Game for America
Donate Get Involved
Privacy Policy

How we handle your data.

This policy describes what personal information Game for America collects, how we use it, and the choices you have. It’s written to be readable, not to be a legal shield. If anything isn’t clear, email privacy@gameforamerica.org.

Effective date[DATE] Last updated[DATE] Version1.0

1. Who we are

Game for America is a [STATE] nonprofit public benefit corporation, currently in the process of obtaining 501(c)(3) status from the IRS. During the application period we operate under the fiscal sponsorship of [SPONSOR NAME], which handles certain legal and financial functions on our behalf.

Our website is gameforamerica.org. This policy covers information we collect through the website, our forms, our email correspondence, and any events we run.

2. Information we collect

We collect personal information you give us directly, and a small amount of technical information automatically.

Information you give us

  • Fellowship applications — name, email, location, pronouns (optional), role interests, impact-area interests, portfolio URL, LinkedIn URL, free-text essay responses, U.S. work authorization status, and how you heard about us.
  • Host inquiries — organization name and type, your name and role, work email, approximate budget, impact-area interests, and a free-text description of the problem.
  • Partner Studio inquiries — studio name and size, your name and role, work email, studio website, tier and contribution-mode interests, and a free-text description of your studio’s interest.
  • Donations — name, email, billing address, payment information, and gift amount and frequency. Payment information is handled by our donation processor (Every.org) and is not stored on our servers.
  • Email correspondence — anything you send us by email, including your email address and the content of your messages.

Information collected automatically

  • Server logs — our hosting provider (Netlify) logs basic request information including IP address, user agent, referer, and the time of the request. Typically retained for 30 days.
  • No analytics or tracking cookies — the website does not currently use Google Analytics, Facebook Pixel, or any third-party tracking. If we add lightweight, privacy-respecting analytics in the future (e.g., Plausible or Fathom), we’ll update this policy and add a notice.
What we don’t collect: Social Security numbers, government ID numbers, financial-account credentials, biometric data, or precise geolocation. Application forms ask about work authorization, not citizenship or immigration status.

3. How we use it

We use personal information only for the purposes for which it was collected, including:

  • Reviewing fellowship applications and corresponding with applicants about status and next steps.
  • Following up with host and partner inquiries to evaluate fit and discuss potential engagements.
  • Processing donations and issuing tax acknowledgment letters.
  • Sending operational communications — for example, confirmation that we’ve received your application.
  • Sending newsletters and updates, but only to people who’ve explicitly subscribed.
  • Aggregate analysis and reporting — we may report on application volume, cohort demographics, and similar metrics in our annual report, always in aggregate, never identifying individuals.
  • Compliance and legal obligations — for example, responding to lawful requests from regulators or in litigation.

We do not use your information for advertising, profiling, or training of artificial-intelligence models.

4. Who we share with

We do not sell, rent, or trade personal information. We share information only as follows:

  • Service providers under contract who help us run the organization. Currently these include Netlify (hosting and form processing), Google Workspace (email and document storage), and our donation processor. Each is bound by a data protection agreement that limits use of the data to providing the service to us.
  • Fiscal sponsor [SPONSOR NAME] for purposes of donation processing, tax acknowledgment, and any employment functions during the 501(c)(3) application period.
  • Host organizations, but only for fellowship finalists who’ve consented to be introduced. Information shared at that stage is limited to what’s relevant for the matching conversation.
  • When required by law — in response to a subpoena, court order, or other legal process, after evaluating the request for validity and scope. We will notify you unless legally prohibited.
  • In connection with a merger or transfer — if Game for America merges with or transfers operations to another nonprofit, your information may transfer subject to this policy.

5. How long we keep it

  • Fellowship applications — non-selected applications retained for two years to evaluate cohort trends, then deleted. Selected fellows’ records retained for the duration of their fellowship plus seven years (employment records).
  • Host and partner inquiries — retained as long as the relationship is active, then for three years after the last contact.
  • Donor records — retained for seven years after the last donation (IRS recordkeeping).
  • Email correspondence — retained per the Document Retention Policy. General correspondence is kept for three years.
  • Newsletter subscriptions — until you unsubscribe, plus a short grace period for our records.
  • Server logs — 30 days.

6. How we protect it

We implement security measures appropriate to the sensitivity of the information, including:

  • TLS encryption in transit (HTTPS for the website, encrypted email connections)
  • Access control following the principle of least privilege
  • Multi-factor authentication on all administrative accounts
  • Vendor agreements with service providers that include security and breach-notification obligations
  • An incident-response plan in case of a security breach

No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and the appropriate authorities as required by law, typically within 72 hours of discovery.

7. Your rights & choices

Regardless of where you live, you have the following rights regarding your information:

  • Access — ask us what personal information we hold about you
  • Correction — ask us to fix inaccurate information
  • Deletion — ask us to delete your information, subject to legal retention requirements
  • Portability — ask us to provide your information in a portable format
  • Withdrawal of consent — for anything we do based on your consent
  • Opt-out of newsletters — via the unsubscribe link in any newsletter or by emailing us

To exercise any of these rights, email privacy@gameforamerica.org. We’ll respond within 30 days. We may need to verify your identity before acting on certain requests.

California residents: the California Consumer Privacy Act gives you additional rights, including the right to know what categories of personal information we’ve collected, sold, or shared (we don’t sell or share for advertising), and the right to be free from discrimination for exercising these rights. We honor verified requests under the CCPA.

EU/UK residents: our lawful bases for processing under the GDPR/UK GDPR are (a) your consent (for newsletters and similar), (b) contract performance (for applications and inquiries you submit), and (c) legitimate interests (for security, fraud prevention, and basic operations). You have the right to lodge a complaint with your supervisory authority if you believe we’ve mishandled your data.

8. Cookies & analytics

This site uses no tracking cookies. We do not run Google Analytics, Facebook Pixel, or any third-party advertising or behavioral-tracking tools.

We may use technically necessary cookies in the future (e.g., to remember your preference if we add a dark-mode toggle). If we add privacy-respecting aggregate analytics, we’ll update this policy first.

Third-party fonts: we load fonts from Google Fonts (fonts.googleapis.com). This causes your browser to send Google a request that includes your IP address. Google’s documentation states they don’t use this data to identify individuals, but if you’d like to avoid even this connection, you can block requests to fonts.googleapis.com in your browser; the site will fall back to system fonts.

9. Children’s privacy

This website is intended for adults. We don’t knowingly collect information from anyone under 13. If you believe a child has submitted information to us, please contact us and we will delete it.

Note: certain programs we run may involve minors as end-users of host-organization products. That activity is governed by our Safeguarding Policy and by host-specific agreements, not by this website privacy policy.

10. Donor privacy

Beyond the general protections above, donor information receives additional care:

  • We never sell, rent, or trade donor lists. Period.
  • Donor recognition (in annual reports, on the website, etc.) is opt-in. You can choose to remain anonymous or to be recognized only at a level (without name) at any time.
  • Donor information is shared with our fiscal sponsor solely for processing and tax acknowledgment, and with our auditors as required.
  • Donor contact information is used only for stewardship — gift acknowledgments, annual reports, occasional updates. You can opt out of all donor communications without affecting our acceptance of your gift.

11. Changes to this policy

We may update this policy as the organization evolves or as the law requires. We’ll change the “last updated” date at the top, and for material changes we’ll notify you by email (for people who’ve given us their email) or with a notice on the homepage. Continuing to use the website after a change means you accept the updated policy.

12. How to contact us

For any privacy-related question, request, or concern:

If you’re not satisfied with our response, you may also contact your state’s consumer-protection office, your country’s data-protection authority, or the IRS Tax Exempt and Government Entities division (for concerns about nonprofit operations).