Privacy Policy
Legal Document

Privacy Policy

Effective Date: November 4, 2025Last Updated: November 4, 2025
Table of Contents

1. Introduction

Welcome to Give Tamid, a mobile application operated by World of Belz, a 501(c)(3) nonprofit organization (Tax ID: 13-6159064). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application.

At Give Tamid, we are committed to protecting your privacy and maintaining the trust you place in us. This policy describes our practices regarding the personal information we collect through the Give Tamid mobile app (the "App").

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the App.

Contact Information:
World of Belz
New York, NY
Email: ralph@worldofbelz.org

This Privacy Policy is governed by the laws of the State of New York and applicable United States federal law.

2. Information We Collect

We collect several types of information to provide and improve our services:

2.1 Personal Information You Provide

Account Information:

  • • Name
  • • Email address
  • • Password (encrypted and never stored in plain text)
  • • Date of birth (to verify you are 18 years or older)
  • • Gender (optional)
  • • Phone number (optional)
  • • Home address (optional)

Profile Information:

  • • Profile photo/avatar
  • • Location (city, state)
  • • Geographic coordinates (optional, for Hebrew calendar features)
  • • Timezone preferences

Financial Information:

  • • Stripe Customer ID (links your account to our payment processor)
  • • Payment method information (stored by Stripe, not by us):
    • ○ Card brand (Visa, Mastercard, etc.)
    • ○ Last 4 digits of card number
    • ○ Card expiration date
    • ○ Default payment method preference

Note: We never store full credit card numbers. All payment card data is securely handled by Stripe, our PCI DSS Level 1 certified payment processor.

Donation Information:

  • • Donation amounts
  • • Donation dates and times
  • • Donation dedications (personal messages, memorials)
  • • Selected dedications and values (intentions for donations)
  • • Recurring donation preferences (frequency, amounts)
  • • Event associations (yahrzeit dates, birthdays, anniversaries)
  • • Payment status and transaction IDs

Calendar & Event Information:

  • • Custom events you create (yahrzeit, birthdays, anniversaries)
  • • Event names, dates, and recurrence patterns
  • • Hebrew calendar preferences (diaspora settings, candle lighting times)
  • • Reminder preferences
  • • Custom event images you upload

Communication Preferences:

  • • Push notification consent
  • • Email notification consent
  • • Holiday suppression preferences
  • • Reminder settings

2.2 Information Collected Automatically

Device Information:

  • • Expo push token (for sending push notifications)
  • • Device type and operating system
  • • App version

Usage Information:

  • • Donation history and patterns
  • • Achievements and milestones unlocked
  • • Daily impact stories viewed
  • • App features accessed and used

Security & Audit Information:

  • • IP addresses (for fraud prevention and security)
  • • User agent strings
  • • Timestamps of actions
  • • Audit logs of all donation transactions
  • • Audit logs of payment method changes

Location Information (Optional):

  • • Geographic coordinates
  • • City and timezone
  • Purpose: Used exclusively for calculating accurate Hebrew calendar times (Shabbat candle lighting, Havdalah, holiday times)
  • Default: If location permission is denied, the App defaults to New York City times

2.3 Photos and Media

With your permission, we may access:

  • Photo Library: To upload profile photos and custom event images
  • Camera: To take photos for profiles or events
  • Storage: To save images you choose to associate with your account

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Core Service Delivery

  • Process donations: Complete one-time and recurring donation transactions
  • Manage your account: Maintain your profile, preferences, and settings
  • Payment processing: Securely process payments through Stripe
  • Subscription management: Handle recurring donation schedules, cancellations, and updates

3.2 Communication

  • Transactional emails: Send donation receipts, confirmation emails, and account notifications
  • Reminders: Send donation reminders based on your preferences
  • Impact updates: Share daily impact stories showing the collective difference being made
  • Milestone celebrations: Notify you when you reach donation milestones
  • Event reminders: Send notifications for yahrzeit dates, birthdays, and custom events you've created
  • Holiday notifications: Share Jewish holiday greetings and information

3.3 Personalization & Features

  • Hebrew calendar integration: Calculate accurate Shabbat and holiday times based on your location
  • Achievements system: Track and unlock achievements based on your donation patterns
  • Event calendar: Maintain your personal calendar of meaningful dates
  • Daily impact stories: Show relevant stories based on current events and holidays

3.4 Security & Compliance

  • Fraud prevention: Monitor for suspicious activity using IP addresses and audit logs
  • Security monitoring: Maintain comprehensive audit trails of all financial transactions
  • Legal compliance: Comply with IRS requirements for 501(c)(3) tax-exempt organizations
  • Record keeping: Maintain donation records for tax-deductible contribution documentation

3.5 Service Improvement

  • Support: Respond to your questions and technical issues
  • Quality assurance: Troubleshoot bugs and improve App performance
  • Feature development: Understand how features are used to improve the App

We do NOT use your information for:

  • ❌ Advertising or marketing to third parties
  • ❌ Selling, renting, or sharing your data for commercial purposes
  • ❌ Behavioral profiling for advertising purposes
  • ❌ Third-party analytics or tracking (we use no analytics services)

4. How We Collect Information

We collect information through several methods:

4.1 Direct Collection

  • • When you create an account and complete your profile
  • • When you make donations (one-time or recurring)
  • • When you update your settings and preferences
  • • When you create calendar events or upload images
  • • When you add or remove payment methods

4.2 Through Device Permissions

  • Location Services: Optional permission to calculate Hebrew calendar times
  • Photo Library: When you choose to upload profile pictures or event images
  • Push Notifications: When you opt in to receive notifications
  • Camera: When you take photos within the App

4.3 Automatic Collection

  • Audit logs: Automatically recorded for security and compliance
  • Usage data: Collected as you interact with App features
  • Error logs: Captured when technical issues occur

4.4 Guest Donations

  • • If you make a donation before creating an account, we collect your email address for receipt purposes
  • • Guest donations are automatically linked to your account if you later register with the same email address

5. Third-Party Services

We use trusted third-party service providers to deliver our services. These providers have access only to the information necessary to perform their functions and are contractually obligated to protect your data.

5.1 Supabase (Backend Infrastructure)

  • Purpose: Database, authentication, file storage, and real-time data synchronization
  • Data Shared: All data stored in the App is hosted on Supabase's infrastructure
  • Data Processing: US-based servers (configurable by region)
  • Privacy Policy: https://supabase.com/privacy

5.2 Stripe (Payment Processing)

  • Purpose: Process donations, manage subscriptions, securely store payment methods
  • Data Shared: Email addresses, payment information, donation amounts, customer IDs
  • Security: PCI DSS Level 1 certified (highest level of payment security)
  • Card Storage: All credit card data is stored exclusively by Stripe, not by Give Tamid
  • Privacy Policy: https://stripe.com/privacy

5.3 Resend (Email Service)

  • Purpose: Send transactional and notification emails
  • Emails Sent:
    • ○ Account verification codes (OTP)
    • ○ Welcome emails
    • ○ Donation receipts
    • ○ Donation reminders
    • ○ Milestone celebrations
    • ○ Daily impact story updates
  • Data Shared: Email addresses, names, donation milestones (amounts)
  • Privacy Policy: https://resend.com/privacy

5.4 Expo Push Notifications

  • Purpose: Deliver push notifications to your mobile device
  • Data Shared: Expo push tokens (device identifiers), notification content
  • Notification Types:
    • ○ Donation reminders
    • ○ Event reminders (yahrzeit, birthdays, custom events)
    • ○ Milestone achievements
    • ○ Holiday notifications
    • ○ Daily impact updates
  • Privacy Policy: https://expo.dev/privacy

5.5 No Advertising or Tracking Services

We explicitly do NOT use:

  • ❌ Google Analytics or similar analytics platforms
  • ❌ Facebook Pixel or social media tracking
  • ❌ Advertising networks or ad exchanges
  • ❌ Behavioral tracking tools
  • ❌ Data brokers or marketing platforms

Your data is used solely to provide the Give Tamid service and is never shared for advertising or marketing purposes.

6. Data Sharing & Disclosure

6.1 Service Providers Only

We share your information only with the service providers listed above (Supabase, Stripe, Resend, Expo) and only to the extent necessary to provide our services. These providers are bound by contractual obligations to protect your data and use it only for authorized purposes.

6.2 We Do Not Sell Your Data

We do not sell, rent, trade, or otherwise share your personal information with third parties for their commercial purposes. Your trust is paramount.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • • Valid legal processes (subpoenas, court orders, search warrants)
  • • Government or regulatory requests
  • • Investigations of fraud or security breaches
  • • Protection of our rights, property, or safety, or that of our users or the public

6.4 Nonprofit Reporting

As a 501(c)(3) organization, we may share aggregated, anonymized donation data in annual reports or public filings required by law. Individual donor information is never disclosed without consent, except as required by IRS regulations.

6.5 Business Transfers

If World of Belz is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or in-app notice before your information is transferred and becomes subject to a different privacy policy.

7. Data Security

We take the security of your information seriously and implement industry-standard measures to protect it:

7.1 Encryption

  • In Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols
  • At Rest: All data stored in our databases is encrypted at rest
  • Local Storage: Sensitive data on your device (authentication tokens) is stored using Expo SecureStore with hardware-backed encryption

7.2 Authentication Security

  • Password Protection: Passwords are hashed using industry-standard algorithms (never stored in plain text)
  • Email Verification: Required for account activation
  • Time-Limited Codes: One-time passwords (OTPs) expire after a short period
  • Session Management: Automatic token refresh and secure session handling

7.3 Database Security

  • Row Level Security (RLS): Enabled on all database tables to ensure users can only access their own data
  • User Isolation: Strict access controls prevent cross-user data access
  • Principle of Least Privilege: Service accounts have minimal necessary permissions

7.4 Payment Security

  • PCI Compliance: All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider
  • No Card Storage: We never store full credit card numbers
  • Webhook Verification: All payment webhooks are cryptographically verified
  • Audit Trails: Comprehensive logging of all payment-related actions

7.5 Monitoring & Logging

  • Audit Logs: All donation transactions and payment method changes are logged with timestamps
  • IP Logging: IP addresses are logged for security and fraud prevention purposes
  • Access Monitoring: Regular security reviews and monitoring for suspicious activity

7.6 Security Limitations

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information using commercially acceptable means, we cannot guarantee absolute security.

If you discover a security vulnerability, please contact us immediately at ralph@worldofbelz.org.

8. Data Retention

8.1 Active Accounts

We retain your personal information for as long as your account remains active or as needed to provide you services.

8.2 Financial Records

As a 501(c)(3) nonprofit organization subject to IRS requirements, we retain donation records and financial transaction data for seven (7) years from the date of the transaction. This includes:

  • • Donation amounts and dates
  • • Payment method metadata (not full card numbers)
  • • Transaction IDs and receipts
  • • Audit logs related to financial transactions

This retention period ensures compliance with federal tax laws and nonprofit reporting requirements.

8.3 Audit Logs

Security and compliance audit logs (including IP addresses and user agents) are retained for seven (7) years for fraud prevention and legal compliance purposes.

8.4 Account Deletion

When you request account deletion:

  • • Your account will be deactivated immediately
  • • A 30-day grace period allows you to recover your account if deleted accidentally
  • • After 30 days, your account and associated personal data will be permanently deleted, except:
    • ○ Donation records required for tax compliance (retained for 7 years)
    • ○ Audit logs required for legal compliance (retained for 7 years)
    • ○ Aggregated, anonymized data used for nonprofit reporting

8.5 Inactive Accounts

We may delete accounts that have been inactive for an extended period (typically 5+ years with no logins or donations) after providing notice to your registered email address.

9. Your Rights & Choices

You have the following rights regarding your personal information:

9.1 Access Your Data

You may request a copy of the personal information we hold about you by contacting us at ralph@worldofbelz.org.

9.2 Update Your Information

You can update your profile information, communication preferences, and settings directly within the App at any time:

  • Profile Settings: Update name, photo, location, contact information
  • Notification Preferences: Enable/disable push notifications and email communications
  • Payment Methods: Add, remove, or change your default payment method
  • Calendar Settings: Manage Hebrew calendar preferences and event reminders

9.3 Delete Your Data

You have the right to request deletion of your account and personal data. Please note:

  • • Donation records required for tax compliance will be retained for 7 years as required by law
  • • Aggregated, anonymized donation data may be retained for nonprofit reporting
  • • To request account deletion, contact us at ralph@worldofbelz.org

Note: We are currently implementing a self-service account deletion feature within the App.

9.4 Export Your Data

You may request an export of your personal data in a portable format. Contact us at ralph@worldofbelz.org with your request.

Note: We are working on a self-service data export feature that will allow you to download your donation history, profile information, and other personal data directly from the App.

9.5 Opt-Out of Communications

  • Email Communications: You can unsubscribe from non-transactional emails using the unsubscribe link in each email, or by updating your preferences in the App
  • Push Notifications: Disable push notifications in your device settings or within the App's notification preferences
  • Holiday Suppression: Enable the "suppress notifications during holidays" setting to pause reminders during Jewish holidays

Note: You cannot opt out of certain transactional communications required for account security and donation receipts (e.g., OTP verification codes, payment confirmations).

9.6 Location Services

Location access is entirely optional. You can:

  • • Deny location permission when prompted
  • • Revoke location access at any time in your device settings
  • • The App will default to New York City times for Hebrew calendar calculations if location is denied

9.7 Correct Inaccurate Data

If you believe any information we hold about you is inaccurate or incomplete, you can update it directly in the App or contact us for assistance.

10. Children's Privacy

Give Tamid is intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18.

10.1 Age Verification

We collect date of birth during account registration to verify that users meet the 18+ age requirement.

10.2 COPPA Compliance

Our App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible.

10.3 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at ralph@worldofbelz.org, and we will delete the information.

11. State-Specific Privacy Rights (United States)

11.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know:

  • • You may request disclosure of the categories and specific pieces of personal information we have collected about you
  • • You may request information about the categories of sources from which we collected your information
  • • You may request information about our business or commercial purposes for collecting your information

Right to Delete:

You may request deletion of personal information we have collected from you, subject to certain legal exceptions (such as IRS record-keeping requirements)

Right to Opt-Out of Sale:

We do not sell your personal information. Therefore, there is no opt-out mechanism needed.

Right to Non-Discrimination:

We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at ralph@worldofbelz.org. We will verify your identity before processing your request.

11.2 New York Residents

As a New York-based organization, we comply with all applicable New York State privacy laws. New York residents have the right to request access to and correction of their personal information.

11.3 Other States

Residents of other states may have additional privacy rights under their state's laws. Please contact us at ralph@worldofbelz.org to inquire about your specific rights.

12. International Data Transfers

Give Tamid currently serves users in the United States only. All data is stored and processed on servers located in the United States.

If you access the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located. By using the App, you consent to the transfer of your information to the United States.

Note: This Privacy Policy is designed for U.S. users and may not meet the requirements of international data protection laws such as GDPR (European Union) or PIPEDA (Canada). If we expand internationally, we will update this policy accordingly.

13. Cookies and Tracking Technologies

13.1 Mobile App

The Give Tamid mobile app does not use cookies, web beacons, or similar tracking technologies. All data storage is handled through secure local storage mechanisms provided by the Expo framework.

13.2 Future Web Portal

If we launch a web version of Give Tamid in the future, we may use strictly necessary cookies for authentication and session management. We will update this Privacy Policy and provide appropriate cookie notices if this changes.

13.3 Third-Party Tracking

We do not allow third-party analytics, advertising, or tracking services to collect information through the App.

15. Changes to This Privacy Policy

15.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this policy.

15.2 Notification of Changes

Material Changes: If we make material changes to how we collect, use, or share your personal information, we will notify you by:

  • • Sending an email to the address associated with your account
  • • Displaying a prominent notice within the App
  • • Requiring you to acknowledge the updated policy before continuing to use the App

Minor Changes: For non-material changes (such as clarifications or formatting updates), we will update the policy and post the new version within the App.

15.3 Continued Use

Your continued use of the App after any changes to this Privacy Policy indicates your acceptance of the updated terms. If you do not agree with the updated policy, please stop using the App and contact us to delete your account.

15.4 Version History

We maintain a version history of our Privacy Policy. You can request to view previous versions by contacting us at ralph@worldofbelz.org.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

World of Belz

501(c)(3) Nonprofit Organization
Tax ID: 13-6159064
New York, NY

Email: ralph@worldofbelz.org

Response Time: We will respond to your inquiry within 30 days.

16.1 Privacy Requests

For privacy-related requests (access, deletion, correction, export), please include:

  • • Your full name and email address associated with your account
  • • A clear description of your request
  • • Any additional information needed to verify your identity

16.2 Security Concerns

If you discover a security vulnerability or have concerns about data security, please contact us immediately at ralph@worldofbelz.org with the subject line "SECURITY CONCERN."