Privacy Policy

Privacy Policy

Last Updated: October 22, 2025

At VSTA Tomorrow (a 501(c)(3) nonprofit organization, referred to as “we,” “us,” or “our”), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://vstatomorrow.com (the “Site”), sign up for membership, or interact with our services, including email and SMS communications.

By using the Site, becoming a member, or providing us with your information, you consent to the practices described in this Privacy Policy. If you do not agree with these terms, please do not use the Site or provide us with your information.

We are based in the United States and comply with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) where relevant. For international users, we strive to align with global standards like the General Data Protection Regulation (GDPR).

1. Information We Collect

We collect information to provide and improve our membership services, send relevant communications, and manage our nonprofit operations. The types of information we may collect include:

Personal Information

• Registration/Membership Data: When you sign up for membership, we collect your full name, email address, mobile phone number (for SMS opt-in), and any optional details like interests or preferences to tailor updates.
• Payment Information: If you make a donation or purchase (e.g., event tickets), we collect billing details such as credit card number, expiration date, and CVV (processed securely via our payment provider—see Section 4).
• Communication Preferences: Your choices for email newsletters, SMS alerts, or event notifications.

Automatically Collected Information

• Usage Data: IP address, browser type, device information, pages visited, time and date of access, and referral sources (e.g., via cookies—see Section 5).
• Interaction Data: Responses to surveys, event RSVPs, or forum posts (if applicable).

We do not collect sensitive information such as racial/ethnic origin, political opinions, religious beliefs, health data, or biometric data unless you voluntarily provide it in a non-membership context (e.g., a public testimonial), in which case it is treated with extra care.

2. How We Use Your Information

We use your information solely to fulfill our nonprofit mission of providing community updates, events, and resources to members. Specific uses include:

• Membership Management: Creating and maintaining your account, verifying identity, and sending welcome confirmations.
• Communications: Delivering personalized email newsletters, SMS alerts (with your explicit opt-in), and event reminders.
• Payments and Donations: Processing secure transactions for one-time or recurring contributions.
• Service Improvement: Analyzing usage patterns to enhance the Site and member experience (anonymized where possible).
• Legal Compliance: Responding to legal requests or preventing fraud.

We will never use your data for marketing on behalf of third parties or unsolicited commercial purposes.

3. How We Share Your Information

Your privacy is paramount—we NEVER sell, rent, or share your personal information with anyone for marketing or other unauthorized purposes. Your mobile information will not be sold or shared with third parties for promotional or marketing purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.

We only disclose data to trusted service providers who help us operate, and only to the extent necessary. These disclosures are governed by strict contracts requiring them to protect your data.

Limited Sharing Partners

• Payment Processor: We share billing details (e.g., card info) with our credit card provider, such as Stripe, solely for transaction processing. They do not retain full card details on our behalf.
• Communications Services:
  • Email: Providers like Mailchimp or ActiveCampaign for sending newsletters (they handle delivery but do not own your data).
  • SMS: Telnyx for opted-in text alerts (limited to phone number and message content).
• Website Hosting/Analytics: WordPress/Elementor for Site functionality and Google Analytics for anonymized traffic insights (no personal identifiers shared).

No data is shared with advertisers, data brokers, or government entities except as required by law (e.g., subpoenas). In the event of a merger or acquisition, we would notify you and obtain consent before transferring data.

4. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including:

• Encryption for data in transit (HTTPS) and at rest.
• Access controls (e.g., role-based permissions).
• Regular security audits and employee training.

While no system is 100% secure, we strive to minimize risks. In the unlikely event of a breach, we will notify affected users and authorities as required by law.

5. Cookies and Tracking Technologies

The Site uses cookies (small files stored on your device) to enhance functionality, remember preferences, and analyze traffic. Types include:

• Essential Cookies: For login and Site navigation.
• Analytics Cookies: From Google Analytics to understand usage (you can opt out via browser settings).
• Third-Party Cookies: Limited to embedded tools like payment gateways.

You can manage cookies via your browser settings. Disabling them may limit Site features. We do not use tracking pixels or retargeting ads.

For more details, visit our Cookie Policy (if separate; otherwise, expand here).

6. Your Rights and Choices

You have control over your data. Depending on your location, you may have rights under CCPA, GDPR, or similar laws:

• Access: Request a copy of your personal information.
• Correction: Update inaccurate details.
• Deletion: Ask us to erase your data (subject to legal retention, e.g., 7 years for donations).
• Opt-Out: Unsubscribe from emails (click link in footer) or SMS (reply STOP). Revoke consent anytime via account settings.
• Do Not Sell/Share: We do not sell data, but you can request no sharing under CCPA.

To exercise rights, email [email protected]. We respond within 30-45 days. For CCPA, verified requests are free (twice per 12 months).

7. Children’s Privacy

The Site is not intended for children under 13 (or 16 in some jurisdictions). We do not knowingly collect data from minors. If we learn of such collection, we will delete it promptly. Parents/guardians: Contact us to review or remove child data.

8. International Data Transfers

As a U.S.-based nonprofit, data is stored on U.S. servers. For international members, transfers comply with Standard Contractual Clauses (for GDPR) or adequacy decisions.

9. Data Retention

We retain data only as long as needed:

• Membership info: While active + 2 years post-inactivity.
• Transaction records: 7 years for tax compliance.
• Communications logs: 1 year.

Inactive accounts are archived/deleted upon request.

10. Changes to This Privacy Policy

We may update this Policy to reflect changes in our practices or laws. Significant updates will be emailed to members and posted here with a revised “Last Updated” date. Continued use after changes implies acceptance.

11. Contact Us

Questions? Reach out to our Data Protection Officer:

VSTA Tomorrow: Email: [email protected]

Thank you for trusting VSTA Tomorrow with your information. Your support helps us build a brighter tomorrow!

×