Privacy Policy.

The Black Heart Association ("BHA," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, communicate with us via phone or text message, make a purchase or donation, or otherwise interact with us.

By using our website or services, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our website and services.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide when you:

  • Register for an account, event, or program

  • Make a donation or purchase merchandise

  • Subscribe to newsletters or communications

  • Contact us via phone, email, text message, or online form

  • Participate in surveys, programs, or promotions

This information may include:

  • Contact Information: Name, email address, mailing address, and phone number

  • Payment Information: Credit/debit card details and billing address (processed securely through our payment provider, Stripe)

  • Communications: Content of messages you send or receive through our services, including text messages and phone calls

  • Health-Related Information: Information you voluntarily provide related to your health or wellness in connection with our programs and services

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

  • Device Information: Browser type, operating system, device type, and screen resolution

  • Usage Data: Pages visited, links clicked, time spent on pages, and referring URLs

  • Network Information: IP address and approximate geographic location

  • Cookies and Similar Technologies: Data collected through cookies, web beacons, and similar tracking technologies (see Section 6)

1.3 Information from Third Parties

We may receive information from third-party partners, service providers, or public sources to supplement the information we collect directly.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Processing donations, purchases, event registrations, and program enrollments

  • Communications: Sending appointment confirmations, reminders, scheduling updates, and other transactional messages via SMS, email, or phone

  • Customer Support: Responding to inquiries, providing assistance, and resolving issues

  • Marketing (with your consent): Sending newsletters, promotional materials, and updates about our programs and events

  • Website Improvement: Analyzing usage patterns to improve website functionality, performance, and user experience

  • Security: Detecting, preventing, and addressing fraud, unauthorized access, and other security concerns

  • Legal Compliance: Fulfilling legal obligations and enforcing our terms of service

3. SMS / Text Messaging Program

3.1 Consent to Receive Messages

By providing your phone number and opting in to receive text messages — whether through our website, online forms, booking page, or by providing verbal consent during a phone call — you agree to receive SMS and MMS messages from the Black Heart Association.

Consent to receive text messages is not a condition of purchase, donation, membership, or use of any of our services.

3.2 Types of Messages

We may send the following types of text messages:

  • Transactional/Informational: Appointment confirmations, appointment reminders, rescheduling and cancellation confirmations, scheduling communications, missed call follow-ups, and customer support messages

  • Promotional/Marketing: Special offers, event announcements, program updates, and re-engagement messages. Marketing messages will only be sent if you have separately and explicitly opted in to receive them.

3.3 Message Frequency and Costs

Message frequency varies based on your interactions and preferences. Message and data rates may apply depending on your mobile carrier and plan. The Black Heart Association does not charge for sending or receiving text messages, but your carrier's standard messaging rates may apply.

3.4 Opt-Out

You may opt out of receiving text messages at any time by replying STOP to any message from us. You will receive a single confirmation message, and no further text messages will be sent. To re-subscribe, reply START.

3.5 Help

For assistance with our text messaging program, reply HELP to any message from us, or contact us using the information in Section 12 below.

3.6 Carrier Disclaimer

Carriers are not liable for delayed or undelivered messages. Text messaging services are compatible with most major U.S. mobile carriers.

3.7 No Sharing of Opt-In Data

We will not share, sell, or distribute your phone number, SMS opt-in data, or consent information with any third parties for their marketing purposes. This data will only be used by the Black Heart Association and our service providers to deliver the messages you have consented to receive.

4. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party vendors who assist us in operating our website and delivering our services, including:

  • Payment Processing: Stripe (for secure payment handling)

  • Telephony and Messaging: Twilio (for phone and SMS services)

  • Website Hosting: Amazon Web Services (AWS)

  • Email Communications: SendGrid (for email delivery)

These providers are contractually obligated to protect your information and may only use it to perform services on our behalf.

4.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of BHA, our members, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Encryption: Data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption

  • Access Controls: Role-based access controls limit who can view or modify personal data

  • Monitoring: Regular security monitoring and audit logging

  • Secure Payment Processing: Payment information is processed by PCI-DSS compliant providers and is never stored on our servers

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

  • Remember your preferences and settings

  • Analyze website traffic and usage patterns

  • Improve website functionality and performance

  • Deliver relevant content

Types of Cookies Used:

  • Essential Cookies: Required for basic website functionality

  • Analytics Cookies: Help us understand how visitors interact with our website

  • Preference Cookies: Remember your settings and choices

You can manage or disable cookies through your browser settings. Disabling cookies may limit your ability to use certain features on our website.

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you

  • Correction: Request that we correct inaccurate or incomplete information

  • Deletion: Request that we delete your personal information, subject to legal and operational requirements

  • Opt-Out of Marketing: Unsubscribe from marketing emails by clicking the "unsubscribe" link in any email, or opt out of text messages by replying STOP

  • Do Not Track: We honor Do Not Track browser signals where technically feasible

7.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information. All categories of personal information exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

To exercise your rights, contact us using the information in Section 12.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law. Specifically:

  • Account Data: Retained for the duration of your relationship with us and 30 days after account deletion

  • Transaction Records: Retained as required by applicable tax and financial regulations

  • Communication Records: Retained for the duration of the relevant program or service

  • Anonymized/Aggregated Data: May be retained indefinitely for analytics and reporting purposes

9. Third-Party Links

Our website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our website and services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete it promptly. If you believe we have inadvertently collected such information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with the updated "Last Updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of our website and services after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how your information is handled, please contact us.

Thank you for trusting the Black Heart Association with your personal information and supporting our mission to improve heart health awareness and save lives.