Privacy Policy

Effective June 5, 2026 · Last updated June 5, 2026

Faith Foundation Northwest is committed to protecting the privacy of the organizations and individuals we serve. This policy explains what information we collect, how we use it, who we share it with, and the choices you have. Faith Foundation Northwest does not sell user information.

Introduction

Faith Foundation Northwest ("Faith Foundation Northwest", "we", "us", or "our") provides investment, loan, grant, and education services to faith-based organizations and the people who lead and support them. This Privacy Policy explains what information we collect when you visit our website, submit forms, or hold an account or relationship with us, how we use that information, who we share it with, and the choices you have.

Scope

This policy applies to information collected through faith.foundation, our customer portal, our staff portal, and any forms, emails, or SMS messages we send. It does not apply to third-party services we link to.

We Do Not Sell Your Information

Faith Foundation Northwest does not sell, rent, or lease personal information to third parties. This includes contact information, account details, financial information, mobile phone numbers, and any data collected through SMS messaging.

Information We Collect

Information you provide directly

• Contact information — name, email address, phone number, organization, and mailing address.
• Account information — when you create a portal account, your authentication details, profile name, and role within your organization.
• Submission information — responses to forms such as, but not limited to, loan inquiries, investment agreements, withdrawal requests, deposit requests, grant inquiries, stock-gift authorizations, contact inquiries, and questionnaires, including any attachments, financial documents, signatures, or notes you provide.
• Communication content — emails, in-portal messages, comments, and SMS messages you send to or receive from us.
• Payment information — for education-related subscriptions, payment processing is handled by a third-party payment processor. We do not store full card numbers.
• SMS consent records — where you opt in to SMS, we record the date, time, and source of your consent.

Information collected automatically

• Authentication and session data — authentication tokens issued by our identity security provider, sign-in timestamps, and session duration.
• Audit logs — records of actions taken in the portal (submitting, signing, withdrawing, status changes) so we can administer the service and meet compliance obligations.
• Basic device and connection data — IP address, browser type, operating system, and approximate region, used for security and abuse detection.
• Strictly necessary cookies — HttpOnly cookies for authentication. We do not currently use marketing, retargeting, or third-party analytics cookies.

Information from third parties

• Accounting and fund-management system of record — organization profile identifiers, fund balances, and historical transaction summaries for organizations we serve.
• Payment processors — subscription status events for education-related billing.

How We Use Information

• Provide, secure, and improve our services (investments, loans, grants, education).
• Process and underwrite loan applications, grant inquiries, withdrawal requests, deposits, stock gifts, and other submissions.
• Authenticate users and maintain account security.
• Communicate with you about your submissions, account, statements, follow-up, and educational content.
• Send transactional and account notifications by email and (with your consent) SMS.
• Comply with legal obligations including tax reporting, regulatory inquiries, and recordkeeping.
• Detect and prevent fraud, unauthorized access, and abuse.
• Generate aggregate, de-identified analytics about how our services are used.

Legal Bases for Processing

For users in jurisdictions that require an identified legal basis, we process information based on:

• Contract performance — to deliver services you have requested.
• Legal obligation — for tax, regulatory, and recordkeeping requirements.
• Consent — for SMS messaging and any optional features that require it.
• Legitimate interests — for service security, fraud prevention, and improving our services in ways that do not override your rights.

How We Share Information

Categories of service providers

We share the minimum data needed with vendors who help us deliver service. Each provider is bound by contract to use the information only to provide their service to Faith Foundation Northwest and to protect it appropriately. Mobile phone numbers and SMS-related data are excluded from any sharing for marketing or promotional purposes. The categories of service providers we rely on include:

• Hosting, authentication, data storage, and transactional email providers — the underlying cloud infrastructure that runs our website and portal.
• Content management providers — for editing and serving content on our public website.
• Customer relationship management providers — for Faith Foundation Northwest staff to manage relationships with the organizations we serve.
• Accounting and fund-management providers — our system of record for organization funds and transactions.
• Payment processors — for billing related to education subscriptions and other paid services.
• SMS messaging providers — for delivering text messages to users who have opted in.
• Postal mail and courier services — for sending checks and physical documents.

The specific vendors we use may change over time as our operations evolve. Categories listed above represent the types of providers we currently rely on. A list of currently engaged service providers is available on request.

With your organization

If you submit a form on behalf of an organization, the contents of your submission, your role, and the actions you take may be visible to other authorized members of that organization within their portal account.

Legal compliance and protection

We may disclose information when required to comply with a subpoena, court order, regulatory inquiry, or other applicable legal process; to protect the safety of any person; to enforce our terms; or to investigate suspected fraud, security incidents, or violations of law.

With your consent

For any sharing not described above, we ask first.

Business transitions

If Faith Foundation Northwest is involved in a merger, restructuring, or transfer affecting governance of the organization, your information may be transferred to the surviving entity, which will continue to be bound by this policy or will notify you of any changes consistent with applicable law.

SMS Messaging (Mobile Communications)

If you provide a mobile phone number and opt in to SMS communications, Faith Foundation Northwest may send you text messages related to your submissions, account, and follow-up communication from our staff.

Message frequency varies and depends on your interactions with us. Message and data rates may apply. You can opt out of SMS communications at any time by replying STOP to any message. Reply HELP for assistance, or contact us at staff@faith.foundation.

Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. All other categories of information sharing described in this policy continue to apply, except that mobile information collected for SMS messaging is excluded from any sharing for marketing.

No mobile information will be shared with third parties for cross-context behavioral advertising. Sharing with subcontractors that support service delivery (for example, a messaging-platform provider) is permitted; subcontractors are contractually prohibited from using the information for any other purpose.

Data Retention

We keep information for as long as we need it to provide your account and the services you use, maintain financial, tax, and compliance records (typically a minimum of seven years for transactional records), and resolve disputes or enforce our agreements. When records are no longer needed, we delete, archive in restricted storage, or anonymize them.

Security

We use industry-standard measures to protect your information, including encryption in transit (TLS) and at rest, role-scoped access controls following the principle of least privilege, audit logging of staff actions, and isolated storage of authentication credentials with our identity provider. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security, but we work to maintain protections consistent with the sensitivity of the information we hold.

Your Rights

Depending on your location, you may have the right to:

• Access — request a copy of the personal information we hold about you.
• Correct — ask us to fix inaccurate or incomplete information.
• Delete — ask us to remove information we no longer need (note that legal, tax, or compliance records may need to be retained even after a deletion request).
• Opt out — withdraw consent to SMS, marketing emails, or other optional communications at any time.
• Portability — receive certain information in a portable format.
• Non-discrimination — exercise any of these rights without penalty.

To exercise these rights, email staff@faith.foundation with "Privacy Request" in the subject line. We may need to verify your identity before fulfilling a request, and we respond within the timeframes required by applicable law.

California residents (CCPA / CPRA)

California residents are entitled to the rights above. Because we do not sell or share personal information for cross-context behavioral advertising, we do not display a "Do Not Sell or Share" link. We honor Global Privacy Control signals where applicable.

Children’s Privacy

Our services are designed for organizations and adults acting on their behalf. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, please contact us and we will delete it.

Cookies

We use only strictly necessary cookies to operate the authentication flow and maintain your session. We do not currently use advertising, retargeting, or third-party analytics cookies. If we introduce additional cookies in the future, we will update this policy and provide appropriate notice.

Third-Party Links

Our website may link to third-party sites, including educational resources, denominational websites, and payment processors. We are not responsible for the privacy practices of those sites; please review their policies before submitting information to them.

International Users

Faith Foundation Northwest operates in the United States, and information you provide may be transferred to and stored on infrastructure located in the United States. By using our services, you understand that we will process information in the U.S. consistent with this policy.

Changes to This Policy

We may update this policy as our services evolve or as laws change. We will post any updated version on this page with a new effective date. If changes are significant, we will notify you by email or in-portal notification before they take effect.

Contact Us

Faith Foundation Northwest

PO Box 656, Cashmere, WA 98815

(800) 488-4179

staff@faith.foundation

For privacy-specific requests, email staff@faith.foundation and include "Privacy Request" in the subject line.