Sign In
Donate

Privacy Policy

Last updated: February 16, 2026

 

1. Introduction

Without Voices Global Animal Emergency Fund (“Without Voices,” “we,” “our,” or “us”) is a 501(c)(3) nonprofit organization registered in the State of California, USA (EIN: 41-4059652). We are committed to protecting your privacy and complying with applicable data protection laws worldwide.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at withoutvoices.org (the “Site”), make a donation, create an account, or otherwise interact with us. This policy applies regardless of where you are located and is designed to comply with the privacy laws of the United States (federal and state), the European Union, the United Kingdom, Canada, Australia, Brazil, South Africa, and other applicable jurisdictions.

 

2. Information We Collect
2.1 Information You Provide Directly

Donor information — name, email address, mailing address, and phone number when you make a donation or create an account

Account credentials — email address and password when you register for an account

Payment information — processed securely by Stripe (a PCI DSS Level 1 certified processor); we never collect, store, or have access to your full credit card numbers or bank account details

Communications — messages, questions, and feedback you send through our contact forms or email

Preferences — communication and marketing preferences, cookie consent choices

User-generated content — testimonials, comments, or stories you voluntarily submit

 

2.2 Information Collected Automatically

When you visit our Site, we may automatically collect:

IP address and approximate geographic location

Browser type, version, and language

Device type, operating system, and screen resolution

Pages visited, time spent, clickstream data, and navigation paths

Referring and exit URLs

Date and time of access

 

2.3 Information from Third Parties

We may receive limited information from third-party services we use, such as Stripe (payment confirmation and fraud prevention data) and authentication providers if you sign in using a third-party account.

 

3. Legal Bases for Processing

We process your personal information based on the following legal grounds, as applicable under the laws of your jurisdiction:

Consent — where you have given clear, affirmative consent (e.g., marketing communications, non-essential cookies). You may withdraw consent at any time.

Contractual necessity — to fulfill obligations related to your donation, account, or service requests.

Legitimate interests — to operate and improve our Site, prevent fraud, and further our charitable mission, balanced against your rights and freedoms.

Legal obligation — to comply with applicable tax, financial reporting, anti-money laundering, and nonprofit regulatory requirements.

 

4. How We Use Your Information

We use the information we collect to:

Process, acknowledge, and issue receipts for your donations

Manage your account and provide donor services

Send transactional communications (donation confirmations, receipts, account notifications)

Send updates about our programs, impact, and the causes you’ve supported (with your consent)

Send newsletters and fundraising appeals (only with your opt-in consent)

Respond to your inquiries, requests, and feedback

Improve our Site, services, and donor experience through analytics

Detect, prevent, and address fraud, security issues, and technical problems

Comply with legal, tax, and regulatory obligations including IRS requirements for 501(c)(3) organizations

 

5. Donor Privacy Comm itment

We adhere to the following donor privacy principles:

We will never sell, trade, rent, or exchange your personal or donation information with any third party for their marketing purposes.

Donor lists and donation amounts are kept strictly confidential.

Anonymous donations are respected — your identity will not be disclosed publicly. Internal records may be maintained solely for legal, tax, and audit compliance.

We retain donation records as required by IRS regulations and applicable state charitable solicitation laws.

You have the right to opt out of any communications at any time without affecting your donation status.

6. Information Sharing & Disclosure

We share your information only in these limited circumstances:

Service providers — trusted third parties who assist with payment processing (Stripe), email delivery, hosting, and analytics, bound by data processing agreements and confidentiality obligations

Legal requirements — when required by law, court order, subpoena, or governmental request

Professional advisors — accountants, auditors, and legal counsel for compliance and governance purposes

Safety and fraud prevention — to protect the rights, safety, and property of Without Voices, our donors, or the public

Organizational transfers — in the unlikely event of a merger, dissolution, or reorganization, donor information may be transferred to a successor organization with a similar charitable mission, subject to the same privacy protections

We do not engage in selling personal information as defined under the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), or any other applicable privacy law.

 

7. Payment Security

All payment transactions are processed through Stripe, a PCI DSS Level 1 certified payment processor — the highest level of payment security certification. Without Voices does not collect, process, store, or have access to your full credit card numbers, bank account details, or other sensitive financial data. All payment data is encrypted in transit using TLS 1.2+ (SSL) technology.

 

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption of data in transit (TLS/SSL) and at rest

Secure, access-controlled hosting infrastructure

Role-based access controls limiting data access to authorized personnel

Regular security reviews and monitoring

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breach as required by applicable law.

 

9. Data Retention

We retain your personal information as follows:

Donation records — retained for a minimum of seven (7) years as required by IRS regulations for tax-exempt organizations and applicable state charitable solicitation laws

Account information — retained as long as your account is active, plus a reasonable period afterward for legal compliance

Communication records — retained for up to three (3) years after your last interaction

Analytics data — retained in anonymized or aggregated form; identifiable analytics data is deleted within twelve (12) months

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention procedures.

 

10. Cookies & Tracking Technologies

Our Site uses cookies and similar technologies categorized as follows:

Strictly necessary cookies — required for the Site to function (authentication, security, cookie consent preferences). These cannot be disabled.

Analytics cookies — help us understand how visitors use the Site to improve performance and content. These are only set with your consent.

We do not use advertising, retargeting, or third-party tracking cookies. You can manage your cookie preferences through our cookie consent banner or your browser settings. For EU/EEA/UK visitors, non-essential cookies are disabled by default until you provide affirmative consent, in compliance with the ePrivacy Directive and GDPR.

 

11. Your Privacy Rights

Regardless of where you are located, we honor the following rights to the extent required by applicable law:

Right of access — request a copy of the personal information we hold about you

Right to rectification — request correction of inaccurate or incomplete information

Right to erasure (“right to be forgotten”) — request deletion of your personal information, subject to legal retention obligations

Right to restrict processing — request that we limit how we use your data

Right to data portability — receive your data in a structured, commonly used, machine-readable format

Right to object — object to processing based on legitimate interests or for direct marketing

Right to withdraw consent — withdraw previously given consent at any time, without affecting the lawfulness of prior processing

Right to opt out of sale/sharing — we do not sell or share your data for advertising, but you may exercise this right at any time

Right to non-discrimination — exercising your privacy rights will not result in discriminatory treatment

To exercise any of these rights, contact us at support@withoutvoices.org. We will verify your identity and respond within the timeframes required by applicable law (typically 30–45 days). If we cannot fulfill your request due to a legal exemption, we will explain why.

 

12. United States — State-Specific Rights
12.1 California (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

Right to know — the categories and specific pieces of personal information we have collected, the sources, business purposes, and third parties with whom we share it

Right to delete — request deletion of your personal information, subject to certain exemptions

Right to correct — request correction of inaccurate personal information

Right to opt out of sale/sharing — we do not sell your personal information or share it for cross-context behavioral advertising

Right to limit use of sensitive personal information — we only use sensitive personal information for purposes authorized by the CPRA

Right to non-discrimination — we will not deny services, charge different prices, or provide different quality based on your exercise of privacy rights

Categories of personal information collected (per CCPA categories): Identifiers (name, email, IP address); financial information (donation amounts — payment details are handled by Stripe); internet/electronic activity (browsing history, device data); geolocation data (approximate, from IP address).

To submit a request, email support@withoutvoices.org with the subject line “California Privacy Request.” We will verify your identity before processing. You may also designate an authorized agent to make a request on your behalf.

 

12.2 Virginia (VCDPA)

Virginia residents have the right to:

Access, correct, and delete their personal data

Obtain a portable copy of their data

Opt out of targeted advertising, sale of personal data, and profiling

Appeal a denied request by contacting us at support@withoutvoices.org

 

12.3 Colorado (CPA)

Colorado residents have similar rights to Virginia residents, including:

Access, correct, and delete personal data

Data portability

Opt out of targeted advertising, sale, and profiling

Right to appeal within a reasonable timeframe

 

12.4 Connecticut (CTDPA)

Connecticut residents have the right to access, correct, delete, and obtain a portable copy of their data, and to opt out of sale, targeted advertising, and profiling. We will respond within 45 days and provide an appeal process.

 

12.5 Utah (UCPA)

Utah residents have the right to access and delete their personal data, obtain a portable copy, and opt out of sale and targeted advertising.

 

12.6 Texas (TDPSA)

Texas residents have the right to access, correct, delete, and obtain a portable copy of their data, and to opt out of sale, targeted advertising, and profiling. We will respond within 45 days.

 

12.7 Oregon (OCPA)

Oregon residents have the right to access, correct, delete, and obtain a portable copy of their personal data, opt out of targeted advertising, sale, and profiling, and receive a list of third parties to whom data has been disclosed.

 

12.8 Montana (MCDPA)

Montana residents have the right to access, correct, delete, and obtain a portable copy of their data, and to opt out of targeted advertising, sale, and profiling.

 

12.9 Other US States

We monitor and comply with emerging state privacy laws as they take effect, including those in Iowa, Indiana, Tennessee, Florida, New Jersey, New Hampshire, Delaware, Nebraska, Maryland, Minnesota, and other states. If you are a resident of any US state with consumer privacy legislation, you may exercise your applicable rights by contacting us at support@withoutvoices.org

 

13. European Economic Area, United Kingdom & Switzerland (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR provide you with specific rights regarding your personal data.

 

13.1 Data Controller

Without Voices Global Animal Emergency Fund is the data controller for personal data collected through the Site. Contact: support@withoutvoices.or

 

13.2 Your GDPR Rights

In addition to the rights listed in Section 11, you have the right to:

Lodge a complaint with your local Data Protection Authority (DPA)

Object to processing based on legitimate interests at any time

Not be subject to automated decision-making or profiling that produces legal effects (we do not engage in such processing)

 

13.3 International Data Transfers

Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers, including reliance on Standard Contractual Clauses (SCCs) approved by the European Commission, the EU-US Data Privacy Framework where applicable, and other lawful transfer mechanisms.

 

13.4 Data Protection Officer

For GDPR-related inquiries, please contact us at support@withoutvoices.org with the subject line “GDPR Inquiry.”

 

14. Canada (PIPEDA / Provincial Laws)

If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws (e.g., Quebec’s Law 25, Alberta’s PIPA, BC’s PIPA) provide you with rights regarding your personal information.

We collect and use your personal information only with your knowledge and consent

You may withdraw consent at any time (subject to legal or contractual restrictions)

You have the right to access and correct your personal information

You may file a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner

For Quebec residents: we conduct privacy impact assessments as required under Quebec’s Law 25 and provide notice of any cross-border data transfers.

 

15. Australia (Privacy Act 1988 / APPs)

If you are an Australian resident, the Privacy Act 1988 and the Australian Privacy Principles (APPs) govern how we handle your personal information:

We only collect personal information that is reasonably necessary for our functions

You have the right to access and correct your personal information

We will take reasonable steps to notify you of any eligible data breach

You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

 

16. Brazil (LGPD)

If you are a resident of Brazil, the Lei Geral de Proteção de Dados (LGPD) provides you with the following rights:

Confirmation of whether your data is being processed

Access, correction, anonymization, blocking, or deletion of unnecessary or excessive data

Data portability to another service provider

Deletion of data processed with your consent

Information about public and private entities with whom your data has been shared

Information about the possibility of denying consent and its consequences

Revocation of consent

You may file a complaint with Brazil’s National Data Protection Authority (ANPD) if you believe your rights have been violated.

 

17. South Africa (POPIA)

If you are a resident of South Africa, the Protection of Personal Information Act (POPIA) provides you with the following rights:

The right to be notified when your personal information is collected

The right to access your personal information

The right to request correction or deletion of your personal information

The right to object to the processing of your personal information

The right not to be subject to automated decision-making

The right to lodge a complaint with the Information Regulator

We process personal information lawfully, for a specific purpose, and only to the extent necessary, in accordance with POPIA’s conditions for lawful processing.

 

18. Other International Jurisdictions

We are committed to respecting privacy rights under all applicable laws, including but not limited to:

New Zealand — Privacy Act 2020 and Information Privacy Principles

Japan — Act on the Protection of Personal Information (APPI)

South Korea — Personal Information Protection Act (PIPA)

Singapore — Personal Data Protection Act (PDPA)

India — Digital Personal Data Protection Act, 2023 (DPDPA)

Argentina — Personal Data Protection Law (PDPL, Law 25.326)

Israel — Privacy Protection Law, 5741-1981

Philippines — Data Privacy Act of 2012

Thailand — Personal Data Protection Act (PDPA)

UAE / DIFC / ADGM — applicable data protection regulations

Kenya — Data Protection Act, 2019

Nigeria — Nigeria Data Protection Regulation (NDPR) / Nigeria Data Protection Act 2023

If your jurisdiction is not listed above and you have questions about your rights, please contact us at support@withoutvoices.org and we will work with you to address your concerns in compliance with applicable local law.

 

19. Children’s Privacy

Our Site is not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected information from a child below the applicable age threshold, we will take steps to delete it promptly. Donations made by minors should be made with the knowledge and involvement of a parent or legal guardian. This policy complies with the US Children’s Online Privacy Protection Act (COPPA), GDPR Article 8, and equivalent provisions in other jurisdictions.

 

20. “Do Not Track” Signals

Some browsers transmit “Do Not Track” (DNT) signals. As there is no common industry standard for DNT, we do not currently respond to DNT signals. However, you can manage tracking through our cookie consent banner and your browser settings. We honor the Global Privacy Control (GPC) signal as a valid opt-out request under applicable US state privacy laws.

 

21. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Material changes will be posted on this page with an updated “Last updated” date. Where required by law (e.g., GDPR), we will provide additional notice (such as email notification) for significant changes. Your continued use of the Site after changes are posted constitutes acceptance of the revised policy.

 

22. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have a privacy-related complaint, please contact us:

Without Voices Global Animal Emergency Fund
A 501(c)(3) nonprofit organization
EIN: 41-4059652
State of California, USA
Email: support@withoutvoices.org

For GDPR / UK GDPR inquiries, use the subject line “GDPR Inquiry.”
For CCPA / US state privacy requests, use the subject line “Privacy Rights Request.”
For all other jurisdictions, use the subject line “Privacy Inquiry.”

We aim to respond to all privacy-related requests within 30 days (or the shorter timeframe required by your applicable law). If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.