CCPA.
4. Your Rights
Right to access, rectification, erasure, restriction, portability, objection, and (where applicable) withdraw consent. Contact [email protected].