1.1 OHRYA Foundation, Inc. ("OHRYA," "we," "us," "our") operates the OHRYA platform at www.ohrya.org (the "Platform").
1.2 This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Platform.
1.3 By using the Platform, you consent to the data practices described in this Privacy Policy.
1.4 This Privacy Policy is incorporated into and subject to the OHRYA Terms of Service.
Account Information: Full legal name, Email address, Password (encrypted), Phone number (optional), Mailing address
Contribution Information: Payment card details (tokenized by processor; we do NOT store full card numbers), Billing address, Contribution amount and date, Campaign selection, Pledge or donation confirmation
Voting & Advocacy Information: Nonprofit voting preferences, Social Impact Score (SIS) activity, Referral links and conversions, Social media connections (if you link accounts), Advocacy content you create or share
Communications: Messages sent to hello@ohrya.org , Support requests, Feedback and survey responses, Newsletter subscriptions
Alternative Method of Entry (AMOE): Information submitted via mail or web form for free participation
Usage Data: Pages viewed and features used, Time spent on Platform, Click patterns and navigation paths, Campaign pages visited, Referral sources (how you found OHRYA)
Device & Technical Information: IP address, Browser type and version, Operating system, Device identifiers (mobile device ID, advertising ID), Screen resolution, Time zone and language settings
Cookies & Tracking Technologies: Session cookies (essential for Platform function), Analytics cookies (Google Analytics, if used), Preference cookies (remember your settings), See Section 9 for detailed cookie information
Payment Processors (Stripe, PayPal, etc.): Transaction confirmations, Payment success/failure status, Processor-assigned transaction IDs, We do NOT receive your full payment card numbers
Social Media Platforms: If you connect Facebook, Twitter, Instagram, or other accounts to track SIS, We receive: username, follower count, public post data, engagement metrics, We do NOT post on your behalf without explicit permission
Data Verification Services: Email verification services (to prevent fraud), IP geolocation services (to verify eligibility), Identity verification (for high-value contributions, if required by law)
To Process Contributions: Charge pledges or donations, Issue tax-deductible receipts, Process refunds (if campaign threshold not met), Maintain contribution records for IRS compliance
To Manage Campaigns: Display nonprofit options, Count and certify votes, Calculate Social Impact Scores (SIS), Determine Luminary recognition, Disburse grants to winning nonprofits
To Enable Advocacy: Track referral conversions, Measure social media engagement, Calculate SIS using FairFluence algorithm, Display leaderboards (anonymized or identified, per your settings)
Transactional Emails (you CANNOT opt out): Contribution confirmations and tax receipts, Voting confirmations, Campaign results and grant disbursements, AMOE entry confirmations, Refund notifications, Account security alerts
Marketing Emails (you CAN opt out): New campaign announcements, Campaign updates and milestones, SIS leaderboard updates, Luminary recognition announcements, Platform news and feature updates
Analyze usage patterns to improve Platform, Identify and fix technical issues, A/B test new features, Optimize campaign performance, Research user behavior and preferences
Compliance: Comply with IRS reporting requirements (Form 990), Meet state charitable solicitation registration obligations, Respond to legal requests (subpoenas, court orders), Maintain records for audits
Fraud Prevention & Security: Detect and prevent fraudulent contributions, Identify bot activity and SIS manipulation, Enforce Terms of Service, Protect Platform integrity, Monitor for unauthorized access
OHRYA publishes anonymized campaign data to the Algorand blockchain for public transparency: Published Data: Campaign ID and threshold amount, Total contributions (aggregate, not individual), Nonprofit vote tallies, Winning nonprofit name, Grant amount and disbursement date, SIS leaderboards (User-ID hashes only, NOT names)
Never published to blockchain: Your full name or real identity, Email address or contact information, Individual contribution amounts, Payment card information, Physical address, Any personally identifiable information (PII)
Blockchain data uses cryptographic hashes (e.g., User-12abc3def456) instead of real names.
Only you and OHRYA can link your User-ID hash to your real identity. The public cannot.
Critical Notice: Once data is published to the Algorand blockchain, it cannot be modified or deleted.
This ensures: Permanent public record of campaign results, Protection against data manipulation, Verifiable transparency
Implication for privacy rights: Blockchain data is NOT subject to deletion requests under GDPR "right to be forgotten" or similar laws, because:
OHRYA does not sell, rent, or trade your personal information to third parties for marketing purposes.
If your chosen nonprofit wins the campaign, we share with them: Your name, Contribution amount, Email address (if you consent), Date of contribution
Purpose: So they can thank you, issue their own acknowledgment, and include you in their donor records.
Your control: You may opt out of nonprofit data sharing during the contribution process.
We share information with trusted vendors who help us operate the Platform:
Payment Processors (Stripe, PayPal, etc.): Name, email, payment details, They process payments on our behalf, Subject to their own privacy policies
Cloud Hosting (AWS, Google Cloud, etc.): All Platform data stored on secure cloud servers, Subject to industry-standard security (encryption, access controls)
Email Service Providers (SendGrid, Mailchimp, etc.): Email addresses, names, campaign preferences, To send transactional and marketing emails
Analytics Providers (Google Analytics, etc.): Anonymized usage data, To measure Platform performance
Blockchain Infrastructure (Algorand): Anonymized campaign data only, Published to public blockchain
Identity Verification (if required for high-value contributions): Name, address, date of birth (as required by law), To comply with anti-money laundering (AML) regulations
All service providers are contractually required to: Use data only for specified purposes, Maintain confidentiality and security, Not sell or misuse data
We may disclose your information to: Comply with legal obligations (tax reporting, IRS audits), Respond to subpoenas, court orders, or government requests, Investigate fraud or suspected illegal activity, Protect OHRYA's rights, property, or safety, Enforce our Terms of Service
If OHRYA is involved in a merger, acquisition, asset sale, or bankruptcy: Your information may be transferred as part of that transaction, We will notify you via email and Platform notice, The acquiring entity will be bound by this Privacy Policy
You may request a copy of all personal information we hold about you.
How: Email hello@ohrya.org with subject "Data Access Request"
Response time: Within 30 days
Format: Provided as PDF or CSV file
You may update or correct inaccurate information.
How: Log into your account and edit profile, OR email hello@ohrya.org
Limitations: You cannot change contribution history (IRS records must be accurate)
You may request deletion of your account and personal information.
How: Email hello@ohrya.org with subject "Account Deletion Request"
What we delete: Account credentials, Contact information, Non-essential usage data
What we CANNOT delete: Contribution records (IRS requires 7-year retention), Blockchain data (technically impossible to delete), Records required for legal compliance or dispute resolution
Timeline: Account deactivated within 5 business days; full deletion within 30 days (except retained records)
How: Click "Unsubscribe" at the bottom of any marketing email, Log into your account → Settings → Email Preferences, Email hello@ohrya.org with "Unsubscribe" request
Effect: You will stop receiving marketing emails but will continue to receive transactional emails (receipts, voting confirmations, etc.)
During the contribution process, you can check a box to opt out of having your information shared with the winning nonprofit.
Effect: Nonprofit will not receive your name, email, or contribution details.
Note: You will still receive a tax receipt from OHRYA Foundation.
See Section 9 for how to control cookies through your browser settings.
Encryption: TLS 1.3 encryption for all data in transit (HTTPS), AES-256 encryption for sensitive data at rest, Payment card data tokenized (we never see full card numbers)
Access Controls: Multi-factor authentication for OHRYA staff, Role-based access (staff only see data they need), Regular access audits
Infrastructure Security: Secure cloud hosting (AWS, Google Cloud), Firewall protection, Intrusion detection systems, Regular security updates and patches
Monitoring: 24/7 automated security monitoring, Alert systems for suspicious activity, Regular penetration testing
To keep your account secure: Use a strong, unique password, Do not share your password with anyone, Log out on shared devices, Enable two-factor authentication (if available), Report suspicious activity immediately to hello@ohrya.org
While we implement industry-standard security, no system is 100% secure.
We cannot guarantee: That unauthorized access will never occur, That data breaches are impossible, That third-party services (payment processors, cloud providers) are perfectly secure
In the event of a data breach, we will: Notify affected users within 72 hours (or as required by law), Report to relevant authorities (FTC, state AGs), Take immediate action to contain and remedy the breach
Active Accounts: Retained for as long as your account is active
After Account Deletion: Most data deleted within 30 days, Exceptions: see below
Contribution Records: Retained for 7 years after contribution (IRS requirement), Includes: name, amount, date, campaign, tax receipt
Legal & Compliance Records: Retained as required by law (tax, charitable solicitation, anti-fraud), Typical retention: 7 years
Blockchain Data: Permanent (cannot be deleted due to blockchain immutability), Only anonymized data is published (see Section 4)
Dispute Resolution: Records related to disputes, legal claims, or Terms violations retained until resolved
Once the required retention period expires: Data is securely deleted or anonymized, Backups are purged, Exceptions: blockchain data (permanent), aggregate anonymous statistics (may be retained indefinitely)
Cookies are small text files stored on your device by your browser. They help us recognize you, remember your preferences, and improve your experience.
Essential Cookies (cannot be disabled): Session management (keeps you logged in), Security (protects against CSRF attacks), Load balancing (distributes server load)
Analytics Cookies (can be disabled): Google Analytics (if used), Tracks page views, bounce rates, user flows, Helps us improve Platform
Preference Cookies (can be disabled): Remember your language, time zone, display settings, Improve your user experience
Advertising Cookies (if we ever use ads): Currently NOT used, If used in future, we will update this Policy and request consent
Browser Settings: Most browsers let you refuse cookies or delete existing cookies, Chrome: Settings → Privacy & Security → Cookies, Safari: Preferences → Privacy → Cookies, Firefox: Options → Privacy & Security → Cookies
Effect of Disabling Cookies: Platform may not function properly, You may need to re-enter login credentials, Preferences will not be saved
Do Not Track (DNT): Some browsers offer "Do Not Track" signals, OHRYA currently does not respond to DNT signals, We treat all users' data the same regardless of DNT settings
When you use the Platform, third-party services (Google Analytics, payment processors) may set their own cookies.
We do not control third-party cookies. Please review their privacy policies: Google Analytics: https://policies.google.com/privacy , Stripe: https://stripe.com/privacy , PayPal: https://www.paypal.com/privacy
The Platform is NOT intended for individuals under 18 years of age.
We do not knowingly collect personal information from children under 13.
If we discover we have collected information from a child under 13 without verifiable parental consent, we will delete that information immediately.
If you believe your child has provided information to OHRYA without your consent: Contact us immediately at hello@ohrya.org , We will verify the situation and delete the information
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
You may request disclosure of: Categories of personal information collected, Specific pieces of personal information we hold, Sources of personal information, Purposes for collecting or sharing information, Categories of third parties with whom we share information
You may request deletion of your personal information, subject to exceptions: Legal obligations (IRS 7-year retention), Fraud prevention and security, Blockchain immutability (see Section 4.4)
We do NOT sell personal information. This right does not apply to OHRYA.
We will not discriminate against you for exercising your CCPA rights: Same prices and services for all, No denial of goods or services, No different quality of service
Contact us: hello@ohrya.org
Subject line: “CCPA Request”
Include: Your name, email, specific request (access, delete, etc.)
Verification: We will verify your identity before processing requests (to prevent fraud)
Response time: Within 45 days (may extend 45 additional days if complex)
You may designate an authorized agent to make CCPA requests on your behalf.
Requirements: Written authorization from you, Proof of agent’s identity, We may still require direct verification from you
If you are in the European Union, European Economic Area, or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):
We process your personal data based on:
Consent: You provided explicit consent (e.g., marketing emails)
Contract: Processing is necessary to fulfill our services (contributions, voting, SIS)
Legitimate Interests: Fraud prevention, Platform security and integrity, Analytics and improvement
Legal Obligation: IRS reporting, Anti-money laundering compliance, Response to legal requests
Right to Access: Request a copy of your data
Right to Rectification: Correct inaccurate data
Right to Erasure ("Right to be Forgotten"): Request deletion, subject to exceptions (IRS retention, blockchain immutability)
Right to Restrict Processing: Limit how we use your data (while verifying accuracy, etc.)
Right to Data Portability: Receive your data in machine-readable format (CSV, JSON)
Right to Object: Object to processing based on legitimate interests, We will stop unless we have compelling legitimate grounds
Right to Withdraw Consent: For consent-based processing (marketing emails), Does not affect past processing
Right to Lodge a Complaint: With your local data protection authority (DPA)
Contact: hello@ohrya.org
Subject: "GDPR Request"
Include: Your name, email, specific right you wish to exercise
Response time: Within 30 days
OHRYA is based in the United States. If you are in the EU/EEA/UK: Your data may be transferred to and processed in the U.S., U.S. privacy laws may differ from EU laws, By using the Platform, you consent to this transfer
Safeguards: We use standard contractual clauses (SCCs) with service providers, We implement adequate security measures
For GDPR-related inquiries, you may contact: hello@ohrya.org
OHRYA is headquartered in Florida, USA. All Platform operations and data processing occur in the United States.
If you access the Platform from outside the United States: Your information will be transferred to, stored, and processed in the U.S., U.S. data protection laws may differ from your country’s laws, By using the Platform, you consent to this transfer
We implement appropriate safeguards for international data transfers: Standard contractual clauses (SCCs), Encryption and security measures, Compliance with applicable data protection laws
The Platform may contain links to third-party websites, services, or social media platforms.
We are NOT responsible for: Content or practices of third-party sites, Privacy policies of external services, Security of third-party platforms
Recommendation: Review the privacy policies of any third-party sites you visit.
If you connect social media accounts (Facebook, Twitter, Instagram) to track SIS: You authorize us to access certain public data (followers, posts, engagement), Subject to that platform's privacy policy and terms, You can disconnect social accounts at any time
OHRYA reserves the right to update this Privacy Policy at any time.
Material changes will be communicated via: Prominent notice on the Platform (banner or pop-up), Email notification to registered users, Updated "Last Updated" date at the top of this Policy
Your continued use of the Platform after changes are posted constitutes acceptance of the revised Privacy Policy.
If you do not agree to changes, you must stop using the Platform and may request account deletion.
Previous versions of this Privacy Policy may be requested by emailing hello@ohrya.org .
For questions, concerns, or requests regarding this Privacy Policy or your personal information:
OHRYA Foundation, Inc.
401 E. Las Olas Blvd., Suite 130-319
Fort Lauderdale, FL 33301
For Specific Requests:
Data Access: Subject line "Data Access Request"
Data Deletion: Subject line "Account Deletion Request"
Opt-Out: Subject line "Unsubscribe" or click link in emails
CCPA Requests: Subject line "CCPA Request"
GDPR Requests: Subject line "GDPR Request"
Security Issues: Subject line "URGENT: Security Issue"
This Privacy Policy is effective as of February 24, 2026
By using the OHRYA Platform on or after this date, you acknowledge that you have read, understood, and agree to this Privacy Policy.