Privacy Policy & Legal Agreements

1. Privacy Policy

Welcome to Aaria's Blue Elephant. We respect your privacy and are committed to protecting your personal information. This policy describes the types of information we may collect from you or that you may provide when you visit aariasblueelephant.org, use our volunteer dashboard, or otherwise interact with our services — and our practices for collecting, using, maintaining, protecting, and disclosing that information.

How We Use Collected Information

• To improve user experiences: Using aggregated analytics to understand how our site is used.
• To coordinate events: Managing sign-ups and accessibility requests to ensure safe, inclusive playgroups.
• To process donations: Facilitating secure and recognized transactions through our third-party donation platform (Zeffy).
• To authenticate users: Verifying the identity of board members, volunteers, and administrators who access our internal dashboard.
• To send periodic emails: Sending users information and updates pertaining to their involvement, when they have consented to receive such communications.

California Consumer Privacy Act (CCPA) Privacy Rights

If you are a California resident, you are granted specific rights regarding access to your personal information. Aaria's Blue Elephant complies fully with the CCPA:

• Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
• Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal data. We are a nonprofit organization dedicated to our community. However, you maintain the right to direct us not to sell or share your personal information.
• Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, please submit a request to us at info@aariasblueelephant.org. We will verify your request and respond within the timeframe mandated by California law (typically 45 days).

2. Data Collection & Authentication

Our primary website hosted at aariasblueelephant.org is a static website hosted on GitHub Pages. In its static form, we do not independently collect or store personal information beyond standard browser cookies and your browser's local storage (used for theme preferences).

However, our website also provides an authenticated Volunteer and Admin Dashboard, which operates as an application and collects additional user data. This dashboard is powered by Supabase (a third-party backend-as-a-service platform) and uses Google OAuth 2.0 for authentication.

Information Collected During Authentication

When you create an account or log in via Google OAuth, we collect and store the following information via Supabase:

• Full name as provided by your Google account
• Email address associated with your Google account
• Profile photo URL from your Google account (if available)
• Authentication tokens and session identifiers used to maintain your logged-in state
• Account role (e.g., Volunteer, Donor, Board Member) assigned by our administrators
• Timestamps of account creation and last login

Third-Party Processors

• Supabase (supabase.io): Acts as our database and authentication backend. All authentication data is stored in Supabase-managed infrastructure. Supabase is SOC 2 Type II compliant. Please review Supabase's Privacy Policy.
• Google OAuth 2.0: Used for secure, passwordless sign-in. We only receive the data that Google provides upon your explicit authorization. Please review Google's Privacy Policy.
• Zeffy: Our third-party donation processing platform handles all payment card data. We do not store financial information on our servers.

Data Retention

Account data is retained for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time by contacting us at info@aariasblueelephant.org. We will process all deletion requests within 30 days.

3. Age Restrictions & Child Protection (COPPA)

In compliance with the Children's Online Privacy Protection Act (COPPA) and applicable state child protection laws, our authenticated application is strictly for use by adults (individuals who are 13 years of age or older).

Account Eligibility

• You must be at least 13 years of age to create an account or access our volunteer/admin dashboard.
• By creating an account, you represent and warrant that you are 13 years of age or older.
• Accounts are intended for adult volunteers, donors, and board members — not the children who participate in our playgroups.
• If we become aware that a user is under 13, we will immediately disable that account and delete all associated data.

Children's Participation

While our mission is to serve neurodivergent and neurotypical children at community playgroups, all data collection through our digital platform is the responsibility of the attending adult (parent or legal guardian). We do not collect personal data directly from children. Parents who share any information about their children in testimonials or event registrations do so on behalf of their child as legal guardians.

Parental Consent

If you believe that a child under 13 has provided us with personal information without parental consent, please contact us immediately at info@aariasblueelephant.org so that we can promptly investigate and take appropriate action, including account deletion.

4. User-Generated Content

Our platform allows authorized users (board members and administrators) to submit testimonials, event posts, and community stories that may be displayed publicly on our website. The following terms govern all user-generated content (UGC).

Prohibited Content

By submitting any content to Aaria's Blue Elephant's platform, you agree that you will not post content that:

• Violates any applicable local, state, national, or international law or regulation
• Infringes upon the intellectual property, privacy, or publicity rights of any person
• Contains personal identifying information about a child without explicit parental consent
• Is hateful, abusive, discriminatory, defamatory, obscene, or threatening
• Constitutes unauthorized advertising, spam, or solicitation
• Violates the privacy of any individual or discloses confidential information
• Is contrary to our mission of inclusive, compassionate community building

Content Responsibility & Liability

You are solely responsible for the content you submit. Aaria's Blue Elephant does not pre-screen all user-generated content, but we reserve the right to review, edit, or remove any content that violates these terms or that we determine, in our sole discretion, is harmful to our community or mission.

By submitting content, you grant Aaria's Blue Elephant a non-exclusive, royalty-free, perpetual license to use, display, and distribute that content in connection with our mission and services. You represent that you hold all necessary rights to grant this license.

Testimonials and Children's Images

If you submit a testimonial that includes reference to or images of children, you affirm that you are the parent or legal guardian of all minors mentioned or depicted, and that you consent to that content being displayed on our public website. We will honor any subsequent requests to remove such content.

5. Cookie Policy

Like many interactive websites, aariasblueelephant.org uses "cookies" and browser local storage. A cookie is a small piece of data specifically generated to be saved on a user's computer or mobile device.

How We Use Cookies

• Essential Cookies: We use essential cookies to perform vital functions, such as verifying user identity when logging into our Volunteer and Admin dashboards via Supabase authentication sessions.
• Functionality Cookies / Local Storage: We use browser local storage to remember your preferences (like the Dark/Light theme mode) to make your visit smoother. This data is stored only on your device and not transmitted to our servers.
• Analytics Cookies: We may use analytical cookies to observe how users interact with our site, enabling us to continuously improve our inclusive digital experience. We do not use tracking cookies for advertising purposes.

You can choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, note that some parts of the site (like the dashboard auth) may not function properly.

6. Cybersecurity & Data Protection

Because we operate an application that collects user login information and may store community data, we take our cybersecurity responsibilities seriously. We have implemented the following safeguards to protect authorized users' data:

Technical Safeguards

• Encrypted Authentication: All user authentication is handled via Google OAuth 2.0 and Supabase. We never store raw passwords. Authentication tokens are encrypted in transit using industry-standard TLS/HTTPS protocols.
• Row-Level Security (RLS): Our Supabase database enforces row-level security policies so that users can only access data they are explicitly authorized to view.
• HTTPS Everywhere: Our entire website is served over HTTPS, preventing man-in-the-middle interception of data.
• Minimal Data Collection: We only collect the data necessary to operate our service. We do not collect financial data, government IDs, or other highly sensitive personal information.
• Third-Party Security: We rely on Supabase (SOC 2 Type II compliant) and Google (ISO 27001, SOC 2/3 certified) as our authentication and data infrastructure providers, benefiting from enterprise-grade security.

Our Cybersecurity Obligations

By operating an application that collects login information, we acknowledge our responsibility to:

• Maintain the confidentiality and integrity of all user data we collect
• Promptly investigate and respond to any suspected security incidents or data breaches
• Notify affected users and relevant authorities in the event of a confirmed data breach, as required by California law (Cal. Civ. Code § 1798.29) and applicable regulations
• Regularly review and update our security practices as technology and threats evolve
• Limit access to user data to only staff or volunteers who require it to perform their organizational role

Data Breach Notification

In the event of a data security breach that is likely to result in harm to our users, we will notify affected individuals by email within 72 hours of becoming aware of the breach, to the extent practicable. Notification will include the nature of the breach, the data affected, and the steps we are taking to address it.

Limitations

While we employ robust safeguards, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of data transmitted to or from our site. Users share information at their own risk, and we recommend using strong, unique passwords for your Google account and enabling two-factor authentication.

7. Terms of Service

By accessing aariasblueelephant.org, you signify your agreement to these terms of service and our commitment to maintaining a respectful, safe, and inclusive environment.

Use of Services & Community Conduct

Aaria's Blue Elephant relies on compassion and understanding. In using our site to register for events, volunteer, or share stories, you agree not to submit or distribute content that is hateful, abusive, illegal, or contrary to our mission of neurodivergent and neurotypical inclusivity.

Account Eligibility

You must be at least 13 years of age to use our authenticated services. By creating an account, you represent that you meet this age requirement. We reserve the right to immediately terminate any account that we determine is held by a person under the age of 13.

Intellectual Property

The content, organization, graphics, design, logos (including Aaria the Elephant), and other matters related to the Site are protected under applicable copyrights and intellectual property laws. The copying, redistribution, or publication of any such matters is strictly prohibited without our express written consent.

Disclaimer of Warranties & Liability Limitation

The site and its services are provided on an "as-is" basis. While we strive for perfection and continuous uptime, we cannot guarantee that the site will be error-free or uninterrupted. Aaria's Blue Elephant is not liable for indirect, incidental, or consequential damages arising from the use of our digital platforms.

8. Donation Policy

Our guarantee is simple: all events hosted by Aaria's Blue Elephant are 100% free and inclusive for every child. We rely fundamentally on the generosity of the community to make this happen.

Acceptance and Allocation

We accept monetary donations via our secure third-party portals, and occasionally physical in-kind donations of specialized sensory equipment. All donations are used to further the direct mission of the charity, specifically to fund event venues, trained staff, accessibility resources, and operational expenses.

Refunds & Tax Deductibility

As standard practice for non-profit organizations, donations are non-refundable unless there has been a palpable error in the transaction. Please Note: Aaria's Blue Elephant is currently operating with its 501(c)(3) tax-exempt status pending. Donors should consult their tax advisors regarding the current deductibility of their contributions.

9. Vulnerability Disclosure Policy

Security is a top priority for protecting our users' data. If you are a security researcher and have discovered a security vulnerability in one of our platforms, we appreciate your help in disclosing it to us responsibly.

Safe Harbor

We will not take legal action against you or ask law enforcement to investigate you if you comply with the following guidelines:

• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
• Do not exploit a security issue you discover for any reason (e.g. no dumping of data, no extortion).
• Keep the vulnerability confidential until we are able to resolve it.

Please report any findings to info@aariasblueelephant.org

10. Security Acknowledgement

We wish to extend our deep gratitude to the ethical hackers, developers, and researchers from initiatives like Free For Charity who volunteer their time to identify and responsibly disclose security flaws. Your efforts ensure that charitable platforms like ours remain safe havens for marginalized and targeted groups.