PRIVACY POLICY
Effective Date: March 10, 2026 | Last Updated: March 10, 2026
Project Baseline, a Colorado corporation ("Company," "we," "our," or "us"), respects your privacy and is committed to protecting the personal and organizational information you share with us. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
1. Information We Collect
1.1 Information You Provide
- Contact Information: Name, email address, phone number, mailing address
- Organizational Information: Organization name, EIN, 501(c)(3) status, incorporation details, mission statement, programs, staff and board information, financial data (budget, revenue sources, grant history)
- Documents: Files uploaded through the client portal including articles of incorporation, bylaws, financial statements, program materials, photographs, and other organizational documents
- Account Information: Email and password (password is encrypted and never stored in plain text)
- Payment Information: Payment is processed by Stripe. We do not store credit card numbers, bank account details, or other sensitive financial data on our servers. See Stripe's privacy policy at stripe.com/privacy.
- Communications: Messages sent through the portal messaging system, email correspondence
1.2 Information Collected Automatically
- Usage Data: Portal login times, pages visited, actions taken within the portal
- Device Information: Browser type, IP address, operating system
2. How We Use Your Information
| Purpose | Data Used |
|---|
| Deliver consulting services and produce deliverables | Organizational info, documents, contact info |
| Communicate about your engagement | Contact info, messages |
| Process payments | Contact info (sent to Stripe) |
| Provide portal access | Account info, usage data |
| Improve our services | Aggregated, anonymized usage data |
| Comply with legal obligations | As required by law |
3. How We Protect Your Information
- Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS (HTTPS)
- Password Security: Passwords are hashed using bcrypt with a cost factor of 12. We cannot view your password.
- Access Control: Only authorized Project Baseline personnel can access client data
- Secure Hosting: Our servers are hosted on professionally managed infrastructure with firewall protection
- Payment Security: Payment processing is handled entirely by Stripe, a PCI-DSS Level 1 certified processor
4. Data Sharing
We do not sell, rent, or trade your personal or organizational information. We may share data only in the following limited circumstances:
- Service Providers: Stripe (payment processing), email delivery services. These providers are bound by their own privacy policies and only receive the minimum data necessary.
- Legal Requirements: If required by law, subpoena, court order, or government regulation
- Business Transfer: In connection with a merger, acquisition, or sale of assets (you would be notified)
- With Your Consent: When you explicitly authorize us to share information with a third party
5. Data Retention
- Active Engagements: Data is retained throughout the engagement and for 90 days after project completion
- Portal Access: Client portal access remains active for 90 days after project completion. After that, the account is archived and a zip file of all materials is provided.
- Post-Archive: Project Baseline may retain anonymized engagement records (dates, package type, general scope) for business records. All personally identifiable documents and files are deleted within 180 days of archival unless otherwise requested.
- Payment Records: Transaction records are retained as required by tax and financial regulations (typically 7 years)
6. Your Rights
You have the following rights regarding your data:
- Access: Request a copy of all personal and organizational data we hold about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Export: Request an export of your data in a portable format
- Opt-Out: Opt out of marketing communications at any time
To exercise any of these rights, contact us at [email protected].
7. Cookies
Our website uses minimal cookies necessary for functionality:
- Authentication Token: Stored in your browser's local storage to maintain your login session
- Session Data: Temporary data to support your portal experience
We do not use tracking cookies, advertising cookies, or third-party analytics that track individual users across websites.
8. Children's Privacy
Our services are intended for organizations and adults over the age of 18. We do not knowingly collect information from individuals under 18.
9. Third-Party Links
Our website may contain links to third-party services (Stripe, Calendly, etc.). We are not responsible for the privacy practices of these services. We encourage you to review their privacy policies.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email to active clients. The "Last Updated" date at the top reflects the most recent revision.
11. Contact Us
For questions or concerns about this Privacy Policy or your data, contact:
Project Baseline
Email: [email protected]
Phone: (855) 616-6333
Website: nonprofit.project-baseline.com