Donate
HomeAboutResearchDonateLighthouse AACDonate
Privacy

What we collect: nothing.

We do not run advertising. We do not sell data. We do not load third-party tracking scripts on this website. This page is the honest list of what that means in practice.

Last updatedJune 9, 2026

What we collect: nothing.

No third-party trackers. No fingerprinting. We do not run advertising on this site and we do not sell data. The only cookies on this site are first-party, set by us: one remembers your region so we can honour the no-cookies-for-EU/UK promise, one remembers your language if you choose a non-default one, and, for visitors outside the EU/UK only, one records a Google Ads click so we can credit the ad if you later donate.

Specifically, this site does not load:

  • Meta Pixel or any other Meta advertising tag
  • Google Analytics, Google Tag Manager, or any Google site tag
  • LinkedIn Insight Tag
  • TikTok Pixel or X (Twitter) Pixel
  • Hotjar, Amplitude, Mixpanel, Segment, PostHog, or comparable behavioural analytics

If you arrive on this site by clicking a Google Search Ad, your browser includes a Google click ID in the URL. We record that click ID in a first-party cookie for up to 90 days so that, if you later donate, we can let Google know the ad worked. No Google tracking script runs on this site, and the cookie is not shared with any third party other than Google’s offline conversion API at donation time.

We do load one first-party measurement script: Cloudflare Web Analytics. It is cookieless, does not fingerprint, does not collect personal data, and does not share data with any third party. It tells us which pages are viewed and from which countries. We use it because Cloudflare already hosts the site, and because we need a way to learn what families find useful. The beacon is served from static.cloudflareinsights.com.

What our infrastructure providers see.

We use a small set of providers to keep the site online and the donation flow working. Each follows their own privacy policy, and we link them honestly so you can audit them yourself.

  • Cloudflare

    Hosts this website. Their edge logs include standard request data (your IP address, user agent, the path you requested) for security and abuse prevention, retained briefly per their privacy policy.

    Privacy policy
  • Cloudflare Web Analytics

    First-party page-view measurement. Cookieless, no fingerprinting, no personal data, no sharing with third parties. Tells us which pages are viewed and from which countries.

    Privacy policy
  • Stripe

    Processes card donations when you give by card. The donation form is hosted by Stripe on their own domain. Stripe collects donor name, email, billing address, and card details directly on their hosted Payment Link; this data never reaches Kinder Horizon Foundation servers. Stripe's standard terms include a GDPR Article 28-compliant Data Processing Agreement covering EU and UK resident transactions, with international transfers protected under the EU-US Data Privacy Framework and Standard Contractual Clauses.

    Privacy policy
  • Zeffy

    When you make a donation to Kinder Horizon Foundation via our website, the transaction is securely handled on a hosted platform powered by Zeffy. Zeffy collects and processes donor personal information (such as name, email, and transaction amount) under its own platform terms and privacy policy, which explicitly state compliance with the GDPR and UK GDPR. Kinder Horizon Foundation receives transaction confirmation data from Zeffy to process financial records and fulfill compliance obligations under GDPR Article 6(1)(b) (contractual necessity for donation processing). Personal financial or credit card numbers are never transmitted to or processed by Kinder Horizon Foundation servers.

    Privacy policy
  • Google Workspace

    Handles email at our @kinderhorizon.org domain. If you write to us, your message is stored in Workspace and their privacy policy applies.

    Privacy policy

Children.

The Foundation exists to build communication tools for non-speaking children, but this website is not directed at children and does not knowingly collect personal data from children under the digital consent age applicable in their jurisdiction (between 13 and 16 depending on country, including 13 in the United Kingdom and Canada under PIPEDA). Lighthouse AAC, when released, will run on the family’s device. The app will not transmit child data, will not require an account, and will not include analytics. If you believe a child has provided personal data to this website, please contact us and we will delete the record.

Notice for visitors in the European Economic Area, United Kingdom, and Switzerland.

This section applies if you visit our website from the European Union, the United Kingdom, the wider European Economic Area, or Switzerland. We provide it to satisfy our transparency obligations under the General Data Protection Regulation (Regulation (EU) 2016/679), the UK General Data Protection Regulation, and the Swiss Federal Act on Data Protection.

Data controller.

Kinder Horizon Foundation, a Canadian nonprofit incorporated as a British Columbia Society (S0085100), based in Langford, British Columbia, Canada, is the data controller for personal data processed via this website. For data protection inquiries, write to privacy@kinderhorizon.org. We answer privacy emails personally and respond within 30 days as required by Article 12(3) of the GDPR.

Lawful basis for processing.

We process personal data under the following lawful bases:

  • Donation processing (your name, email, billing address, and payment information when you donate): Article 6(1)(b), contractual necessity. The donation form is hosted by Stripe or Zeffy on their respective domains and these processors apply their own privacy commitments.
  • Email correspondence (when you write to us): Article 6(1)(b) and Article 6(1)(f), legitimate interest in answering your message.
  • Server logs and IP addresses (collected by Cloudflare for security, abuse prevention, and rate limiting): Article 6(1)(f), legitimate interest in operating and protecting the service.
  • Marketing attribution (Google Ads click identifier, when applicable): Article 6(1)(a), consent. We do not set this cookie for visitors arriving from EU, UK, EEA, or Swiss IP addresses.

Your rights.

If we hold personal data about you, you have the following rights under the GDPR and UK GDPR. To exercise any of these rights, write to privacy@kinderhorizon.org. We may ask you to verify your identity before responding.

  • Right of access (Article 15): obtain a copy of the personal data we hold about you.
  • Right to rectification (Article 16): correct inaccurate or incomplete data.
  • Right to erasure (Article 17): ask us to delete your data, subject to legal record-keeping obligations.
  • Right to restriction (Article 18): limit how we use your data while a question is being resolved.
  • Right to data portability (Article 20): receive your data in a machine-readable format.
  • Right to object (Article 21): object to processing based on legitimate interest.
  • Right to withdraw consent (Article 7(3)): where processing is based on consent, withdraw it at any time.

Email privacy@kinderhorizon.org

Retention.

We hold personal data only for as long as we need it, then delete it.

  • Donation transaction records: up to 7 years, as required by Canadian financial and tax record-keeping rules.
  • Email correspondence: retained while the conversation is active and for a reasonable period after, typically up to 2 years.
  • Cloudflare server logs (including IP addresses): held briefly per Cloudflare's standard retention, typically 7 to 30 days.
  • Google Ads click identifier cookie (non-EU/UK visitors only): up to 90 days from the originating click.

International data transfers.

Some of our processors (Stripe, Cloudflare, Google) are headquartered in the United States. Data transferred to the United States is protected under the EU-US Data Privacy Framework adequacy decision and, as a fallback, the European Commission's Standard Contractual Clauses (Module 2 transfers), both of which are incorporated into each processor's standard terms. Personal data held by Kinder Horizon Foundation itself sits in Canada, which has a formal adequacy decision from the European Commission for cross-border data transfers.

Server logs and IP addresses.

Cloudflare, which hosts and protects this website, logs request data including IP address, user agent, and the path requested. This logging exists for security purposes (denial-of-service mitigation, rate limiting, abuse detection) and is the standard infrastructure log used by any modern web service. We rely on legitimate interest (Article 6(1)(f)) as the lawful basis. IP addresses in these logs are considered personal data; we do not have direct access to them and rely on Cloudflare's standard retention (typically 7 to 30 days).

Client-side storage.

We set one strictly necessary cookie on every page load, named khf_geo, which holds the value "gdpr" or "default" derived from your country at the network edge. Its only purpose is to signal to our website code whether to suppress other (non-essential) storage and tracking; without it we could not honour the no-cookies-for-EU/UK promise above. If you view the site in a language other than the default, or change the language yourself, we also set a functional cookie named NEXT_LOCALE that remembers that choice. Neither cookie contains personal data, an identifier, or any behavioural information. Both are permitted without consent under the strictly-necessary and user-preference exemptions of the ePrivacy Directive (Article 5(3)) and equivalent UK rules.

Right to lodge a complaint.

If you believe our processing of your personal data violates the GDPR or UK GDPR, you have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ico.org.uk). In the European Union, you may contact the data protection authority in your country of residence; a directory is maintained by the European Data Protection Board at edpb.europa.eu. In Switzerland, the Federal Data Protection and Information Commissioner is the supervisory authority (edoeb.admin.ch).

Contact.

For any privacy question, write to privacy@kinderhorizon.org. We answer every privacy email personally and respond within 30 days. General questions can still go to info@kinderhorizon.org.

Email privacy@kinderhorizon.org