Legal

Privacy Policy

We are a privacy nonprofit. We hold ourselves to the highest standard when it comes to how we handle your data — which is to say, we collect as little as possible, and we are transparent about everything we do.

Effective Date

January 1, 2026

Organization

ODIPA — 501(c)(3) Nonprofit

Analytics

Cookieless ✓

Overview

This Privacy Policy explains how ODIPA — Organization for Digital Information Privacy & Awareness ("ODIPA," "we," "us," or "our") collects, uses, and protects information when you visit our website at odipa.org (the "Site") or interact with our programs and services.

As a nonprofit organization whose mission is consumer privacy education and advocacy, we are deeply committed to practicing what we preach. We have deliberately designed our digital infrastructure to minimize data collection, avoid tracking technologies, and respect your privacy by default.

Tracking cookies

Personal data sold

Ad networks used

What We Collect

We collect the absolute minimum information necessary to operate our website and communicate with people who reach out to us. Here is a complete breakdown:

Aggregate website analytics

Page views, referrer source, device type, country — never linked to an individual

Email communications

Only when you contact us directly (e.g., volunteer@odipa.org). We retain only what is needed to respond.

Cookie consent preference

Stored locally in your browser's localStorage — never transmitted to our servers

We do not collect names, email addresses, IP addresses, location data, device identifiers, behavioral profiles, or any other personally identifiable information through the Site itself.

Analytics — Plausible

We use Plausible Analytics, an open-source, privacy-respecting analytics platform based in the European Union. We chose Plausible specifically because it aligns with our mission.

✓

No cookies: Plausible does not use cookies or any persistent identifiers.

✓

No personal data: No IP addresses, device fingerprints, or user profiles are created.

✓

No cross-site tracking: Plausible does not follow you across websites.

✓

GDPR compliant: Fully compliant with GDPR, CCPA, PECR, and other privacy regulations — no consent required.

✓

Data stays in EU: All data is processed and stored on servers in the European Union.

✓

Open source: Plausible's code is publicly auditable on GitHub.

The aggregate data Plausible provides — such as how many people visited the Site today and which pages are most viewed — helps us understand how to better serve our community. No individual is ever identified.

Cookies & Local Storage

This Site does not use tracking cookies, advertising cookies, or any third-party cookies.

The only browser storage we use is localStorage, and only for one purpose:

odipa-cookie-consent

Stores 'accepted' or 'declined' so we don't show the consent banner on every visit. Never transmitted anywhere.

You can clear this at any time by opening your browser's developer tools and clearing localStorage for odipa.org, or by clearing your browser's site data.

Third-Party Services

We use a small number of external services to operate the Site. Each is listed here with its privacy posture:

Service	Purpose	Data Shared	Privacy
Plausible Analytics	Website analytics	Aggregate only — no personal data	✓ Excellent
Azure Static Web Apps	Website hosting	Standard HTTP request logs (IP, timestamp) — retained briefly per Microsoft policy	~ Standard
Google Fonts	Typography	Font file requests only	~ Standard
Unsplash	Stock photography	Image requests only	~ Standard

We do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any other behavioral tracking or advertising technology.

Your Rights

Depending on your location, you may have the following rights regarding your data. Because we collect so little, most of these are simple to exercise:

→

Right to access

You can request a copy of any personal information we hold about you. Since we collect almost none through the Site, this will typically apply only to email correspondence.

→

Right to deletion

You can request that we delete any personal information we hold. Email us at privacy@odipa.org.

→

Right to opt out of analytics

Plausible respects the "Do Not Track" browser setting. You can also install a browser ad-blocker, which will prevent Plausible from counting your visit.

→

Right to withdraw consent

Clear "odipa-cookie-consent" from your browser's localStorage at any time to reset your consent preference.

→

California residents (CCPA)

We do not sell personal information. You have the right to know, delete, and opt out of sale — though we have nothing to opt out of.

→

EU/UK residents (GDPR)

Our legal basis for Plausible analytics is Legitimate Interest, given its cookieless and non-personal nature. You may lodge a complaint with your supervisory authority.

Data Security

Our Site is hosted on Microsoft Azure Static Web Apps, which provides enterprise-grade infrastructure with TLS/HTTPS encryption in transit, DDoS protection, and global CDN delivery. We have configured the following security headers on all responses:

Strict-Transport-Security:max-age=31536000; includeSubDomains

X-Content-Type-Options:nosniff

X-Frame-Options:DENY

X-XSS-Protection:1; mode=block

Referrer-Policy:strict-origin-when-cross-origin

Permissions-Policy:camera=(), microphone=(), geolocation=()

Despite these measures, no transmission over the internet is 100% secure. We encourage you to take steps to protect your own data, including using a strong password manager, enabling two-factor authentication on sensitive accounts, and staying informed through ODIPA's free educational programs.

Children's Privacy

Our Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@odipa.org and we will promptly delete it.

Policy Changes

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and, for material changes, provide prominent notice on the Site.

We encourage you to review this policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy inquiries

privacy@odipa.org

General contact

info@odipa.org

Data deletion requests

privacy@odipa.org

Media & press

press@odipa.org

We are committed to responding to all privacy-related inquiries within 5 business days.

← Back to odipa.org