Privacy Policy — WonderHood

Effective date: September 4, 2025 · Planned review by: December 31, 2026

Contact: info@whproject.org

Organization: WonderHood, a 501(c)(3) nonprofit. We operate in the U.S. and process/store data in the U.S. only.

This Privacy Policy explains how WonderHood (“we,” “us,” “our”) collects, uses, discloses, and protects personal information when you use our website, register for programs and events, donate, or otherwise interact with us.

1) Information We Collect

  • Account & profile: name, email, city/state, (hashed) password, optional avatar.
  • Child/participant (provided by parent/guardian): first name, last name, preferred name, date of birth, grade, allergies/health notes for safety, emergency contact.
  • Donations: amount, date/time, donor contact; we do not store full card/bank details.
  • Photos & media: event photos/videos with consent.
  • Technical: IP, device/browser, cookies/localStorage, pages visited, timestamps.
  • Waiver/consent records: signature name, timestamp, version, acknowledgements (sections checked), and a copy of the waiver text as presented at signing. We may also store technical metadata (e.g., IP address and user-agent) at the time of signing for security and audit purposes.
  • Communications: emails/messages you send us and our operational communications with you (sent via Google Workspace / Gmail).

2) How We Use Information

  • Provide and improve our site, programs, and events.
  • Register participants; manage rosters, reminders, and safety planning.
  • Send confirmations, receipts, schedules, and optional announcements (with opt-in).
  • Process donations and issue tax acknowledgment receipts.
  • Protect safety, prevent abuse/fraud, and comply with laws.
  • Report aggregated (non-identifying) metrics to donors/grantors.

3) Legal Basis / Consent

We process information with your consent, to fulfill a request/registration/donation, and/or for legitimate nonprofit purposes such as participant safety and reporting. Children’s data is supplied by a parent/guardian (see §9).

4) Sharing & Service Providers

We do not sell personal information and we do not share it for targeted advertising. We share information only with trusted service providers that help us operate our Services:

  • Payments: Stripe (donations/transactions processing).
  • Database: MongoDB Atlas (U.S. region).
  • Document storage: Google Cloud Storage (signed waiver PDFs and related records).
  • Email/communications: Google Workspace / Gmail (sending confirmations, notices, and administrative emails).
  • Basic analytics: limited, aggregated usage data to improve the site (no targeted advertising).

These providers are bound by confidentiality and data processing terms. We may disclose information if required by law or to protect rights and safety. We do not disclose children’s information publicly.

5) Payments & Donations

Payments are processed by Stripe. We do not store full card numbers or bank account numbers on our servers. We retain donation metadata (amount, date, donor contact) for receipts and nonprofit reporting. Donations are generally non-refundable. If you believe a payment was made by mistake (duplicate or wrong amount), email us within 7 days at info@whproject.org.

Tax acknowledgment: we email a receipt including our EIN. If no goods or services were provided in exchange for your contribution, the donation may be tax-deductible under U.S. law. Required wording: “No goods or services were provided in exchange for this contribution.”

6) Cookies & Analytics

We use cookies/localStorage for login sessions, basic site functions, and aggregated analytics. You can control cookies in your browser; disabling some cookies may affect functionality. We do not use interest-based advertising cookies.

7) Storage, Location & Security

  • Location: we operate in the United States. Data is stored in MongoDB Atlas (U.S. region). Signed waiver PDFs are stored in Google Cloud Storage (U.S.). Operational emails are sent and stored via Google Workspace / Gmail.
  • In transit: HTTPS/TLS encryption.
  • Access control: limited to staff/volunteers on a need-to-know basis.
  • Retention: accounts — while active; event/registration records — up to 3 years; waiver/consent records (including signed waiver PDFs) — up to 7 years; donation/financial records — up to 7 years; media — until consent is withdrawn or content is retired. Then we delete or anonymize unless law requires longer.

No method of transmission or storage is 100% secure, but we apply reasonable safeguards for a small nonprofit.

8) Your Choices & Rights

  • Request access, correction, or deletion via info@whproject.org.
  • Unsubscribe from emails via the link or by contacting us.
  • Withdraw photo/media consent; we will stop future use and make reasonable efforts to remove past posts within our control.
  • Manage cookies in your browser settings.

9) Children’s Privacy

Accounts/registrations are created by a parent or legal guardian. We collect only the minimum information needed for safe participation. We do not knowingly collect personal information directly from children under 13 online without verifiable parental consent. Parents/guardians can review or delete their child’s information and withdraw participation at any time.

10) International Users

We operate in the United States and store/process data in the U.S. only.

11) Third-Party Links

Our site may link to third-party websites/services with their own privacy practices.

12) Changes to This Policy

We may update this Policy from time to time. The “Effective date” reflects the latest version. If we make material changes, we will post an update on our site or contact you when appropriate. We plan to review this Policy no later than December 31, 2026.

Contact Us

Email: info@whproject.org