Donor Privacy Policy

HEALHEAR

HealHear Corporation Donor Privacy Policy

Effective Date: March 31, 2025

1. Our Commitment

HealHear (“we,” “our,” “us”), a 501(c)(3) nonprofit dedicated to providing free AI-driven mental health support through “Susan,” respects donor privacy. We are committed to safeguarding all donor information and maintaining trust through transparency and rigorous ethical practices.

2. Information We Collect

We collect only the information necessary to process donations and support our mission—no extraneous data. This includes:

* Personal Details: Name, address, email, phone number, donation amount.
* Payment Details: Securely processed by third-party providers; we do not store sensitive payment data.
* Device & Access Data: IP address, browser type, access times—for security, website functionality, and improvement purposes .

3. How We Use Donor Information

We use your data solely for:

* Processing and acknowledging donations.
* Providing tax receipts and legal acknowledgments.
* Reporting and financial record-keeping in compliance with IRS rules.
* Communicating mission updates, with your explicit consent.
* Ensuring website security, website optimization, and user experience improvements.

4. Legal & Ethical Compliance

* We comply with COPPA, FERPA, and HIPAA as applicable. Our donation platform is adult-only; we do not knowingly collect data from children under 13.
* HealHear does not collect, store, or process protected health information (PHI) via donations. Any health data collected outside donation channels is handled under HIPAA protocols.

5. No Third-Party Sales or Marketing Without Consent

* We do not sell, rent, or trade donor information.
* We share data only to process donations (e.g., payment processor and GoDaddy for hosting) or when legally required (e.g., subpoenas) .
* We will never share personal or donation information with marketing agencies or other organizations without your explicit permission.

6. Data Security Measures

* Donation data is encrypted end-to-end and transferred securely via SSL.
* Stored data on our site is encrypted and access-controlled.
* Hosted on GoDaddy with standard security protocols, though we always advise donors to review GoDaddy’s own privacy policy .
* We regularly update our security practices; however, no online system is 100% secure. We encourage donors to contact us if they notice suspicious activity.

7. Your Privacy Rights & Choices

You have the right to:

* Request access to personal data we hold.
* Correct inaccuracies.
* Withdraw consent for communications or request data removal (subject to legal record-keeping requirements).
* Opt out of newsletters or marketing emails by contacting Admin@healhear.com.
* Request deletion of data (e.g., under COPPA for under‑13 profiles), unless legally restricted—for example, IRS record retention.

8. Retention and Deletion

* Donor records are retained in accordance with Document Retention Policy (minimum 7 years for tax records) and IRS guidelines.
* Once legal retention periods expire, we securely destroy donor information following NIST-recommended deletion or shredding protocols.
* If you request deletion and legal obligations permit, we will permanently remove your personal data.

9. Policy Updates

* We may update this policy to reflect evolving laws or best practices.
* All changes will be posted here with a revised “Effective Date.” We encourage you to review our policy occasionally.

10. Contact & Transparency

HealHear Corporation
120 E 3rd St, #232
Front Royal, VA 22630
Email: Admin@healhear.com

* We welcome your questions, concerns, or access requests.
* Our goal: transparent governance, respectful stewardship of your trust and support.

By supporting HealHear, you affirm your acceptance of this policy.

We deeply appreciate your trust as we work together to provide free, confidential, and ethical AI mental health care.