Felons to Founders
DonateSign in

Privacy Policy

Last Updated: June 20, 2026 Controller: Felons. to Founders (F2F) Contact: info@felonstofounders.org Jurisdiction: Delaware, United States

TL;DR

  • We collect account, profile, payment, usage, and device data to run the program, process payments, prevent fraud, and improve the platform.
  • Legal bases under GDPR: contract, legitimate interests, consent, and legal obligation.
  • We do not sell your personal information. We share it only with vetted processors and as required by law.
  • You have rights to access, correct, delete, port, and object. Email info@felonstofounders.org to exercise them.
  • We retain data only as long as needed and apply industry-standard security controls.

1. Scope

This Privacy Policy explains how F2F collects, uses, discloses, and protects personal information when you use our websites, applications, and programs (the "Services"). It applies to applicants, participants, alumni, donors, mentors, and visitors.

2. Personal Information We Collect

2.1 Information You Provide

  • Identity: name, date of birth, photograph, government-issued ID when required for KYC.
  • Contact: email, phone, mailing address.
  • Background: application responses, justice-involvement disclosures you choose to share, recovery status, employment history.
  • Financial: payment card or bank details (processed by our payment processors), donation history, payout details.
  • User Content: business plans, pitches, posts, code, leaderboard submissions, support messages.

2.2 Information Collected Automatically

  • Device and Network: IP address, device ID, browser type, operating system, language, timestamps.
  • Usage: pages viewed, features used, referring URLs, session duration, clickstream.
  • Cookies and Similar Technologies: see Section 8.

2.3 Information from Third Parties

  • Authentication providers (e.g., Google) — basic profile and verified email.
  • Payment processors — transaction status and risk signals.
  • Analytics and email providers — engagement metrics.
  • Public sources and partner organizations — only where lawful and relevant to eligibility.

2.4 Sensitive Information

Some applicants voluntarily disclose criminal history, recovery, or health-related information for eligibility. We process this only with your explicit consent (GDPR Art. 9) and treat it under heightened safeguards.

3. How We Use Personal Information

  • Operate, secure, and improve the Services.
  • Evaluate applications and administer programs.
  • Process payments, donations, and disbursements.
  • Prevent unauthorized access, fraud, and abuse (including IP and device-ID analysis), and satisfy AML and sanctions screening obligations.
  • Communicate program updates, transactional messages, and — with consent — marketing.
  • Conduct research and aggregated, de-identified analytics.
  • Comply with legal obligations and enforce our Terms.

4. Legal Bases (GDPR / UK GDPR)

  • Contract — to provide the Services you request.
  • Legitimate Interests — to secure, improve, and promote the Services; balanced against your rights.
  • Consent — for marketing, optional cookies, and sensitive-category processing. You may withdraw at any time.
  • Legal Obligation — to comply with tax, AML, court orders, and regulatory requirements.
  • Vital / Public Interests — rarely, where life or public safety is at stake.

5. How We Share Personal Information

We share personal information only with:

  • Service Providers / Processors: hosting, database, authentication, payment, email, analytics, customer-support, and AI inference providers, under contractual confidentiality and security obligations.
  • Program Partners: mentors, capital partners, and reentry partners, only with your consent or as required to deliver the program you enrolled in.
  • Legal and Safety: to comply with law, valid legal process, or to protect rights, property, or safety.
  • Business Transfers: in connection with a merger, acquisition, financing, or asset sale, subject to confidentiality.

We do not sell your personal information as "sale" is defined under the CCPA/CPRA, and we do not share it for cross-context behavioral advertising.

6. International Transfers

F2F is based in the United States. If you are outside the U.S., your information will be transferred to and processed in the U.S. and other jurisdictions. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

7. Data Retention

We retain personal information only as long as needed:

  • Account and program records — duration of the relationship plus 7 years for tax, audit, and dispute purposes.
  • Payment records — as required by financial regulations (typically 7 years).
  • Marketing data — until you unsubscribe, then archived for suppression.
  • Backups — purged on rolling schedules consistent with our backup retention policy.

8. Cookies and Tracking

We use strictly necessary cookies for authentication and security, plus optional analytics cookies (loaded only after consent where required). You can manage cookies in your browser or via our cookie banner where applicable.

9. Security

We apply industry-standard administrative, technical, and physical safeguards: TLS in transit, encryption at rest for sensitive fields, least-privilege access, audit logging, MFA for administrators, and regular vulnerability review. No system is perfectly secure; you are responsible for protecting your credentials.

10. Your Privacy Rights

10.1 GDPR / UK GDPR

You may request to:

  • Access your personal information.
  • Rectify inaccurate data.
  • Erase data ("right to be forgotten").
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time without affecting prior lawful processing.
  • Lodge a complaint with your supervisory authority.

10.2 CCPA / CPRA (California Residents)

You may request to:

  • Know the categories and specific pieces of personal information collected.
  • Delete personal information, subject to exceptions.
  • Correct inaccurate information.
  • Limit use of sensitive personal information.
  • Opt out of sale or sharing (we do not engage in either).
  • Be free from retaliation for exercising your rights.

10.3 How to Exercise Rights

Email info@felonstofounders.org with the subject "Privacy Request." We will verify your identity and respond within 30 days (GDPR) or 45 days (CCPA), extendable as permitted by law. Authorized agents may submit requests with written authorization.

11. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects without human review.

12. Children

The Services are not directed to children under 18. We do not knowingly collect personal information from children. Contact us if you believe a child has provided data and we will delete it.

13. Do Not Track

We honor Global Privacy Control (GPC) signals where required. We do not respond to legacy DNT headers because no industry standard exists.

14. Changes to This Policy

We will post material changes and update the "Last Updated" date. Where required, we will notify you by email or in-product notice before changes take effect.

15. Contact

Felons. to Founders (F2F) Email: info@felonstofounders.org

EU/UK data subjects may also contact our representative via the email above; we will route requests appropriately.