Privacy Policy

Inmate Health Access Program ("IHAP," "we," "our," or "us") is a 501(c)(3) nonprofit organization based in Fort Lauderdale, Florida. We are committed to protecting your privacy. This Privacy Policy explains what information we collect when you visit ihapusa.org, how we use it, and your rights regarding that information.

By using this website, you agree to the practices described in this Policy.

1. Information We Collect

Information You Provide Directly

When you contact us, make a donation, sign up for updates, or submit a partnership inquiry, we may collect:

• Your name, email address, phone number, and mailing address
• Your organization or employer name
• Information you include in messages or forms submitted to us
• Donation amount and frequency preferences
• Company EIN (if provided for matching gift purposes)

Payment Information

Online donations are processed through Stripe, Inc., a PCI-DSS compliant payment processor. IHAP does not receive, store, or have access to your credit card number, bank account number, or other payment credentials. All payment data is handled directly by Stripe under their privacy policy at stripe.com/privacy.

Information Collected Automatically

When you visit ihapusa.org, our hosting provider (Netlify) may automatically collect standard web log data, including:

• IP address and general geographic region
• Browser type and operating system
• Pages viewed and time spent on the site
• Referring URL (the site you came from)
• Date and time of your visit

This data is used in aggregate to understand how our site is used and to improve the visitor experience. It is not used to identify you personally.

Cookies

Our website may use minimal session cookies necessary for site functionality (such as form submission). We do not use advertising cookies, tracking pixels, or behavioral targeting technologies. You may disable cookies in your browser settings without affecting your ability to access most content on our site.

2. How We Use Your Information

We use the information we collect to:

• Process donations and send tax acknowledgment letters
• Respond to inquiries, partnership requests, and volunteer applications
• Send newsletters, impact updates, and program information (with your consent)
• Facilitate matching gift processing with employers
• Improve our website and communications
• Comply with legal and regulatory requirements applicable to 501(c)(3) organizations

3. How We Share Your Information

IHAP does not sell, rent, trade, or share your personal information with third parties for their marketing purposes. We may share your information only in the following limited circumstances:

• Service Providers: We work with trusted vendors (including Stripe for payment processing and Netlify for web hosting) who access data only as necessary to provide services to IHAP and are bound by confidentiality obligations.
• HealthCred Care LLC: IHAP is an affiliated nonprofit of HealthCred Care LLC. If you request enrollment assistance or are referred for healthcare navigation services, limited contact information may be shared with HealthCred's licensed enrollment agents for the sole purpose of fulfilling that service request. HealthCred does not use your information for marketing unrelated to enrollment assistance.
• Legal Compliance: We may disclose information when required by law, court order, or governmental authority, or to protect the rights, property, or safety of IHAP, our staff, or the public.
• Organizational Transition: In the event of a merger, acquisition, or dissolution of IHAP, donor and contact records may be transferred to a successor charitable organization subject to the same privacy commitments stated here.

4. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Policy and to comply with our legal obligations, including IRS record-keeping requirements for charitable organizations. Donation records are typically retained for a minimum of seven (7) years. You may request deletion of your data at any time (see Section 6).

5. Security

IHAP takes reasonable technical and organizational measures to protect your information from unauthorized access, loss, or misuse. Our website is served over HTTPS/TLS encryption. Payment processing is handled exclusively by Stripe, which maintains PCI-DSS Level 1 compliance — the highest standard in the payments industry.

No method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. Your Rights and Choices

You have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate information.
• Deletion: Request that we delete your personal information, subject to legal retention requirements.
• Opt-Out: Unsubscribe from email communications at any time using the unsubscribe link in any email we send, or by contacting us directly.
• Do Not Sell: We do not sell personal information. This is provided consistent with California Consumer Privacy Act (CCPA) principles for California residents.

To exercise any of these rights, please contact us at info@ihapusa.org. We will respond within 30 days.

7. Children's Privacy

Our website is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has submitted personal information to us, please contact us at info@ihapusa.org and we will promptly delete that information.

8. Third-Party Links

Our website may contain links to third-party websites, including resource directories and partner organizations. These sites have their own privacy policies, and IHAP is not responsible for their practices. We encourage you to review the privacy policy of any site you visit.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" at the top of this page. Material changes will be communicated via a notice on our website. Your continued use of the site after any changes constitutes your acceptance of the revised Policy.

10. Governing Law

This Privacy Policy is governed by the laws of the State of Florida, without regard to its conflict of law provisions. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts located in Broward County, Florida.