← Back to Bay2Bay Foundation
Privacy Policy
Last Updated: January 25, 2025
Effective Date: January 25, 2025
GDPR Compliance Notice: This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws. If you are located in the European Union, you have additional rights as described in Section 12 of this policy.
Bay2Bay Foundation ("Bay2Bay," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, educational platform, and related services (collectively, the "Services").
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.
1. Information We Collect
We collect information you provide directly to us, information we obtain automatically when you use our Services, and information from third-party sources.
1.1 Personal Information You Provide
| Data Type |
Examples |
Collection Method |
Purpose |
| Account Information |
Name, email address, password |
Registration forms, Firebase Authentication |
Account creation and authentication |
| Profile Information |
Age, grade level, subjects of interest, educational background |
User profiles, application forms |
Matching students with appropriate tutors |
| Contact Information |
Phone number, mailing address |
Volunteer applications, contact forms |
Communication and verification |
| Educational Data |
Session attendance, progress notes, academic performance |
Tutoring sessions, progress tracking |
Educational support and improvement |
| Communication Data |
Messages, feedback, support requests |
Contact forms, support tickets, session communications |
Customer support and service improvement |
1.2 Information Collected Automatically
- Usage Data: Pages visited, time spent, click patterns, session duration
- Device Information: IP address, browser type, operating system, device identifiers
- Location Data: General geographic location based on IP address
- Performance Data: Page load times, error reports, system performance metrics
1.3 Cookies and Tracking Technologies
We use the following types of cookies and tracking technologies:
- Essential Cookies: Required for basic website functionality and security
- Analytics Cookies: Google Analytics (GA-3SQDTNF9MY) for website usage analysis
- Preference Cookies: Language settings and user preferences (localStorage)
- Authentication Cookies: Firebase session management and login state
You can control cookies through your browser settings, but disabling certain cookies may affect website functionality.
1.4 Third-Party Data
- Social Media: Information from social media platforms if you connect your accounts
- Background Checks: Information from background check providers for volunteer verification
- Educational Partners: Information from schools or educational institutions (with consent)
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Service Provision
- Creating and managing user accounts
- Matching students with appropriate volunteer tutors
- Scheduling and facilitating tutoring sessions
- Tracking educational progress and outcomes
- Providing customer support and technical assistance
2.2 Communication
- Sending service-related notifications via email (AWS SES)
- Sending SMS notifications for important updates (AWS SNS)
- Providing educational updates and program information
- Responding to inquiries and support requests
- Sending marketing communications (with consent)
2.3 Analytics and Improvement
- Analyzing website usage patterns with Google Analytics
- Improving our Services and user experience
- Conducting research on educational effectiveness
- Developing new features and services
2.4 Legal and Safety
- Complying with legal obligations and regulations
- Protecting the safety and security of our users
- Preventing fraud and abuse
- Enforcing our Terms of Service
3. How We Share Your Information
We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:
3.1 Service Providers
- Google Firebase: Authentication, database hosting, and cloud functions
- Google Analytics: Website analytics and user behavior analysis
- Amazon Web Services (AWS SES): Email delivery, marketing communications, and transactional emails
- Amazon Web Services (AWS SNS): SMS notifications and alerts
- Video Conferencing Providers: For virtual tutoring sessions
- Background Check Services: For volunteer verification
- Payment Processors: For any paid services (if applicable)
3.2 AWS SES Email Communications
We use Amazon Simple Email Service (AWS SES) for all email communications. This includes:
- Double Opt-in Verification: All email subscriptions require verification through AWS SES
- Transactional Emails: Account notifications, password resets, and system alerts
- Marketing Communications: Program updates, volunteer opportunities, and educational content
- Bounce and Complaint Handling: Automatic processing of undeliverable emails and spam complaints
- Suppression Lists: Maintenance of unsubscribe and complaint suppression lists
AWS SES processes email delivery logs, bounce notifications, and complaint reports in accordance with their privacy policy and our data processing agreement.
3.2 Educational Partners
- Schools and educational institutions (with appropriate consent)
- Other educational service providers for program coordination
- Research institutions for educational effectiveness studies (anonymized data)
3.3 Legal Requirements
- When required by law, regulation, or court order
- To protect the rights, property, or safety of Bay2Bay Foundation, our users, or others
- In connection with legal proceedings or investigations
- To enforce our Terms of Service or other agreements
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to appropriate privacy protections.
4. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption: Data transmission is encrypted using SSL/TLS protocols
- Access Controls: Limited access to personal information on a need-to-know basis
- Firebase Security: Leveraging Google's enterprise-grade security infrastructure
- Regular Audits: Periodic security assessments and vulnerability testing
- Staff Training: Regular privacy and security training for all personnel
- Incident Response: Procedures for detecting and responding to security breaches
5. Data Retention
We retain your personal information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy:
- Account Data: Retained while your account is active and for 3 years after account closure
- Educational Records: Retained for 7 years for educational continuity and compliance
- Communication Data: Retained for 2 years for customer support purposes
- Analytics Data: Aggregated and anonymized data may be retained indefinitely
- Legal Requirements: Some data may be retained longer as required by law
6. Your Privacy Rights and Choices
6.1 Access and Control
- Account Access: View and update your account information through your dashboard
- Data Portability: Request a copy of your personal information in a portable format
- Correction: Update or correct inaccurate personal information
- Deletion: Request deletion of your personal information (subject to legal requirements)
6.2 Communication Preferences and AWS SES Compliance
Email Opt-Out Options (AWS SES Compliant):
- Unsubscribe Links: Click "unsubscribe" links in all marketing emails (processed via AWS SES)
- Account Settings: Update preferences in your account dashboard
- Direct Email: Email us at unsubscribe@bay2bay.org
- Privacy Contact: Email us at privacy@bay2bay.org
Processing Time: Unsubscribe requests are processed within 24 hours through AWS SES suppression lists.
Note: You cannot opt out of essential service communications (account security, session notifications, etc.)
6.3 Double Opt-in Email Verification
All email subscriptions require double opt-in verification to comply with AWS End User Messaging requirements:
- Initial Consent: You must explicitly consent to receive emails by checking consent boxes
- Verification Email: You will receive a verification email via AWS SES
- Confirmation Required: You must click the verification link to complete subscription
- Active Subscription: Only verified email addresses receive marketing communications
- Verification Records: We maintain records of all opt-in verifications for compliance
6.3 Cookie Controls
7. Children's Privacy (COPPA Compliance)
Bay2Bay Foundation is committed to protecting children's privacy:
- Age Verification: We verify that users under 18 have parental consent
- Limited Collection: We collect only information necessary for educational services
- Parental Rights: Parents can review, modify, or delete their child's information
- No Marketing to Children: We do not send marketing communications to users under 18
- Safe Environment: All interactions are monitored for safety and appropriateness
If you believe we have collected information from a child under 13 without proper consent, please contact us immediately at privacy@bay2bay.org.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place for international transfers:
- Standard Contractual Clauses for EU data transfers
- Adequacy decisions where applicable
- Certification schemes and codes of conduct
9. Third-Party Links and Services
Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those external sites or services. We encourage you to review the privacy policies of any third-party services you use.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request information about personal information collected, used, or shared
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
- Right to Non-Discrimination: Equal service regardless of privacy choices
To exercise these rights, contact us at privacy@bay2bay.org.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Post the updated policy on our website
- Update the "Last Updated" date
- Notify users of material changes via email or prominent website notice
- For significant changes, we may seek additional consent
We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices.
12. GDPR Rights (EU Residents)
If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
- Right of Access: Obtain confirmation of processing and access to your personal data
- Right to Rectification: Correct inaccurate or incomplete personal data
- Right to Erasure: Request deletion of personal data under certain circumstances
- Right to Restrict Processing: Limit how we process your personal data
- Right to Data Portability: Receive your personal data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Withdraw consent for processing based on consent
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise these rights, contact our Data Protection Officer at dpo@bay2bay.org.