James Scott Brown Foundation
Legal

Privacy Policy

Effective Date: April 20, 2026

1. Scope of Document

This Privacy Policy ("Policy") describes how the James Scott Brown Foundation ("JSBF," "Foundation," "we," "us," or "our") collects, uses, stores, shares, and protects personal information when you access or use the JSBF Legal Intelligence Platform at jamesscottbrownfoundation.com (the "Platform"). This Policy applies to all Users of the Platform, including nonprofit organizations, applicants, and general visitors, regardless of geographic location. By accessing or using the Platform, you acknowledge that you have read and understood this Policy.

2. Definitions

  • "Personal Data" refers to any information that identifies, relates to, describes, or is reasonably capable of being associated with a particular individual, including but not limited to name, email address, organization affiliation, IP address, and device identifiers.
  • "Processing" refers to any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, combination, restriction, erasure, or destruction.
  • "Data Controller" refers to JSBF as the entity that determines the purposes and means of processing Personal Data.
  • "Data Processor" refers to any third-party service provider that processes Personal Data on behalf of JSBF.
  • "Sensitive Data" refers to information related to child protection cases, legal matters involving minors, and other categories of data requiring enhanced protection.

3. Data We Collect

JSBF collects the following categories of Personal Data through the Platform:

3.1 Information You Provide Directly

  • Account and Authentication Data: When you authenticate through our third-party OAuth provider, we receive your display name, unique identifier, and profile information as provided by the authentication service. We do not collect or store passwords.
  • Application Information: Organization name, type, registration details, mission statement, focus areas, annual budget, staff counts, and legal service needs submitted through application forms.
  • Contact Information: Names, titles, and email addresses of organizational contacts submitted through forms on the Platform.
  • Service Usage Data: Case details, legal questions, document content, and analysis requests submitted through the Platform's legal intelligence services.
  • File Uploads: Documents, images, and other files uploaded through the Multi-Phase Processing Technology (MPPT) deep analysis system and other service interfaces.
  • Communication Data: Messages, inquiries, and correspondence submitted through the Platform's contact forms.

3.2 Information Collected Automatically

  • Device and Browser Information: Browser type and version, operating system, screen resolution, and device identifiers.
  • Usage Analytics: Pages visited, features accessed, time spent on the Platform, navigation patterns, and interaction events, collected through our analytics system.
  • Log Data: IP addresses, access timestamps, referring URLs, and HTTP request metadata.
  • Cookies and Similar Technologies: Essential session cookies for authentication and platform functionality, and analytics cookies for usage measurement. See our Cookie Policy for details.

4. Purpose and Legal Basis for Processing

JSBF processes Personal Data for the following purposes, each supported by a lawful basis:

  • Service Delivery (Contractual Necessity): To process service requests, generate legal analyses, manage cases, and deliver the Platform's core functionality.
  • Application Review (Contractual Necessity): To evaluate nonprofit applications for platform access.
  • Communication (Legitimate Interest): To respond to inquiries, provide service updates, and send operational notices about the Platform.
  • Platform Security (Legitimate Interest): To detect, prevent, and address fraud, unauthorized access, technical issues, and security threats.
  • Analytics and Improvement (Legitimate Interest): To analyze usage patterns, measure Platform performance, and improve the quality and reliability of Services.
  • Legal Compliance (Legal Obligation): To comply with applicable laws, regulations, court orders, and governmental requests.

5. Data Sharing and Third Parties

JSBF does not sell, rent, or trade Personal Data. We share Personal Data only in the following circumstances:

  • Authentication Providers: We use a third-party OAuth service for user authentication. This provider receives and processes authentication-related data in accordance with its own privacy policy.
  • Analytics Providers: We use analytics services to measure Platform usage. These providers process anonymized or pseudonymized usage data.
  • Cloud Infrastructure Providers: Platform data is hosted on secure cloud infrastructure operated by third-party providers that maintain appropriate security certifications and data processing agreements.
  • Legal Requirements: We will disclose Personal Data when required by law, court order, subpoena, or governmental regulation, or when disclosure is necessary to protect the rights, safety, or property of JSBF, our Users, or the public.
  • Grant Partners: Limited, non-identifying aggregate data may be shared with the Embassy Row Project (our funding partner) for grant reporting purposes only.

6. User Rights

Regardless of your geographic location, JSBF affords all Users the following rights with respect to their Personal Data:

  • Right of Access: You have the right to request confirmation of whether JSBF processes your Personal Data and to obtain a copy of such data.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete Personal Data.
  • Right to Erasure: You have the right to request deletion of your Personal Data, subject to legal retention obligations and legitimate business needs.
  • Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
  • Right to Restrict Processing: You have the right to request restriction of processing of your Personal Data under certain circumstances.
  • Right to Object: You have the right to object to processing of your Personal Data based on legitimate interest grounds.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.
  • Right to Opt Out of Sale: JSBF does not sell Personal Data. If this practice changes, Users will be provided with a clear and accessible opt-out mechanism.
  • Right to Non-Discrimination: JSBF will not discriminate against any User for exercising their data protection rights.

To exercise any of these rights, submit a request through the Contact page. JSBF will respond to verified requests within thirty (30) calendar days. In complex cases, this period may be extended by an additional sixty (60) days, with prior notification to the requesting party.

7. Data Retention

JSBF retains Personal Data only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods are as follows:

  • Account Data: Retained for the duration of the account relationship and for a period of twelve (12) months following account closure or last activity.
  • Service and Case Data: Retained for the duration of active service use and for a period of thirty-six (36) months following the last service interaction.
  • Application Data: Retained for twenty-four (24) months following the application decision.
  • Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for statistical purposes.
  • Log Data: Server logs are retained for ninety (90) days for security and diagnostic purposes.

8. Data Security

JSBF implements administrative, technical, and organizational safeguards designed to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit using TLS/SSL protocols, access controls with role-based permissions, regular security assessments, and secure data handling procedures. Given the sensitive nature of child protection data processed through the Platform, JSBF applies enhanced security protocols including restricted access controls and audit logging for all data related to minors.

No method of electronic transmission or storage is completely secure. While JSBF implements reasonable security measures consistent with industry standards, the Foundation cannot guarantee absolute security of Personal Data. In the event of a data breach that poses a risk to the rights and freedoms of affected individuals, JSBF will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach and will notify affected individuals without undue delay where required by applicable law.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, JSBF SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO ANY UNAUTHORIZED ACCESS TO, USE OF, OR ALTERATION OF YOUR PERSONAL DATA, REGARDLESS OF WHETHER SUCH DAMAGES ARE BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY. JSBF'S TOTAL LIABILITY FOR CLAIMS RELATED TO DATA PROCESSING UNDER THIS POLICY SHALL NOT EXCEED ONE HUNDRED UNITED STATES DOLLARS (USD $100.00).

This limitation does not apply where prohibited by mandatory data protection laws that provide for specific liability standards.

10. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the United States of America and the applicable laws of the jurisdiction in which the Foundation is organized. For Users located within the European Economic Area, the United Kingdom, or other jurisdictions with specific data protection frameworks, this Policy is intended to comply with the applicable requirements of those frameworks. Users retain the right to lodge complaints with their local data protection supervisory authority.

11. Updates and Modifications

JSBF reserves the right to update this Privacy Policy at any time. When material changes are made, the Foundation will update the "Effective Date" at the top of this page. Where required by applicable law, JSBF will provide additional notice of material changes, such as a prominent notice on the Platform. Your continued use of the Platform after the posting of changes constitutes acceptance of the updated Policy. JSBF encourages Users to review this Policy periodically.

12. Contact Information

For questions, concerns, data access requests, or complaints related to this Privacy Policy or JSBF's data practices, please contact the Foundation through the Contact page on our website. JSBF is committed to addressing all privacy-related inquiries promptly and thoroughly. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.