Care Aid Support Initiative (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your information when you visit https://careaidsupportinitiative.org/ (our “Site”) and when you communicate with us via Meta’s WhatsApp Cloud API. By accessing or using our Site and services, you agree to the practices described in this policy.

2. Scope and Definitions

• Personal Data means any information that can identify or be linked to an individual (e.g., name, email address, phone number, WhatsApp identifier).
• Usage Data means information automatically collected when using the Site (e.g., IP address, pages viewed, browser type).
• WhatsApp Cloud API refers to the messaging integration provided by Meta Platforms, Inc. (“Meta”) that enables us to communicate with you on WhatsApp.
• Service Providers are third parties who assist us in operating our Site and providing services (e.g., hosting, analytics, customer support tools).

3. Information We Collect

1. Information You Provide Directly
   • Contact Information: Name, email address, phone number (including WhatsApp number), postal address, if you voluntarily submit it via forms, donation pages, or when contacting us.
   • Messages and Media Over WhatsApp: When you opt to communicate via WhatsApp, we collect the content of your messages (text, images, videos, documents) exchanged using Meta’s WhatsApp Cloud API.
   • Transaction Details: If you make a donation or register for an event, we collect payment details (e.g., billing address), transaction IDs, and any information necessary to process your payment.
2. Information Collected Automatically
   • Device & Usage Data: IP address, device type, operating system, browser type, pages visited, time stamps, referring URLs, and analytics data collected via cookies and similar tracking technologies.
   • Cookies and Tracking Technologies: We use cookies, web beacons, and similar tools to recognize repeat visitors, understand Site usage patterns, and tailor content. You can manage cookie preferences via your browser settings (see Section 8).
3. Information from Third Parties
   • Meta Platforms: When you message us on WhatsApp, Meta provides certain metadata (e.g., message timestamps, delivery status) about the interaction.
   • Payment Processors: We may receive transaction confirmation and verification data from service providers like Paystack, Stripe, or other processors.

4. How We Use Your Information

1. To Provide and Improve Services
   • Respond to your inquiries and requests.
   • Manage donations, event registrations, and other transactions.
   • Personalize and optimize your experience on the Site.
   • Monitor Site usage and improve functionality.
2. WhatsApp Communication (Meta’s WhatsApp Cloud API)
   • Message Delivery & Support: Facilitate two-way messaging so you can ask questions or request support.
   • Notifications & Updates: Send announcements, event reminders, or confirmation messages (e.g., donation receipts).
   • Record Keeping & Analytics: Track conversation metadata (timestamps, message statuses) to improve our customer support and outreach efforts.
3. Marketing & Outreach
   • Send newsletters, updates, or promotional communications (only with your consent where required by law).
   • Analyze aggregate data to better understand outreach effectiveness.
4. Legal Compliance & Protection
   • Comply with applicable laws, regulations, and legal processes.
   • Detect, prevent, and address fraud, security, or technical issues.

5. Legal Basis for Processing (where Applicable)

• Consent: When you opt in to newsletters or choose to communicate via WhatsApp, you consent to our processing of your Personal Data for those purposes.
• Performance of a Contract: Processing necessary to fulfill transaction requests (e.g., donations, event registrations).
• Legitimate Interests: Processing necessary for Site administration, security, analytics, and improving our services—provided your rights and freedoms are not overridden.
• Legal Obligation: Processing necessary to comply with legal or regulatory requirements.

6. Data Sharing and Disclosure

1. Meta Platforms (WhatsApp Cloud API)
   • What We Share:
     • Your WhatsApp phone number (as provided when initiating contact).
     • Content of messages you send to us (text, images, documents).
     • Metadata about the conversation (timestamps, message statuses, device information).
   • Why We Share:
     • To enable two-way communication via WhatsApp. Meta processes and stores your information in accordance with their Privacy Policy and Terms of Service.
   • Data Retention by Meta:
     • Meta retains message content and metadata according to their internal policies. We do not control retention once messages are processed by Meta’s infrastructure.
2. Service Providers & Sub-Processors
   • We may share Personal or Usage Data with:
     • Hosting & Infrastructure (e.g., AWS, Vercel) to host the Site.
     • Analytics providers (e.g., Google Analytics) to monitor Site usage.
     • Payment Processors (e.g., Paystack, Stripe) to facilitate transactions.
     • Email & Communication Tools (e.g., Mailgun, SendGrid) to deliver newsletters and notifications.
   • Each vendor is contractually obligated to:
     • Use your data solely to provide specified services.
     • Maintain appropriate security measures.
     • Not sell or rent your data.
3. Legal & Safety
   • We may disclose your information if required by law, subpoena, court order, or government authority.
   • We may also share your data if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, potential threats to safety, or violations of our Terms of Service.
4. Business Transfers
   • If we undergo a merger, acquisition, or asset sale, your information may be transferred. You will be notified via email or prominent notice on our Site if such transfer occurs and a different privacy policy applies.

7. WhatsApp Cloud API (Meta)—Specific Details & Requirements
To comply with Meta’s WhatsApp Cloud API activation requirements, we include the following disclosures:

• Service Provider: Meta Platforms, Inc. (“Meta”) processes WhatsApp messages and metadata as our authorized data processor.
• Data Collected via WhatsApp:
  • Message content (text, images, attachments) you share with us.
  • Metadata (timestamps, message status, device type).
  • Your WhatsApp phone number (to route messages).
• Purpose: To provide customer support, donation confirmations, event updates, and general information.
• Processing Location: Messages and metadata are processed and stored on servers operated by Meta (locations may vary globally).
• Retention Period: We retain messages and associated metadata in our internal systems for up to 24 months to ensure service continuity and auditing. Meta retains data per their internal schedules—please see Meta’s policies for specific retention timelines.
• User Rights:
  • You can opt out of WhatsApp communications at any time by sending us a message stating “STOP” or by contacting us through alternate channels.
  • For any questions about how Meta processes your data via WhatsApp, you may review Meta’s Privacy Policy or contact Meta directly.
• Security Measures:
  • WhatsApp messages are end-to-end encrypted between you and Meta.
  • We do not store WhatsApp messages in plain text on our servers once processed; instead, they are stored in encrypted databases.
  • Access to message logs is restricted to authorized personnel only.

8. Cookies, Tracking Technologies & Third-Party Tools

1. Cookies & Similar Technologies
   • We use cookies (session cookies and persistent cookies) to:
     • Remember your preferences (e.g., language choice).
     • Analyze Site usage (via Google Analytics or similar).
     • Improve Site functionality and performance.
   • You can manage cookies by adjusting your browser settings. Disabling cookies may limit certain Site features.
2. Third-Party Analytics & Advertising
   • We use Google Analytics (or equivalent) to collect aggregated Usage Data. These tools use their own cookies and tracking mechanisms.
   • We do not share your Personal Data with advertising networks for behavioral advertising.
   • We may use social media plugins (e.g., Facebook “Like” button, Twitter “Tweet” button). Your interactions with these plugins are governed by the respective third party’s privacy policy.

9. Data Retention

• We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this policy, including:
  • Complying with legal obligations (e.g., financial record-keeping for donations—minimum of 7 years).
  • Resolving disputes, enforcing agreements, and protecting our legal rights.
  • Providing ongoing support and communications via WhatsApp (typically up to 24 months).
• After these retention periods expire, we will delete or anonymize your information unless we are legally required to retain it longer.

10. Data Security
We implement commercially reasonable technical and organizational measures to protect your Personal Data, including but not limited to:

• Encryption: Transport Layer Security (TLS) when data is transmitted; encrypted databases for data at rest.
• Access Controls: Role-based access restrictions; multi-factor authentication for administrative access.
• Regular Audits: Periodic security assessments and vulnerability scanning.
• Incident Response: In the event of a data breach, we will notify affected individuals and relevant authorities per applicable law (e.g., within 72 hours under GDPR).

11. International Data Transfers
As an organization operating in Nigeria, some of the personal data we collect may be transferred, stored, or processed by our Service Providers in jurisdictions outside of Nigeria (e.g., Meta’s servers, AWS, Google Analytics). Whenever we transfer data internationally, we rely on:

• Adequacy Decisions (where available).
• Standard Contractual Clauses or other approved transfer mechanisms ensuring that recipients provide appropriate safeguards.

12. Your Rights and Choices
Depending on your location and applicable law, you may have the following rights regarding your Personal Data:

1. Access & Portability: Request a copy of the Personal Data we hold about you in a structured, machine-readable format.
2. Correction: Request correction of inaccurate or incomplete data.
3. Deletion (Right to be Forgotten): Request deletion of your Personal Data, except where we need it to comply with legal obligations or for legitimate business purposes.
4. Restriction of Processing: Request to limit how we use your data (e.g., if you contest its accuracy).
5. Objection to Processing: If we process your data based on legitimate interests, you can object and ask us to stop unless we have compelling legitimate grounds.
6. Withdraw Consent: Where processing is based on your consent (e.g., marketing communications), you may withdraw at any time.
7. Opt Out of Marketing & WhatsApp:
   • Unsubscribe from newsletters via the “unsubscribe” link in emails.
   • Stop WhatsApp messages by sending “STOP” or contacting us at privacy@careaidsupportinitiative.org.

To exercise any of these rights, please contact us as outlined in Section 15. We may require verification of identity before fulfilling certain requests. We will respond to requests in accordance with applicable law.

13. Children’s Privacy
Our Site is not intended for children under the age of 16. We do not knowingly collect Personal Data from children under 16. If you believe that a child under 16 has provided us with their data, please contact us (see Section 15) so we can delete it.

14. Third-Party Links and Websites
Our Site may contain links to third-party websites (e.g., donation platforms, social media). We do not control or endorse these sites, and this Privacy Policy does not apply to any information you provide to third parties. Please review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time (for example, when new features are added or to comply with new legal requirements). When we do, we will:

1. Post the updated date at the top of this policy.
2. Provide a prominent notice on our Site for substantial changes (e.g., banner notification).
3. Share a summary of material changes via email to registered users (if required by law).

Your continued use of our Site after revisions constitutes acceptance of the updated policy.

16. Contact Information
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: privacy@careaidsupportinitiative.org

Our Data Protection Officer will respond to your inquiry within a reasonable timeframe, typically within 30 days.

17. Miscellaneous

• Governing Law: This Privacy Policy is governed by the laws of the Federal Republic of Nigeria.
• Severability: If any portion of this policy is found invalid, the remaining provisions shall continue in full force and effect.
• No Waiver: Failure to enforce any right under this policy does not constitute a waiver of that right.

Effective Date: June 6, 2025

Thank you for trusting Care Aid Support Initiative with your information. We are dedicated to handling it responsibly and transparently.