top of page

VERIDA CHARTER

FOUNDATION

Privacy Policy

A legal disclaimer

This Privacy Policy is provided for general informational purposes only and does not constitute legal advice. It describes Verida Charter Foundation’s current practices as of the “Last Updated” date and may not reflect every jurisdiction’s requirements or every implementation detail. For questions about your legal rights or compliance obligations, consult qualified counsel. Your use of the website and services remains subject to our Terms & Conditions and any other applicable policies.

Privacy Policy - the basics 

Effective Date: [Month Day, Year]
Last Updated: [Month Day, Year]

Verida Charter Foundation (“Foundation,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website(s), use our portals, subscribe to updates, register for events, participate in working groups, or otherwise interact with our services (collectively, the “Services”).

By using the Services, you acknowledge this Privacy Policy.

1) Who We Are (Controller Information)

Controller: Verida Charter Foundation
Address: [Address]
Email: [privacy@verida.foundation] (or your preferred contact)
Jurisdiction/Registration: [e.g., Delaware non-profit / DC nonprofit / UK charity / etc.]

If you are in the EEA/UK, the Foundation is the “data controller” for personal data processed under this Policy (unless otherwise stated).

2) Scope

This Privacy Policy applies to information we collect:

  • on our website and related pages,

  • through registration forms, memberships, and event sign-ups,

  • through working groups, mailing lists, and communications,

  • via developer portals and downloads (if any),

  • in connection with our repositories, documentation, and community channels we manage.

This Policy does not cover third-party websites, tools, or platforms linked from our Services (e.g., GitHub, LinkedIn, X, event platforms, payment processors). Their privacy practices apply.

3) Information We Collect

A) Information You Provide Directly

We may collect:

  • Contact details: name, email, phone number, organization, job title, country/region.

  • Membership and participation details: membership tier (if applicable), working group participation, committee roles, attendance history.

  • Event registration details: dietary or accessibility needs (only if you choose to provide them).

  • Communications: messages you send us, support requests, survey responses, feedback, and any attachments you submit.

  • Billing/transaction info (limited): if you pay dues or event fees, we typically receive confirmation and limited metadata (e.g., payment status, amount, last 4 digits), while full payment card details are processed by the payment provider.

B) Information Collected Automatically (Online Identifiers)

When you use the Services, we may collect:

  • Device and log data: IP address, browser type, device identifiers, operating system, referral URLs, pages viewed, clicks, timestamps.

  • Approximate location: derived from IP address (city/region-level).

  • Cookies and similar technologies: for essential functionality, analytics, and preference management (see Section 8).

C) Information from Third Parties

We may receive information from:

  • Event platforms (e.g., RSVP confirmations),

  • Email newsletter platforms (subscription status, opens/clicks if enabled),

  • Payment processors (transaction confirmations),

  • Collaboration platforms (e.g., working group tools),

  • Public sources (e.g., your organization website), but we do not build profiles beyond what’s necessary for our mission-related engagement.

4) How We Use Information

We use information for the following purposes:

A) Provide and Operate the Services

  • manage website access, accounts, and security,

  • respond to inquiries and provide support,

  • deliver requested documentation, resources, or updates.

B) Membership, Working Groups, and Community Operations

  • process membership applications (if applicable),

  • administer working groups, voting, meeting invites, and communications,

  • maintain rosters, minutes, and governance records where necessary.

C) Events and Programs

  • register attendees, send confirmations and logistics,

  • handle accessibility requests (only if provided),

  • issue attendance certificates (if offered).

D) Communications

  • send newsletters, Foundation updates, standards releases, and event announcements,

  • send transactional messages (e.g., password resets, event confirmations, policy updates).

E) Improve and Protect the Services

  • analyze usage, improve content and performance,

  • detect, prevent, and respond to fraud, misuse, security incidents, and spam.

F) Legal and Compliance

  • comply with legal obligations,

  • enforce our Terms & Conditions and other policies,

  • respond to lawful requests.

5) Legal Bases for Processing (EEA/UK)

If you are in the EEA/UK, we process personal data under these legal bases:

  • Consent: for newsletters/marketing where required; for non-essential cookies where required.

  • Contract: to provide Services you request (e.g., membership administration, event registration).

  • Legitimate Interests: to operate and improve the Foundation, secure our systems, manage governance participation, and communicate relevant updates (balanced against your rights).

  • Legal Obligation: where required by law (e.g., financial recordkeeping, responding to lawful requests).

You may object to processing based on legitimate interests (see Section 11).

6) How We Share Information

We do not sell your personal information. We may share it as follows:

A) Service Providers (Processors)

We share personal data with vendors who help us operate, such as:

  • website hosting and infrastructure,

  • email/newsletter delivery,

  • event registration tools,

  • CRM/member management tools,

  • analytics providers,

  • payment processors.

They may access personal data only to perform services for us and are obligated to protect it.

B) Working Groups and Governance Transparency

If you participate in working groups or governance processes, we may share limited information (e.g., name, organization, role) with other participants for legitimate operational needs such as meeting coordination, voting eligibility, and public transparency of governance.

We will describe any public-facing disclosures (e.g., public member lists, working group rosters, meeting minutes) in the relevant program terms or notices at the point of collection.

C) Legal Requirements

We may disclose information if required to comply with law, court order, or legal process, or to protect the rights, property, and safety of the Foundation and others.

D) Business or Organizational Changes

If the Foundation undergoes a reorganization, merger, or transfer of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

7) Data Retention

We retain personal data only as long as necessary for the purposes in this Policy, including:

  • maintaining membership and governance records (often longer due to integrity of standards/governance history),

  • event and program administration,

  • accounting and audit obligations,

  • security and abuse-prevention logs.

Typical retention examples (customize):

  • Newsletter subscription records: until you unsubscribe, plus a limited period to maintain suppression lists.

  • Event records: [e.g., 24 months] unless needed for governance audit/history.

  • Financial records: as required by law (often [5–7] years).

  • Security logs: [e.g., 90–180 days] unless an incident requires longer retention.

We may anonymize or aggregate data so it can no longer identify you.

8) Cookies and Similar Technologies

We use cookies and similar technologies to operate and understand the Services.

A) Types of Cookies

  • Essential cookies: required for core site functions and security.

  • Preference cookies: remember settings (e.g., language, cookie choices).

  • Analytics cookies: help us understand site usage and improve performance.

  • Optional marketing cookies: if used, support outreach measurement (often avoidable for nonprofits; include only if true).

B) Managing Cookies

You can control cookies via:

  • our cookie banner/preferences tool (if implemented),

  • your browser settings (block/delete cookies),

  • opt-out mechanisms offered by certain analytics providers.

Blocking essential cookies may impair functionality.

C) Do Not Track

Some browsers offer “Do Not Track.” There is no universally accepted standard; unless required by law, we do not respond to DNT signals.

9) International Data Transfers

We may process and store information in countries other than where you live, including the United States.

Where required (EEA/UK), we rely on recognized transfer safeguards, such as:

  • Standard Contractual Clauses (SCCs) for EEA transfers,

  • UK International Data Transfer Addendum/IDTA for UK transfers,
    and additional security measures as appropriate.

10) Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data, such as:

  • access controls and least-privilege permissions,

  • encryption in transit (TLS) and, where appropriate, encryption at rest,

  • logging and monitoring,

  • vendor diligence and contractual protections.

No system is perfectly secure. You use the Services at your own risk, and you should use strong passwords and safeguard credentials.

11) Your Rights and Choices

A) Email Preferences

  • You can unsubscribe from newsletters using the link in our emails.

  • Transactional messages (e.g., confirmations, security notices) may still be sent.

B) Access, Correction, Deletion

Depending on your location, you may have rights to:

  • request access to your personal data,

  • correct inaccuracies,

  • request deletion,

  • request portability,

  • restrict or object to processing,

  • withdraw consent at any time (where processing is based on consent).

To exercise rights, contact: [privacy@verida.foundation].
We may need to verify your identity before fulfilling requests.

C) EEA/UK Right to Lodge a Complaint

If you are in the EEA/UK, you can lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concerns.

12) US State Privacy Disclosures (CCPA/CPRA-style)

This section applies where US state privacy laws require it (e.g., California).

A) Categories of Personal Information Collected

We may collect:

  • identifiers (name, email, IP address),

  • professional info (organization, title),

  • internet activity (usage logs),

  • geolocation (approximate via IP),

  • communications (messages you send).

B) Purposes

As described in Section 4.

C) “Sale” and “Sharing”

We do not sell personal information.
If we use cross-context behavioral advertising tools, that may be considered “sharing” under certain laws. If we do, we will provide a “Do Not Sell or Share” mechanism. (If you do not run ads/retargeting, we can remove this entirely.)

D) Sensitive Personal Information

We do not intentionally collect sensitive personal information except where you voluntarily provide it (e.g., accessibility needs for events). We use it only for the purpose you provided it.

E) Your Rights (Where Applicable)

You may have the right to know, delete, correct, or opt out of certain processing. Contact [privacy@verida.foundation].

13) Children’s Privacy

The Services are not directed to children under 13 (or older where required by local law), and we do not knowingly collect personal data from children. If you believe a child provided personal data, contact us and we will take steps to delete it.

14) External Links and Third-Party Platforms

Our Services may link to third-party sites or use third-party tools (e.g., GitHub repositories, event platforms). Their privacy practices govern your use. Review their privacy policies before providing personal data.

15) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will update the “Last Updated” date and may provide additional notice where required. Continued use of the Services after changes means you acknowledge the updated Policy.

16) Contact Us

For questions or requests related to privacy:

Verida Charter Foundation
[Address]
Email: [privacy@verida.foundation]
(Optional) Data Protection Contact / DPO: [name/email]

bottom of page