Privacy Policy

Effective date: March 18, 2022

(A) – Intent of this policy:

The following constitutes the Freedom of Form Foundation, Inc’s (the FFF) integrated Privacy Policy as it relates to the collection and use of any personal information.

We take your privacy seriously, because it’s the right thing to do. We’re not going to be careless with your information or expose it to leaks, and we won’t use your info for targeted advertising.

This policy is intended to be fairly comprehensive, no matter where you interact with the FFF. This policy specifically covers:

  • Your use of the website https://freedomofform.org.
  • Your interaction on communal, semi-public, or publicly interactive spaces including:
    • The Freedom of Form Foundation server on Discord,
    • Twitter, or
    • In meetings or interactive Q&A sessions in Zoom, Jitsi, or otherwise;
  • Media hosting services including:
    • YouTube or
    • SoundCloud; 
  • Merchants or financial platforms including:
    • Redbubble,
    • CafePress,
    • PayPal, or
    • Patreon; 
  • Internal FFF services and infrastructure used by volunteers;
  • Any other spaces managed exclusively by the Freedom of Form Foundation; and
  • Any other communication methods including email, phone call, or postal mail.

(B) – Collection and retention of personal or contact information:

(B1) – Info collected during donations or purchases:

If you generously decide to support us on Patreon, purchase merchandise from our page on Redbubble, or donate to us through some other means such as PayPal, you will generally be providing us with your contact information, such as a mailing address. In some cases, you can choose to avoid providing us some or all of that information (such as hiding your mailing address on Patreon, or donating anonymously). However, your mailing address is required to receive physical goods, such as Patreon rewards you’re entitled to. Please note that since these records relate to transactions and donation records, we need to retain them for 7 years according to business best-practices and Internal Revenue Service expectations.

(B2) – Info collected from applicants and internal personnel:

If you submit an application (to be considered for either (1) a volunteer, employee, or other open position, or (2) project funding via a grant or award), or if you join our organization as a volunteer, employee, or other member of our personnel, you will be providing us with personal and contact information. Info associated with application materials is retained for 3 years. Personal records for internal personnel are retained for 7 years.

(B3) – Info collected from community members, or general comments or communications:

We do not collect personally identifiable information from people participating in our community. If you are sending us an email for general correspondence, leaving a comment on Twitter, YouTube, or SoundCloud, or participating in our Discord server, we don’t collect, nor do we want to collect, your personal information. Please note that general communications, in the course of your community participation, may be archived by the respective services, such as Twitter, YouTube, SoundCloud, or Discord.

We do not keep additional records of these communications in normal circumstances. We make three exceptions:

  • First, communications sometimes have interesting suggestions, ideas, or other information, that we might like to build on or integrate with additional research or other work. In these cases, we may keep a backup of the communication in our records, so that we can properly cite you later. We will try to obtain your permission before citing you, but this might not be possible if we can’t track you down later. Therefore, please keep in mind that suggestions, ideas, or other information you provide in public and semi-public places may, unless you specify otherwise, be cited by us.
  • Second, in rare cases, communications break our standards or our rules, and we may need to conduct moderation activities and/or a more comprehensive investigation under our Code of Conduct. In these cases, we will need to retain the communications as part of our records.
  • Third, we might like to feature communications or other content for public interest, such as due to interesting, positive, or inspiring contents. In these cases, we will explicitly ask your permission before featuring your communication publicly.

(B4) – Info collected for special activities or events:

From time to time, we enjoy hosting special activities and events. In order to pull these off, we collect additional information from participants who opt in. For example, suppose we are organizing a group activity that we can only afford if everyone pays part of the cost, and that requires more specific information (e.g. payment information, reference sheets, dietary restrictions, etc) from each participant. It is possible that we collect info from you in two or more stages, such as an initial form to state your interest, followed by more specifics (such as a PayPal address, and committing to participation in the activity or event) later.

If you expressly commit to participate, you authorize us to share info as needed with third parties who are helping us run the activity or event (such as artists, caterers, payment platforms, etc), but no other third parties.

In cases where the FFF is party to a financial transaction or contractual relationship, we may be required to retain your contact info and/or mailing address connected to that transaction as described in section B1. Information about your preferences, such as if we gather reference sheets for art, or dietary preferences, will be deleted after the activity or event has concluded unless you specifically authorize us to retain that information for future activities and events. If you remove your authorization later, we will delete the information about your preferences. Note that it might not be possible for us to retain information about your preferences, even if you authorize us to keep it, due to database management complexity. If in doubt, we’ll delete it rather than retain it, to protect against mistakes, leaks, and administrative burden.

(B5) – Linkage of information:

In many cases, you will be interacting with the FFF across several services or domains. If your contact information is the same across services, or if you specifically inform us of your contact info or usernames across services, then we will be able to correctly associate and link that info with you.

Linked information lets us work with you more effectively. For example, you might be participating in our Discord and supporting us on Patreon. In this example, linkage of your information allows us to correctly give your Discord account access to a channel on our Discord server that is exclusive to Patrons.

If you authorize us to retain information about your preferences as described in section B4, that information may be linked with the rest of your information for as long as your authorization is in place.

(B6) – Your info when working with third parties:

If you provide personal or contact information while making donations to the FFF, or purchasing FFF-branded merchandise, through third-party platforms such as Patreon, PayPal, or Redbubble, then your info will additionally be handled by those services in accordance to their respective privacy policies, on top of the FFF’s Privacy Policy herein. Please be sure to review their policies carefully before agreeing to those services’ terms.

In limited circumstances, information you provide on one service may need to be shared with a different service strictly to fulfill our obligations to you, and the information shared will be the minimum needed by the third party. For example, if you share your mailing address with the FFF using Patreon, and we owe you a coffee mug, then we will need to share your mailing address with Redbubble in order to send you the mug. The information shared will be the minimum required for the function; Redbubble would not get any extra details they don’t need to fulfill the order.

We do not sell or rent your information to third parties.

(B7) – Our handling of info during or pertaining to an investigation:

Our policy includes situations pertaining to an investigation, including suspected or likely Code of Conduct violations, or legal or regulatory situations requiring our attention. People submitting information pertaining to an investigation, as well as all parties connected to an investigation, are covered in this policy, whether or not any or all parties are acting reasonably and in good faith, in order to ensure the investigation reaches a correct, true, fair, and just conclusion.

During the course of an investigation, we will protect personal and contact information, confidential information, correspondence and evidence used in the investigation, as well as other sensitive information such as narratives of how people have acted in the events under investigation, from public disclosure. Moreover, we will comply with regulations and best practices for handling legally confidential information which includes, but is not limited to, communications made under bona fide attorney-client privilege, communications made under non-disclosure agreements, trade secrets, and personally identifiable information as defined under Massachusetts G.L. c.93H.

Be aware that if you submit information to us for an investigation, we may elect to, and may or may not be obligated to, share it with parties that have an interest in the investigation, including legal counsel, plaintiffs or potential plaintiffs, and defendents or potential defendents. If you submit information under condition of anonymity, we will respect your wishes.

If you are a party to an investigation, we may elect to, and may or may not be obligated to, share your info with any other parties with an interest in the investigation, including legal counsel, plaintiffs or potential plaintiffs, and defendents or potential defendents. Likewise, we might receive information about you from other parties interested in the investigation, and will protect all such information similarly. More specifically, we may be required to share your info by legal request or subpoena. Any information we share will be the minimum we judge is necessary for a true and complete representation of events or activities relevant to the investigation, and/or compliance with the spirit and the letter of a legal request or subpoena. Legally confidential information will only be shared upon legal request or subpoena.

During or after an investigation or legal proceeding, we might occasionally find it beneficial or necessary to disclose information or make public statements such as open letters. For example, all parties might reach an amicable agreement, and might collectively agree to release a statement describing the events and any resolutions. In making such a statement, and motivated to preserve amicability between parties, we will remove details such as by anonymizing names that are unnecessary for public release. Alternately, in rare cases, we might have sufficient cause to conclude a party has acted unreasonably or in bad faith, and publicly release information such as evidence or a description of the events under investigation, in order to properly defend ourselves, our allies, or our interests. Even in such cases, we will comply with regulations and best practices for handling legally confidential information.

(B8) – Unsolicited information:

If we do not consent to receive your information, we refer to that as Unsolicited Information (UI). UI includes, but is not limited to:

  • SPAM,
  • Incoherent complaints not involving Code of Conduct violations,
  • Sensitive or personally identifiable information of people sent by others who should not have that info,
  • Trade secrets to which we are not a party, or
  • Info sent to us accidentally

Nevertheless, when we receive UI, we will apply all relevant portions of our policies to the best of our ability, especially including “Our handling of info during or pertaining to an investigation”. Any UI we receive will be bound exclusively by our standards and practices, including this Privacy Policy. Effective no later than March 18th, 2022, we explicitly do not accept any other standards or policies you might claim to impose. Sending us UI does not obligate the FFF to you in any way. If you believe a different standard or policy for sharing information is needed, that must be negotiated in advance.

If unsolicited information is sent to us by accident, then, on a best-effort basis, we will try to keep it confidential without disclosing to any third parties, notify the sender, and delete the information, but we cannot accept any obligation or liability for doing so.

(B9) – Security of your information:

Security of your data follows our Written Information Security Program.

(B10) – Updating or correcting your information:

If your information, such as contact information, has changed, you can let us know by sending an email to [email protected]. The same applies if you suspect or discover that the information we have is erroneous. If you update or correct your info, that does not reset the time until data deletion.

For example, suppose a volunteer departs the Organization. Our record of their information expires 7 years thereafter. However, suppose the former volunteer lets us know they changed their name 3 years after they departed. Their PI will be updated in our system, but their PI will still expire on the same timeline: 4 years from that date, for a total of 7 years after their departure.

You can always ask us about the amount and types of information, such as personal and contact information, that we have on record for you by emailing [email protected]. However, please note that our responses will be carefully written to not reveal any information to possible attackers, unless we can verify the email address from which you message us matches our existing records and we can be sure that the email connection is encrypted and secure.

(C) – Cookies:

(C1) – First-party cookies:

This website does not use tracking or analytics of user behavior or navigation, and does not store long-lived tracking or analytics cookies on your computer. First-party cookies are not connected to personally identifiable information in any way. There are limited number of required cookies that help protect this website against hacking and malicious attacks, and a cookie used to remember whether or not you opt in to third-party cookies, below.

(C2) – Third-party cookies connected to optional features of this website:

If you elect to use third-party services, such as YouTube video embeds and SoundCloud podcast embeds, to watch or listen to media posted on this website, those third-party services will place additional cookies on your device.  Those cookies will be used for tracking, analytics, and targeted advertising by those services. We have no control over the cookies used by those services.

While the FFF is able to review basic analytics of user behavior connected to use of the embedded media, such as average viewing time, the FFF does not have access to, nor interest in accessing, any other tracking, analytics, or targeted advertising capabilities. If you do not want to allow these third-party cookies, then, when first visiting this website, click “Settings” on the banner that appears at the bottom of our website. Un-check the “YouTube” and “SoundCloud” on your cookie settings, then click “Update settings”.

(C3) – Third-party cookies on other websites:

Your use of other, third-party websites, such as YouTube’s full website, SoundCloud’s full website, Twitter, Patreon, Redbubble, etc will be subject to how those websites use cookies. Please review their cookie policies before deciding whether or not to use those services.

(D) – Links:

This website links to other websites. With the exception of the pages or channels we maintain on Patreon, Redbubble, YouTube, Twitter, PayPal Giving Fund, SoundCloud, and so on, we are not responsible for the broader arrays of content of those other websites, nor are their policies under our control. We encourage our visitors to carefully review the privacy policies of any other site they visit.

(E) – Notification of changes:

In the event this Privacy Policy changes, visible notice will be given in a fashion standard to the industry, such as via a notice on a user notification/acceptance banner. Continuing to use our website after receipt of such notice constitutes acceptance of any changes in our Privacy Policy that we post.

(F) – Contact:

If you have any questions about our Privacy Policy or if you wish to reach out to us for any reason, please contact us at [email protected].

Our Data Security Coordinator is Ramon Reyes. If you want to speak to our Data Security Coordinator, he can also be reached via [email protected].