Skip to content

Privacy Policy

Last updated: March 28, 2026

Who We Are

This website is operated by The Rhoades Institute of Technology (RIT), a Wisconsin 501(c)(3) nonprofit organization. For the purposes of this privacy policy, the data controller is Johnathon Rhoades / The Rhoades Institute of Technology.

What We Collect

We collect almost nothing. Here is the complete list:

  • Contact form submissions: Your name, email address, and message, submitted voluntarily through our contact form. Submissions are sent directly to our email via a Cloudflare Worker β€” no third-party form service stores your data. Only we receive it. We retain contact form data for 90 days after the inquiry is resolved, then delete it.
  • Donation information: When you make a donation, payment processing is handled by Stripe. We do not store your credit card number, bank account details, or other payment credentials on our servers. Stripe collects and processes your payment information in accordance with their privacy policy. We receive only a confirmation of your donation amount, your name, and your email address for receipt and acknowledgment purposes.
  • QR code scan data: QR codes on RIT printed materials link through a URL shortener operated by RIT and hosted on Vercel. When you scan one of our QR codes, we record: the timestamp of your visit, your browser name, operating system, device type (desktop/mobile/tablet), and your approximate geographic region (state and country level only). We store a non-reversible hash of your IP address for deduplication β€” we cannot identify you from this hash. No cookies are set. Raw scan data is retained for 365 days, then aggregated into anonymous totals and purged.
  • Cookie consent preference: Stored locally in your browser (localStorage). Never transmitted to us.

That's it. No analytics. No ad pixels. No fingerprinting. No tracking scripts on this site.

How We Use Your Data

  • Email: To respond to inquiries and send donation receipts. Nothing else.
  • Donation records: To issue tax-deductible receipts as required for a 501(c)(3) organization and to maintain legally required financial records.
  • QR scan data: To measure which outreach materials are effective, understand what platforms our audience uses, and verify that our efforts are reaching our authorized service area (Wisconsin). We never use this data to identify or track individuals.

Data Retention

  • Contact form submissions: 90 days after inquiry is resolved
  • Donation records: 7 years (legally required for 501(c)(3) organizations)
  • QR scan data (raw): 365 days, then aggregated and purged
  • QR scan data (aggregated totals): Retained indefinitely for reporting
  • Cookie consent preference: Stored in your browser until you clear it

Third Parties

We use a limited number of third-party services, each for a specific purpose. We do not sell, rent, or share your data with anyone beyond what is described here.

  • Stripe β€” Processes donations. PCI-DSS compliant. See their privacy policy.
  • Cloudflare Workers + D1 β€” Processes and stores contact form and waitlist/survey submissions. Data is stored in Cloudflare D1 (SQLite at the edge) and a notification is sent to our email. Retained for 90 days after inquiry resolved. See Cloudflare's privacy policy.
  • GitHub Pages β€” Hosts this website. GitHub may log standard web server access data (IP address, user agent) per their privacy statement.
  • Vercel β€” Hosts the QR code redirect service. Vercel processes requests through their serverless infrastructure per their privacy policy.
  • Vercel Postgres (Neon) β€” Stores QR scan analytics data. Data at rest on Vercel's infrastructure.
  • Prisma β€” Database connection pooling for the QR service. Query traffic routes through Prisma's infrastructure.

Cookie Policy

This site uses one item in your browser's local storage: rit_cookie_consent, which remembers whether you accepted or rejected the cookie consent banner. This value never leaves your browser.

We set no tracking cookies, no analytics cookies, and no third-party cookies. The QR code redirect service sets no cookies on end users.

Your Rights

You have the right to:

  • Access any data we hold about you
  • Delete your data at any time
  • Withdraw consent for any communications
  • Export your data in a portable format

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Breach Notification

In the event of a data breach that affects your personal information, RIT will notify affected individuals within 72 hours of becoming aware of the breach. Notification will be sent via email where possible, and a notice will be posted on this website. We will disclose: what happened, what data was affected, what we are doing about it, and what steps you can take.

Do Not Sell My Personal Information

We do not sell your personal information. We never have and never will. This applies to all users regardless of jurisdiction, including under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Children's Privacy

This website is not directed at children under 13. We do not knowingly collect data from children.

Changes to This Policy

If we change this policy, we will update the date at the top of this page. Material changes will be communicated via email to those who have provided their contact information.

Contact

Johnathon Rhoades / The Rhoades Institute of Technology
[email protected]

Rhoades Institute of Technology

A Wisconsin 501(c)(3) nonprofit advancing civic literacy, technology education, and community dialogue.

Support

Help us build tools for civic engagement and digital literacy.

Donate

Β© 2025 Rhoades Institute of Technology. All rights reserved.

This site is built with AI assistance at every stage β€” code, content, translations, and design. If you find an error or inaccurate translation, please let us know β€” screenshots and corrections are appreciated.