Privacy Policy

Last updated: October 17, 2025

Mad Tree Foundation, Inc. (“we,” “us,” or “our”) operates https://madtreefoundation.org (“Website”) and a mobile application (collectively, the “Service”). We are a nonprofit organization incorporated in Idaho, and we respect your privacy and are committed to protecting the personal information you share with us.

This Privacy Policy describes how we collect, use, disclose, retain, secure, and manage personal information, and what your rights and choices are. By using our Service, you consent to the practices described in this policy (or in a supplemental policy we may provide for specific services).

If you have any questions or concerns about your personal data or this policy, please contact us (see “Contact Us” below).

1. Applicability and Scope

This policy applies to all personal information we collect through the Website, mobile app, event registrations, donation forms, newsletters, volunteer applications, or other interactions (online or offline) by which we collect data.
It also applies to information collected or processed by third parties on our behalf (e.g., payment processors, email marketing platforms, analytics tools).
Because privacy laws differ by jurisdiction, this policy addresses both U.S. federal requirements, Idaho-specific rules (to the extent applicable), and relevant extraterritorial requirements (for example, if you are a donor or user in another state or country).
Idaho currently does not have a comprehensive consumer data privacy statute, but it does have a data breach notification law (Idaho Code § 28-51-104 et seq.). Davis Wright Tremaine+3Securiti+3Holland & Hart+3
We also adhere to sectoral federal laws (e.g. relating to health data, financial data, children’s data) where applicable, and we aim to follow recognized best practices for data protection. Electronic Frontier Foundation+3VeraSafe+3Pillsbury Law+3

2. What Information We Collect

We collect information that you voluntarily provide, information that is passively collected, and information from third-party sources. We try to limit collection to what is necessary for our mission.

2.1 Voluntarily Provided Information

Examples include:

Contact Information: name, address, email, phone number
Donation Information: payment method, billing address, donation history
Volunteer / Application Data: resume details, interests, background checks (if required)
Registration / Event Info: dietary preferences, emergency contact, T-shirt size, attendance data
Communications: survey responses, feedback, support requests
Social Media / Public Profiles: when you connect accounts (e.g. via Facebook, LinkedIn)

2.2 Automatically Collected / Technical Data

We (and third-party services we use) may collect:

IP address, device identifiers, browser type, operating system, timestamps, pages visited, referrer URL, geolocation data (if permitted), and usage statistics
Cookies, web beacons, local storage, and similar technologies
Analytics and tracking data (e.g., via Google Analytics or other services)

2.3 Third-Party / Combined Data

We may receive information about you from:

Donor data platforms or matching programs
Publicly available sources
Partners or affiliates
Social media APIs, if you connect an account

3. How We Use Information

We use personal information for the following purposes (only as needed):

To provide, operate, maintain, and improve the Service
To process donations, issue receipts, and handle related accounting and reporting
To communicate with you (e.g. newsletters, marketing, program updates, event notifications)
To administer events, volunteer programs, and other services
To analyze usage, perform analytics, and understand how our Service is used
To detect, prevent, and respond to fraud, security incidents, or abuse
To comply with legal obligations (e.g. audits, subpoenas, reporting)
To effect mergers, acquisitions, or similar business transfers (with notice)

We will not use your personal information for purposes incompatible with the ones listed above unless we notify you in advance.

4. Disclosure and Sharing of Information

We may share personal information in the following circumstances:

Service Providers: third parties that assist us in processing payments, hosting, email marketing, analytics, background checks, etc.
Affiliates and Partners: when collaborating on programs or campaigns
Legal and Safety Reasons: to comply with laws, court orders, or to respond to lawful requests (e.g. subpoena), or to protect rights, safety, or property
Business Transfers: in case of merger, acquisition, sale of assets, etc. (with notice)
De-identified / Aggregated Data: we may share data that has been anonymized or aggregated (no longer personally identifiable)
With Consent: when you explicitly authorize us to share your data

We do not sell your personal information to third parties.

5. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected (or such longer period as required by law or reasonable for legitimate organizational purposes). When information is no longer needed, we delete, anonymize, or securely archive it.

We also adhere to any required document retention schedules (e.g. for tax, audit, or corporate governance) as required by law or good practice. National Council of Nonprofits

6. Security Measures

We implement reasonable administrative, technical, and physical safeguards to protect your personal information against unauthorized access, loss, misuse, alteration, or destruction. These measures may include:

Encryption in transit (TLS/SSL)
Encryption at rest where feasible
Strong access controls and passwords
Regular software updates and security patches
Firewalls, intrusion detection, and monitoring
Employee training and internal policies for data handling
Vendor contracts requiring confidentiality and security

However, no system is entirely infallible. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Breach Notification (Idaho Requirements)

Idaho law requires that if there is a breach of the security of unencrypted computerized personal information that materially compromises the confidentiality, integrity, or availability of that data, and that breach affects Idaho residents, we must conduct a good-faith investigation and, if misuse is reasonably likely, notify affected individuals without unreasonable delay. Centraleyes+4Holland & Hart+4Lewis Brisbois+4

We will evaluate whether the breach requires notification under Idaho law, take steps to mitigate harm, and provide notice to you (via email, postal mail, or other means) and, if required, to the Idaho Attorney General or other authorities.

To the extent permitted by law, we may delay notice if law enforcement directs us to do so or pending forensic or risk mitigation efforts.

8. Your Rights and Choices

Depending on where you live and applicable law, you may have rights to:

Access the personal information we hold about you
Correct or update inaccurate or incomplete information
Delete your personal information (subject to legal limitations)
Object to or restrict certain processing (e.g., marketing)
Opt out of fundraising communications or promotional emails
Withdraw consent where processing is based on consent

Even if not legally required, we aim to honor reasonable requests. To exercise any rights or make a request, contact us (see “Contact Us” below).

You may also unsubscribe from email communications via the link in the communication.

If we are subject to laws such as the EU’s GDPR or other international privacy laws (because we process data of residents outside the U.S.), we will provide additional rights (e.g. data portability, restriction, objection, lodging complaints).

9. International Transfers

If we transfer your personal information to locations outside your jurisdiction (e.g. storage or processing in other states or countries), we will ensure adequate safeguards (e.g. standard contractual data protection clauses, encryption, or other protections) and only transfer to locations with acceptable privacy protections.

By using the Service, you agree to the transfer of your information to jurisdictions that may have different privacy laws.

10. Cookies, Tracking & Marketing

We and our service providers may use cookies, web beacons, pixel tags, and similar technologies to collect usage data, remember preferences, enable certain functionality, and deliver relevant content or advertisements.

You can generally manage or disable cookies via your browser settings (though disabling some cookies may affect functionality). We also provide opt-out mechanisms for third-party advertising networks where required.

If you prefer not to receive targeted ads or remarketing messages, you may opt out via our communications preferences or via industry opt-out platforms (e.g. network advertising initiatives).

11. Children’s Privacy

We do not knowingly collect personal information from children under 13 without parental consent. If you believe a child under 13 has provided personal information without parental consent, please contact us, and we will take steps to delete that information.

Where applicable law requires additional protections (e.g. COPPA in the U.S.), we will comply with those requirements.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time (for example, to reflect changes in laws, technology, or organizational practice). When we do, we will provide notice by posting the revised version on the Website with a new “Last updated” date and, where appropriate, give prominent notice (e.g. via email or banner). Your continued use of the Service after changes signifies your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact:

Mad Tree Foundation, Inc.
9169 W State St #218
Garden City, ID 83714

in**@***************on.org

You may also address requests to our designated data protection contact (if applicable).