Privacy Policy

We Connect The Dots, Inc. ("WCTD," "we," "our," or "us") is a 501(c)(3) nonprofit dedicated to STEAM education. We respect your privacy and are committed to protecting the personal data of our students, families, donors, partners, and website visitors. This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for visitors in the European Economic Area (EEA), the United Kingdom, and Switzerland; the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA); and the Children's Online Privacy Protection Act (COPPA) for users under 13 in the United States.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily submit through forms, program applications, donations, communications, and other interactions with WCTD, including:

• Name, email address, phone number, and mailing address
• Date of birth or age range (for program eligibility)
• Parent or guardian contact information (for participants under 18)
• School or employer affiliation
• Demographic information you choose to provide (for grant reporting and equity tracking)
• Program application materials, responses, and project submissions
• Donation details, including payment method information processed by our payment providers
• SMS opt-in consent and mobile phone number (see our SMS Opt-In Terms)
• Any additional details you provide in messages, inquiries, or surveys

1.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• IP address and approximate geographic location
• Browser type, operating system, and device information
• Pages visited, time spent, and referring websites
• Cookies and similar tracking technologies

1.3 Information from Third Parties

We may receive information about you from partner organizations, grant-making agencies, workforce experience partners, educational institutions, and social media platforms when you interact with our content on those platforms.

2. How We Use Your Information

We use your personal data for the following purposes:

• Operating and delivering our programs (UpSkill, Hack-A-Thon, Student-Led Programs, Community Ambassador Program, AmplifiCore, and others)
• Communicating with you about program updates, events, and opportunities
• Processing donations and providing donor acknowledgments and tax receipts
• Responding to inquiries and requests for information
• Sending email and SMS communications you have opted into
• Reporting aggregate, non-identifying outcomes to funders, grantors, and government agencies (e.g., NYS Department of Labor, Charlotte Mayor's Office)
• Improving our website, programs, and user experience
• Preventing fraud, abuse, and security incidents
• Complying with legal and regulatory obligations

3. Legal Bases for Processing (GDPR)

If you are located in the EEA, UK, or Switzerland, we process your personal data only when we have a lawful basis to do so:

• Consent — when you voluntarily submit information, opt in to communications, or enroll in programs
• Contract — when processing is necessary to deliver a program or service you've requested
• Legitimate interest — to improve our website, operate our nonprofit, and communicate with our community in ways you would reasonably expect
• Legal obligation — to comply with applicable laws, grant reporting requirements, and regulatory requests

You may withdraw your consent at any time by contacting us using the details in Section 12.

4. Children's Privacy

4.1 Children Under 13

Our website and programs are not directed to children under 13 without verifiable parental consent. We do not knowingly collect personal information from children under 13 without first obtaining consent from a parent or legal guardian. If you believe we have inadvertently collected information from a child under 13, please contact us immediately so we can delete it.

4.2 Minors Ages 13 to 17

For program participants under 18, we require parent or guardian consent before enrollment, collection of personally identifiable information beyond what's needed for initial contact, and any SMS communications. Parents and guardians may review, correct, or request deletion of their child's information at any time.

4.3 Student Work and Portfolios

With appropriate consent, we may showcase student work, photos, or video from WCTD programs for educational, promotional, or grant-reporting purposes. Parents, guardians, or participants can opt out of such uses at any time by contacting us.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and session information
• Analyze site traffic and understand how visitors use our website
• Deliver a smoother and more relevant experience

You can control cookies through your browser settings. If you are located in the EEA or UK, you will be shown a cookie consent banner allowing you to accept or decline non-essential cookies. Disabling cookies may affect certain website features.

6. How We Share Your Information

We do not sell your personal data. We do not rent, trade, or share your personal information with third parties for their own marketing purposes.

We may share your data only in the following limited circumstances:

• Service providers — trusted vendors who help us operate our website, deliver email and SMS, process donations, host events, and manage programs (e.g., Squarespace, Microsoft, Twilio, payment processors). All providers are contractually required to protect your data and use it only on our instructions.
• Program partners — when you enroll in a program, we may share relevant information with workforce experience hosts, educational partners, or scholarship funders as needed to deliver the program, with your consent.
• Nebula Academy — for programs we co-deliver with Nebula Academy (such as UpSkill and AmplifiCore), we may share participant information with Nebula under a data sharing agreement consistent with this policy.
• Grant and government reporting — aggregate, de-identified outcome data shared with funders and government agencies as required by grants (e.g., WIOA, NYS DOL).
• Legal authorities — when required by law, subpoena, court order, or to protect the rights, property, or safety of WCTD, our participants, or the public.

7. International Data Transfers

WCTD is based in the United States. If you are located outside the US, your personal data will be transferred to and processed in the United States, where our service providers operate. We rely on lawful transfer mechanisms, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Additional technical and organizational security measures

8. Data Retention

We retain your personal data only for as long as necessary to:

• Deliver the programs and services you've requested
• Fulfill legal, tax, grant, and audit obligations (typically 7 years for donor and financial records)
• Resolve disputes and enforce our agreements
• Maintain accurate alumni and outcome records for nonprofit reporting

Marketing and SMS communication data is retained until you unsubscribe or request deletion. Inactive website visitor data is typically deleted within 26 months.

9. Your Privacy Rights

9.1 GDPR Rights (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete information
• Delete your data ("right to be forgotten")
• Restrict or object to our processing
• Withdraw consent at any time
• Receive a copy of your data in a portable format
• Lodge a complaint with your local data protection authority

9.2 CCPA / CPRA Rights (California Residents)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Correct inaccurate personal information
• Opt out of any "sale" or "sharing" of personal information (note: we do not sell or share personal information as defined by CCPA)
• Limit the use of sensitive personal information
• Non-discrimination for exercising your rights

9.3 How to Exercise Your Rights

To exercise any of these rights, contact us using the details in Section 12. We will respond within the timeframes required by applicable law (generally 30 days for GDPR, 45 days for CCPA). We may need to verify your identity before processing your request.

10. Data Security

We use reasonable administrative, technical, and physical safeguards to protect your personal information, including encryption in transit, access controls, and regular security reviews. However, no method of online transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Third-Party Links

Our website may contain links to external websites, including partner organizations, funders, and social media platforms. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any site you visit through our links before providing personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Updates will be posted on this page with a revised "Last updated" date. Material changes will be communicated via email or prominent notice on our website where feasible.