Privacy Policy

Last Updated: May 15, 2026

I. Introduction

The Autheo Foundation ("Foundation," "we," "us," or "our") is a Wyoming nonprofit 501(c)(3) organization dedicated to the stewardship of the Autheo open-source ecosystem. This Privacy Policy describes how we collect, use, disclose, and otherwise process personal information in connection with our website at autheofoundation.org (the "Site") and any related services, programs, events, or communications (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Services.

II. Information We Collect

A. Information You Provide Directly

We may collect personal information that you voluntarily provide to us when you interact with the Services, including but not limited to:

• Identifiers: Your name, email address, mailing address, phone number, and other contact information when you sign up for newsletters, apply for grants or funding programs, register for events, or otherwise communicate with us.
• Commercial Information: Records of grants applied for or received, donations, event registrations, and other transactions with the Foundation.
• Professional or Demographic Information: Your job title, organization, areas of expertise, geographic location, and similar information provided in grant applications, surveys, or program participation forms.
• User Content: Any content, feedback, comments, or materials you submit through our Services, including forum posts, grant proposals, and correspondence.

B. Information Collected Automatically

When you access or use our Services, we may automatically collect certain information about your device and usage, including:

• Device Information: Your IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
• Usage Data: Pages visited, time and date of visits, time spent on pages, click-through data, referring URLs, search terms used to find our Site, and other browsing behavior.
• Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar tracking technologies as described in Section VI below.
• Log Data: Server logs that may include your IP address, browser type, referring/exit pages, and timestamps.

III. Sources of Information

We collect personal information from the following sources:

• Directly from You: When you provide information through our Services, communicate with us, apply for grants, register for events, or subscribe to our communications.
• Service Providers: Third-party service providers that assist us in operating our Services, such as analytics providers, email platforms, and hosting services.
• Publicly Available Sources: Publicly accessible databases, open-source repositories, professional networking platforms, and public records.
• Ecosystem Partners: Organizations collaborating with us on grants, programs, or community initiatives who may share information with your consent.

IV. How We Use Your Information

We may use personal information for the following purposes:

• Provide and Improve Services: To operate, maintain, and improve our Site and Services, including processing grant applications, managing programs, and facilitating community engagement.
• Manage Accounts and Applications: To manage your interactions with us, process grant and funding applications, and administer your participation in Foundation programs.
• Process Grants and Funding: To evaluate, administer, and manage grant applications, funding disbursements, and related reporting requirements.
• Marketing and Communications: To send you newsletters, event invitations, program updates, and other communications that may be of interest to you, subject to your communication preferences.
• Analytics and Research: To analyze usage patterns, measure the effectiveness of our programs, and conduct research to improve ecosystem health and community engagement.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities, and to protect the rights and safety of the Foundation and our community.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Enforce Terms: To enforce our Terms of Service and other agreements, and to protect our rights, privacy, safety, or property.

V. Disclosure of Information

We may share personal information with the following categories of recipients:

• Affiliates: Entities related to the Autheo Foundation that support our mission and operations, subject to this Privacy Policy.
• Grant Program Co-Administrators: Organizations or individuals involved in the administration, evaluation, or oversight of grant programs, where disclosure is necessary for program management.
• Service Providers: Third-party vendors that perform services on our behalf, such as hosting, analytics, email delivery, payment processing, and customer support. These providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.
• Business Transactions: In connection with any merger, reorganization, dissolution, or similar corporate event, your information may be transferred to the successor entity.
• Legal Requirements: When we believe disclosure is necessary to comply with applicable law, regulation, legal process, or governmental request; to enforce our agreements and policies; to protect the security or integrity of our Services; or to protect the rights, property, or safety of the Foundation, our users, or others.
• With Your Consent: We may share your information with third parties when you have given us your consent to do so.

We do not sell your personal information. The Autheo Foundation does not sell, rent, or trade personal information to third parties for their marketing purposes.

VI. Cookies and Analytics

Cookies are small text files placed on your device by websites you visit. We use cookies and similar technologies to operate and improve our Services, analyze usage, and remember your preferences.

How We Use Cookies

• Essential Cookies: Necessary for the Site to function properly, including session management and security features. These do not require consent under most data protection frameworks.
• Analytics Cookies: Help us understand how visitors interact with our Site by collecting information about page views, referrers, device type, and approximate geographic location. We use Google Analytics 4 (described below) for this purpose, and analytics cookies are loaded only after you grant consent through our cookie banner.
• Preference Cookies: Allow the Site to remember your preferences, such as your preferred theme (dark/light mode), and your cookie consent decision so we do not show you the banner repeatedly.

Cookie Consent Banner

When you first visit our Site, you will see a cookie consent banner at the bottom of the page with two options: Accept or Reject. We use Google Consent Mode v2, which means analytics cookies are denied by default and only activated if you click Accept. Your decision is stored in your browser's local storage and respected on subsequent visits. You can change your decision at any time by clearing your browser's site data for this domain, which will cause the banner to reappear on your next visit.

Google Analytics 4

We use Google Analytics 4 (measurement ID G-4M870FS5RV) to understand site usage and improve content. When you grant analytics consent, GA4 collects the following information through a cookie set on your device:

• Pages visited and the order in which you visit them
• Referrer (the site or search engine that brought you here)
• Approximate geographic location (city level), derived from your IP address
• Device, browser, and operating system type
• Session duration and engagement metrics

We have enabled IP anonymization, which means your full IP address is never stored by Google Analytics. We do not use GA4 for advertising, do not link GA4 to Google Ads, and do not enable Google Signals or remarketing audiences. The data retention period is set to 14 months, after which user-level and event-level data is automatically deleted. You can install the Google Analytics Opt-out Browser Add-on to block GA4 across all sites, or simply click Reject on our cookie banner to prevent GA4 from running on this site.

Managing Cookies

Most web browsers allow you to manage your cookie preferences through browser settings. You can set your browser to refuse cookies or delete cookies that have already been set. Please note that disabling cookies may affect the functionality of certain features of our Services. For more information about managing cookies, visit your browser's help documentation.

VII. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for collecting it, and the categories of third parties with whom we have shared it.
• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Portability: You may request that we provide your personal information in a structured, commonly used, and machine-readable format.
• Right to Correction: You may request that we correct inaccurate personal information we maintain about you.
• Right to Deletion: You may request that we delete personal information we have collected from you, subject to certain exceptions provided by law.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request.

VIII. California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know and Access: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting or selling the information, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: As stated above, we do not sell personal information. If our practices change, we will update this policy and provide you with an opt-out mechanism.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Do Not Track

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, our Site does not currently respond to such signals. We will continue to monitor developments around DNT browser technology and update our practices accordingly.

Shine the Light

Under California Civil Code Section 1798.83, California residents who have an established business relationship with us may request information regarding our disclosure of personal information to third parties for their direct marketing purposes. As stated in this Privacy Policy, we do not share personal information with third parties for their direct marketing purposes.

IX. International Users

The Autheo Foundation is based in the United States, and our Services are operated from and processed in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we acknowledge the applicability of the General Data Protection Regulation (GDPR) and similar legislation. Where applicable, we will process your personal data in accordance with a lawful basis, such as your consent, the performance of a contract, compliance with a legal obligation, or our legitimate interests. You may have additional rights under the GDPR, including the right to lodge a complaint with your local supervisory authority.

X. Communications and Inquiries

A. Marketing Communications

If you have opted into receiving marketing communications from us, such as newsletters, event invitations, or program updates, you may opt out at any time by:

• Clicking the "unsubscribe" link at the bottom of any marketing email.
• Contacting us at [email protected] with your opt-out request.

Please note that even if you opt out of marketing communications, we may still send you transactional or administrative messages, such as confirmations of grant applications, responses to your inquiries, or important updates regarding your participation in Foundation programs.

We use Resend as our transactional email service provider to deliver newsletters and program-related communications. Resend processes subscriber email addresses and basic engagement metadata (delivery status, opens, clicks) on our behalf under a data processing agreement. Resend does not use this data for its own marketing purposes.

B. Contact Inquiries and Email Submissions

The Site does not currently include web-based contact forms. Instead, we publish direct email addresses for different categories of inquiry, including:

• [email protected] for general inquiries and partnership questions.
• [email protected] for privacy questions, data subject requests, and policy concerns.
• [email protected] for security reports and coordinated vulnerability disclosure under our Security Policy.

When you email any of these addresses, we receive the information you choose to provide, which typically includes your name, email address, the contents of your message, and any attachments. This information is stored within our email systems and used solely to respond to your inquiry, route it to the appropriate team member, and maintain a record of the correspondence for follow-up and recordkeeping purposes.

We retain inquiry correspondence for a period that is reasonable for the nature of the request. General inquiries are typically retained for up to 24 months unless a longer retention period is appropriate (for example, where the correspondence relates to an active grant application, partnership, legal matter, or security disclosure). Privacy and security inquiries may be retained longer where necessary to demonstrate compliance with applicable law.

We do not sell, rent, or share the content of your inquiries with third parties for marketing purposes. We may share inquiry contents with service providers (such as our email host) strictly as needed to operate our communications systems, or where required by law.

If you would like us to delete prior correspondence with you, please contact [email protected], subject to the limitations described in Section VII (Your Rights) and Section XIII (Security and Data Retention).

XI. Children

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to promptly delete that information. If you believe we may have collected information from a child under 16, please contact us at [email protected].

XII. Third-Party Links

Our Services may contain links to third-party websites, applications, or services that are not operated or controlled by the Autheo Foundation. This Privacy Policy does not apply to the practices of third parties. We encourage you to review the privacy policies of any third-party sites you visit, as we are not responsible for the privacy practices, content, or security of those sites.

XIII. Security and Data Retention

We implement commercially reasonable technical, administrative, and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider the nature of the information, the purposes for which it was collected, applicable legal requirements, and our legitimate business interests.

XIV. Changes to This Policy

We may amend this Privacy Policy at any time by posting the revised version on our Site. The "Last Updated" date at the top of this page indicates when the Privacy Policy was last revised. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

XV. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Autheo Foundation
Email: [email protected]
Website: autheofoundation.org