1. Who we are, and who is responsible for your data
Bayit Lepleitot is a charitable association ("amuta") registered in Jerusalem, Israel, with sister entities Bayit Lepleitot USA Inc. (a 501(c)(3) public charity) and Bayit Lepleitot México A.C. (a Donataria Autorizada). For data submitted through this website, the controller is the entity that processes your gift - typically determined by your country of residence at the time of donation.
If you are in the European Economic Area, the United Kingdom, or Switzerland, our designated representative for GDPR matters can be reached at gdpr@blphome.org. If you are in California, you may exercise CCPA rights by writing to privacy@blphome.org. Mexican residents can address ARCO requests (acceso, rectificación, cancelación, oposición) to privacidad@blphome.org. All inquiries receive a response within 30 days.
2. What we collect, and what we do not
We collect three categories of personal data, and only when you choose to give it to us. First: donor data - your name, billing address, email, phone (if you provide one), and payment details. Payment details (card numbers, bank account numbers) are never stored on our servers; they are tokenized and held by Cardknox/Sola, our payment processor, which is PCI-DSS Level 1 certified. We retain a record of the donation amount, date, currency, and your name and email so that we can issue a tax receipt and send you the annual statement required by law.
Second: newsletter and contact data - if you sign up for our email list or write to us through the contact form, we keep your email address (and your name, if you give it) until you ask us to stop. We do not buy, rent, sell, or trade email lists with any third party. Ever.
Third: minimal server logs - when you visit blphome.org, our hosting provider (Vercel) records the time of your request, the page you requested, your approximate location derived from IP, and the user agent of your browser. These logs are retained for 30 days and then deleted. We use Plausible Analytics - a privacy-friendly, cookieless service - to count visitors in aggregate. Plausible does not set cookies and does not collect personal data; see our Cookie Policy for the technical detail.
We do not collect biometric data, government identification numbers, health information, religious affiliation, political views, sexual orientation, or any other category that GDPR Article 9 designates as special. We do not run advertising on this site, and we do not embed third-party advertising trackers. We do not use Meta Pixel, Google Ads remarketing, or any similar surveillance tools.
3. Why we process your data (legal bases)
Under the GDPR, every act of processing has to rest on a specific legal basis. We rely on four. (a) Contract performance - when you make a donation, we process your data to fulfill that gift: charge your card, issue a receipt, send the thank-you note. (b) Legal obligation - tax authorities in the US, Mexico, and Israel require us to retain donation records for between five and seven years. We have no choice about this and neither do you. (c) Consent - when you sign up for our newsletter or submit the contact form, you are giving freely-revocable consent. Every email we send contains a one-click unsubscribe link. (d) Legitimate interest - for very narrow uses, such as fraud prevention on the donation page, we rely on our legitimate interest in protecting both you and us from card-testing attacks. You may object to any processing based on legitimate interest at any time.
4. How we use, and how we do not use, your data
We use your donor data to: process your gift, issue your tax receipt within the timelines described in our Tax Information page, send you the annual statement required by tax law, and - if you have consented - send you a quarterly newsletter and an occasional invitation to a donor event in Jerusalem, New York, or Mexico City. That is the entire list. We do not score you, segment you for advertising, build a profile of your giving capacity, or sell your information to other charities or to data brokers. We do not engage "prospect research" firms.
If you donate $5,000 or more in a single calendar year and ask to remain anonymous, we honor that request fully - your name does not appear in any annual report, plaque, or public acknowledgement. If you donate $5,000 or more and do not specify a preference, we will write to ask. Major gifts are never publicized without affirmative permission.
5. Who else sees your data (third-party processors)
We work with a small set of vendors, each named here. We never share data with anyone not on this list. (a) Cardknox/Sola - payment processing. Cardknox/Sola stores card details on its own PCI-DSS Level 1 infrastructure; we receive only a token and a confirmation. Cardknox's privacy notice is available at cardknox.com/privacy-policy. (b) Resend - transactional and newsletter email delivery. Resend stores your email address and the content of messages we send you. Resend's privacy notice is at resend.com/legal/privacy-policy. (c) Vercel Inc. - website hosting and serverless function execution. Vercel stores the 30-day server logs described above and the static files of this site. Vercel's privacy notice is at vercel.com/legal/privacy-policy. (d) Plausible Insights OÜ - privacy-respecting, cookieless analytics, operated from the European Union. Plausible aggregates page-view counts and does not collect personal data. Their notice is at plausible.io/privacy.
We do not transfer donor data to any other vendor. We do not use marketing automation platforms, CRM enrichment services, or third-party retargeting networks. If, in the future, we need to add a vendor to this list, this policy will be updated and a notice will be placed on the homepage for 30 days before the change takes effect.
6. International transfers
Our records of charitable donations are held in Israel for accounting and audit purposes. Where we receive data from the European Economic Area, the United Kingdom, or Switzerland, that transfer is governed by Standard Contractual Clauses with the receiving entity, supplemented by additional safeguards as described in our internal transfer assessment. A copy of the SCCs and the assessment is available on request to gdpr@blphome.org. For transfers to the United States, we additionally rely on the EU-US Data Privacy Framework where applicable to our US sister entity. Mexican residents' data is governed by the LFPDPPP and remains processed within Mexico for donations originating there.
7. How long we keep things
Donation records are retained for seven years after the year of the gift, the longest of the periods required by US, Mexican, and Israeli tax law. Newsletter subscriber data is retained until you unsubscribe, after which we keep only the suppression record (an irreversible hash of your email address) to ensure we never re-add you accidentally. Contact-form messages are retained for two years and then deleted. Server logs are retained for 30 days. Plausible Analytics retains aggregate data for 24 months in a form that cannot be traced back to an individual visitor.
8. Your rights
Under the GDPR, you have the right to: access the personal data we hold about you; rectify inaccurate data; request erasure (subject to our legal retention obligations); restrict processing; receive your data in a portable format; object to processing based on legitimate interest; and lodge a complaint with your local supervisory authority. Under the CCPA, California residents have parallel rights to know, delete, correct, and opt out of any "sale" of personal information - we do not sell information, but the right is yours regardless. Under the LFPDPPP, Mexican residents may exercise their ARCO rights: acceso, rectificación, cancelación, oposición. We respond to all rights requests within 30 days. There is never a fee.
9. Children
This website is intended for adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with information, please contact privacy@blphome.org and we will delete it within 72 hours.
Photographs of children who live in our programs appear on this site only with the written consent of the child's legal guardian and, where the child is over the age of 12, the child's own assent. Names of children in care are never published in conjunction with identifying details. Where a story is told, names and ages are changed.
10. Security
We hold ISO 27001-aligned controls covering access management, encryption in transit and at rest, vendor risk assessment, and incident response. All staff and contractors with access to donor data complete annual privacy training. In the event of a personal data breach involving high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of it, as required by GDPR Article 34. We have not had a notifiable breach to date.
11. Changes to this policy
We review this policy annually, in January, and update it whenever there is a material change to how we collect or use data. When we update it, we revise the "Last updated" date at the top, post a notice on the homepage for 30 days, and - for material changes affecting donors - email you directly. We will never retroactively make a change to how previously-collected data is used without your consent.
12. How to reach us
Privacy questions, rights requests, complaints, or anything else: write to privacy@blphome.org. A human reads every message. We will reply within five business days and resolve within thirty. You may also write to us by post: Bayit Lepleitot, Rehov Kollel HaShomron, Jerusalem 9544105, Israel - Attn: Data Protection.
