Privacy Policy

PIT Foundation (“we,” “us,” or “our”) respects your privacy. This policy explains what data we collect, how we use it, and the choices you have. It applies to https://www.pitfoundation.com (the “Site”) and our donation and account experiences.

Who We Are

PIT Foundation is a U.S.-based nonprofit organization. Our website address is https://www.pitfoundation.com.

Comments

When visitors leave comments, we collect the data shown in the form and may collect the visitor’s IP address and browser user agent to help with spam detection and security. A hash of your email address may be sent to Gravatar to check if you use it. See Gravatar’s privacy policy. After approval, your profile image (if any) may be visible with your comment.

Media

If you upload images, avoid including embedded location data (EXIF GPS). Visitors to the Site can download and extract location data from images on the Site.

Cookies

We use cookies and similar technologies to operate the Site, remember preferences, secure sessions, measure performance, and improve services. You can control cookies through your browser. Disabling some cookies may affect Site functionality.

• Comment convenience cookies: If you leave a comment, you may opt to save your name, email, and website in cookies (typically up to one year).
• Login and screen options: Temporary cookies check if your browser accepts cookies; login cookies usually last up to two days; screen option cookies up to one year. Selecting “Remember Me” may keep you logged in for about two weeks. Logging out removes login cookies.
• Authoring: Editing or publishing may set a cookie indicating the post ID; it generally expires within a day.
• WooCommerce: We use WooCommerce cookies to manage cart/session and notices (e.g., woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_*, store_notice*).

Cookie Consent & Preferences

We display a cookie banner to obtain consent where required. You may adjust preferences at any time via a “Manage Cookies” link in our footer. Categories may include: Strictly Necessary, Performance/Analytics, Functional, and Advertising. Our list of cookies may change as we add or update services.

Embedded Content from Other Websites

Articles on this Site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves as if you visited those sites directly, which may collect data, use cookies, and track interactions according to their policies.

Who We Share Your Data With

We share data with trusted service providers who help operate the Site, process donations, deliver emails, provide analytics/security, and meet legal/financial obligations (e.g., hosting, WordPress/WooCommerce, Square, email delivery, anti-spam). If you request a password reset, your IP address may be included in the reset email. We do not sell your personal information.

How Long We Retain Your Data

• Comments: Indefinitely to auto-recognize/approve follow-ups.
• User accounts: While your account is active and up to 12 months after inactivity (unless we must retain longer for legal/security reasons).
• Donations/transactions: Typically at least seven (7) years to comply with U.S. accounting, audit, and tax laws.
• Server logs/security data: About 12–24 months, unless needed longer for investigations.
• Marketing consents: Until you unsubscribe or request deletion.

Retention Summary

What Rights You Have Over Your Data

You can request an export of your personal data we hold and request deletion. We may retain certain data as required by law or for legitimate interests (e.g., accounting, fraud prevention, security).

U.S. State Notices (e.g., California): We do not sell your personal information. Depending on your state, you may have rights to access, delete, or obtain information about our practices. Use the contact details below to submit a request. We will verify your identity and respond within 30–45 days where applicable.

Data Subject Requests (How to Exercise Your Rights)

Email [email protected] with the subject “Privacy Request.” Please describe your request (access/export, deletion, correction) and provide information we can use to verify your identity (e.g., the email used on our Site). We typically respond within 30–45 days, subject to permitted extensions.

Where Your Data Is Sent

Visitor comments may be checked through automated spam detection and security services. Data may be processed by our service providers in the United States. If you are outside the U.S., your data may be transferred to and processed in the U.S., where laws may differ.

Payments and Donations

We process donations and payments through WooCommerce integrated with Square. Your card details are submitted directly to Square; we do not store full card numbers on our servers. Square uses industry-standard safeguards (e.g., PCI-DSS compliance) to protect your data.

Recurring donations: If you opt in, Square securely retains a payment token to process donations on your chosen schedule. You may cancel or modify a recurring donation via your account (if available) or by contacting us at [email protected].

We use donation information to issue receipts, comply with accounting and tax laws, prevent fraud, and support donors.

WooCommerce Data Handling

During checkout we collect information such as your name, billing address, email, phone, donation amount, and any notes. We use this to process transactions, issue receipts, prevent fraud, and meet legal obligations. Certain data is shared with Square to complete payments.

Refunds/Chargebacks & Recurring Cancellation

Please contact us at [email protected] for help with a mistaken charge, chargeback, or refund inquiry. To cancel a recurring donation, use your account page (if available) or email us at any time; cancellations take effect for future charges.

Donor Acknowledgments & Anonymity

We issue donation receipts suitable for tax purposes. If we publicly recognize supporters (e.g., on campaigns), you can request anonymity and we will honor it.

Email and Marketing

We may email you receipts, important updates, and organizational news/fundraising campaigns. You can opt out of marketing emails at any time using the unsubscribe link or by contacting us. We may still send transactional or legally required communications.

Analytics and Tracking

We may use analytics and advertising tools (e.g., Google Analytics, Meta Pixel) to understand Site usage and improve outreach. These tools may set cookies or use similar technologies to collect information such as IP address (or a shortened version), device/browser type, pages visited, and actions taken. You can manage cookies via your browser and our “Manage Cookies” link.

Security

We use reasonable technical and organizational measures to protect data, including TLS/SSL in transit, access controls, and least-privilege practices. No method is 100% secure. If you believe your account or data is compromised, contact us immediately.

Payment Security (PCI-DSS)

Square manages card data under the PCI-DSS standard. We never store full card details; recurring donations use tokens retained by Square.

Fraud & Abuse Prevention

We may use server logs, rate-limiting, firewalls, and anti-spam/captcha services to protect our Site and users. If we add Google reCAPTCHA or similar, the provider’s terms and privacy policy will apply.

Subprocessors & Third-Party Services

We use reputable vendors to host the Site, deliver email, process payments, provide analytics, and secure our services. Examples include WordPress/WooCommerce, our hosting provider, Square, and email delivery services. Our vendor list may evolve as services change.

Breach Notification

In the unlikely event of a data security incident impacting your personal data, we will notify affected individuals and relevant authorities as required by law.

International Donors & Data Transfers

If you donate or interact with the Site from outside the U.S., your information may be transferred to and processed in the U.S. By using our Site, you consent to this transfer. We will honor applicable rights where feasible.

Do Not Track

Browser-based “Do Not Track” (DNT) signals are not standardized, so we do not respond to them. Please use browser settings and our “Manage Cookies” link to control tracking technologies.

Children’s Privacy

Our Site is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided personal information, contact us to request deletion.

Data Storage Location

Our Site and primary systems are hosted in the United States. Service providers may also process data within the U.S.

Accessibility

If you have difficulty accessing this policy, cookie preferences, or your account, please email [email protected] and we will assist you.

Governing Law & Venue

This policy is governed by the laws of the Commonwealth of Pennsylvania, USA, without regard to conflicts of law principles. Venue for disputes will be in Pennsylvania courts or other agreed forums as permitted by law.

“Do Not Sell or Share” (CPRA)

We do not sell or share your personal information for cross-context behavioral advertising. If our practices change in the future, we will update this notice and provide an opt-out mechanism. You may contact us any time at [email protected].

Contact Information

Policy Updates

We may update this policy from time to time. Material changes may be summarized at the top of this page for 30 days. The effective date will appear below.

Last updated: [enable JavaScript to see the current date]

Manage Cookies |  Do Not Sell or Share My Personal Information