Privacy Policy

Zyra Trust Foundation ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, who we share it with, and your rights regarding your personal data. This policy applies to information collected through our website zyratrust.org, our applications, forms (including SurveyHeart forms linked from our site), donation pages, email communications, and other related services (collectively, the "Services").

1. Information We Collect

Information you provide directly

When you use our Services (for example, applying for support, contacting us, or donating), you may provide personal information such as:

• Full name
• Email address and phone number
• Mailing address (required if a check or correspondence is needed)
• Date of birth (when necessary to verify eligibility)
• Details about your situation (medical, financial, or other) that you voluntarily include in an application
• Relationship information (if applying on behalf of another person)
• Supporting documents you upload (medical bills, receipts, identity documents) — note: we request sensitive documents only when necessary and securely.

Information we collect automatically

We automatically collect certain information when you visit and interact with our website, including:

• IP address and approximate location
• Device and browser information
• Pages visited and actions taken on the site
• Referring website or ad that brought you to our site
• Cookies and similar tracking technologies (see Cookies below)

Information from third parties

We use third-party services (for example: SurveyHeart for forms, payment processors like Stripe or PayPal for donations, analytics providers, and social media platforms). Those services may share information with us according to their own privacy policies (for example, a donation confirmation or anonymized analytics data).

2. How We Use Your Information

We use personal information for legitimate and necessary purposes, including:

• Processing and reviewing applications for support, and contacting applicants about eligibility and next steps
• Processing donations, issuing receipts, and providing donor communications
• Operating, maintaining and improving our website and Services
• Responding to inquiries, support requests, and communications
• Complying with legal obligations and preventing fraud
• Sending operational messages and important notices (e.g., changes in policy, application updates)
• Performing analytics to understand how people use our Services and to improve outreach and program delivery

3. Legal Bases for Processing (EEA/GDPR)

If you are located in the European Economic Area (EEA), we rely on the following legal bases for processing personal data where applicable:

• Performance of a contract: to perform obligations (for example, processing donations or an application)
• Consent: where you have given explicit consent (for example, if you opt in to receive marketing emails)
• Legitimate interests: where processing is necessary for our legitimate interests (for instance, security, fraud prevention, or improving our Services), provided your rights do not override those interests
• Legal obligations: to comply with laws or regulatory requirements

4. Sharing & Disclosure

We do not sell your personal information. We may share personal information in the following limited circumstances:

• Service providers: Trusted third-party vendors that provide services such as form hosting (SurveyHeart), payment processing (e.g., Stripe, PayPal), email delivery (e.g., Mailchimp), analytics (e.g., Google Analytics), and hosting. These providers process data on our behalf and are contractually required to protect your information.
• Law enforcement and legal requests: If required by law, court order, or to respond to valid legal process.
• Protection of rights: To prevent or investigate fraud, security or technical issues, or to protect our rights, property, safety or that of others.
• With your consent: We may share information with third parties if you request or authorize us to do so (for example, with health providers, legal advisors, or family members you ask us to contact).

5. Cookies, Tracking & Third-Party Tools

We and our third-party partners use cookies and similar technologies to collect information about your activity and device. Cookies may be used for:

• Essential site functionality (session cookies)
• Analytics and performance (to understand site usage and improve services)
• Advertising and social media integrations (for example, Facebook Pixel to measure ad performance)

You can manage cookie preferences through your browser settings or via any cookie preference tool we provide. Blocking cookies may affect some features of the website.

6. How Long We Keep Data

We retain personal information only as long as necessary for the purposes described in this Privacy Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Typical retention examples:

• Application records and supporting documents: retained for the duration necessary to evaluate the application and for a reasonable period afterward (commonly 3–7 years depending on legal and accounting needs)
• Donation and financial records: retained for accounting, tax and legal obligations (commonly 7 years)
• Marketing preferences: retained until you opt out

7. Security

We implement administrative, technical and physical safeguards designed to protect personal information against unauthorized access, loss, misuse or alteration. Examples include encryption for data in transit (HTTPS), access controls, secure storage, and staff training. While we take reasonable steps to protect data, no system is completely secure — if a breach occurs we will follow applicable laws, including notifying affected individuals and authorities as required.

8. Donations & Payment Processing

When you donate through our website, payments are processed by third-party payment processors (for example Stripe or PayPal). We do not store complete payment card information on our servers. The information you provide to payment processors is handled according to their privacy policies. You may receive a donation receipt from us for tax or record purposes.

9. Forms & Supporting Documents

Applications submitted via linked forms (e.g., SurveyHeart) are stored by that form provider and/or downloaded to our secure systems. For verification, you may be asked to submit supporting documents (medical bills, receipts, ID). We only request sensitive or identifying documents when strictly necessary and we will provide secure instructions for upload. If you prefer not to upload a document online, contact us for alternative arrangements.

10. Children & Minors

We do not knowingly collect personal information from children under 13 (or higher minimum age where required by local law). If you are applying on behalf of someone under the age of consent in your country, you must have the legal authority to do so and confirm that you have parental/guardian permission. If we learn that we have collected information from a child without appropriate consent, we will take steps to delete it.

11. International Transfers

Our Services are operated from the United States and personal data may be transferred to, stored, and processed in the U.S. or other countries. Where required, we will take appropriate safeguards to ensure adequate protection for personal data (for example, standard contractual clauses).

12. Your Rights

Depending on your location, you may have rights such as:

• Access: request a copy of your personal data
• Correction: request correction of inaccurate information
• Deletion: request deletion of your data where permitted by law
• Restriction: request limitation of processing
• Data portability: request your data in a structured, machine-readable format
• Objection: object to certain processing, such as marketing

To exercise your rights, contact us at support@zyratrust.org. We may need to verify your identity before responding. We will respond according to applicable law.

13. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) including the right to request categories of personal information collected, right to deletion, and right to opt out of sale of personal information (we do not sell personal information). To submit a request, contact support@zyratrust.org.

14. Third-Party Links & Social Media

Our site may contain links to third-party sites, widgets, plugins and social networks. Those sites have their own privacy practices which we do not control. We encourage you to read their privacy policies before providing personal information.

15. Changes to this Policy

We may update this Privacy Policy from time to time. When changes are significant, we will post a prominent notice on our site and update the effective date. Continued use of our Services after such changes constitutes acceptance of the revised policy.

16. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, please contact our Data Protection Contact:

Zyra Trust Foundation
275 Seventh Avenue, 22nd Floor
New York, NY 10001, USA
Email: support@zyratrust.org
Phone: +1 (213) 636-0714

17. Additional Notes for Facebook Ads

To support Facebook Ads compliance, we note:

• We collect only necessary applicant data and explicitly state why mailing addresses are requested (for check disbursement or official correspondence).
• We do not make guaranteed financial promises in our ads or on our site — application review and eligibility determination are required.
• We link to third-party form providers (SurveyHeart) and payment processors and use standard analytics and advertising pixels to measure ad performance. If you wish to opt out of advertising tracking, you may adjust your browser settings or device preferences.

Effective date: May 15, 2025

Last updated: May 15, 2025