1. Who we are
Indian Caucus of Secaucus ("we," "us," or "our") is a registered 501(c)(3) nonprofit organization based in Secaucus, New Jersey, EIN on file with the IRS. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit indiancaucus.org, subscribe to our communications, make a donation, attend our events, or otherwise interact with us.
By using our website or providing your information, you agree to the practices described in this policy. If you do not agree, please do not use our website or services.
2. Information we collect
Information you provide directly
- Name and email address — when you subscribe to our newsletter, contact us, or register for an event.
- Phone number — when you optionally provide it through our phone collection campaigns or event registration. By providing your phone number, you expressly consent to receive informational text messages (SMS) and phone calls from Indian Caucus of Secaucus. Message and data rates may apply. You may opt out at any time by replying STOP to any text message or contacting us at the address below.
- Payment information — when you make a donation or pay for an event sponsorship or vendor spot. All payment transactions are processed by Stripe, Inc. using PCI DSS-compliant encryption. We do not store, transmit, or have access to your full card number, CVV, or bank account details. In-person card transactions at our events are also processed through Stripe.
- Message content — when you submit our contact form.
- Event registration details — name, contact information, and any other information you voluntarily submit when registering for our events.
Information collected automatically
- Usage data — pages visited, time on site, referring URL, browser type, device type, and operating system, collected via server logs and analytics tools.
- Cookies and similar technologies — we use session cookies required for site functionality. We also use PostHog (product analytics and session replays, with all form inputs masked so we never capture what you type) and Vercel Analytics for aggregate, anonymized usage insights. You can disable cookies in your browser settings; doing so may affect certain site functionality.
- IP address — collected automatically by our hosting provider (Vercel) for security and performance purposes and is not linked to your identity.
3. How we use your information
- To send you our newsletter and event announcements (email subscribers only). Every email includes an unsubscribe link as required by the CAN-SPAM Act. You may also unsubscribe at any time at indiancaucus.org/unsubscribe.
- To send SMS/text messages and make phone calls to individuals who have provided express written consent to receive such communications from us, as required by the Telephone Consumer Protection Act (TCPA).
- To process donations and issue tax-deductible receipts as required for 501(c)(3) organizations.
- To respond to contact form inquiries and support requests.
- To administer events and communicate event-related information to registered participants.
- To improve our website and understand how visitors use it.
- To comply with legal obligations, including New Jersey data breach notification requirements under the New Jersey Identity Theft Prevention Act (N.J.S.A. 56:8-163).
We do not sell, rent, lease, or share your personal information with third parties for their own marketing purposes.
4. Legal basis for processing (GDPR)
For visitors from the European Economic Area or United Kingdom, our legal bases for processing personal data are:
- Consent — for newsletter subscriptions, SMS communications, and non-essential cookies.
- Contractual necessity — to process donations and event registrations.
- Legitimate interests — for website security, fraud prevention, and improving our services, where such interests are not overridden by your rights.
- Legal obligation — where required by applicable law.
5. SMS and telephone communications (TCPA)
By providing your phone number and expressly opting in, you consent to receive recurring informational text messages (SMS/MMS) and/or phone calls from Indian Caucus of Secaucus. Messages may include community event announcements, Diwali Mela updates, volunteer opportunities, sponsorship follow-ups, performer registration reminders, meeting reminders, and event-day logistics.
- How you opt in: You provide your mobile number through our website forms, event registration forms, volunteer signup forms, sponsorship forms, performer registration forms, community interest forms, or in-person signup sheets at community events. Each form includes consent language explaining that you agree to receive SMS updates, that message frequency varies, that message and data rates may apply, and that you can reply STOP to unsubscribe or HELP for help.
- Message frequency: Varies — typically 1–4 messages per month, with additional reminders during major event periods.
- Opt-out: Reply STOP (or UNSUBSCRIBE, CANCEL, END, or QUIT) to any text message to unsubscribe. You will receive a one-time confirmation and no further messages. Reply START (or YES or JOIN) to opt back in.
- Help: Reply HELP (or INFO), or contact us at the address below, for assistance.
- Message and data rates may apply depending on your carrier plan.
- We do not sell or share mobile numbers or SMS consent information with third parties for marketing purposes. Mobile information is shared only with the messaging vendor that helps us deliver these messages, solely for that purpose.
- Phone and text communications are conducted using Telnyx as our telephony provider. Telnyx operates under its own privacy policy.
6. Third-party service providers
We share personal information only with service providers necessary to operate our organization:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing (online & in-person) | Name, email, payment card data (PCI DSS compliant) |
| Resend | Email delivery & newsletter broadcasts | Name, email address |
| Telnyx | SMS & phone communications | Phone number, call/message content |
| Vercel | Website hosting & infrastructure | IP address, usage data |
| Vercel Postgres (Neon) | Subscriber & donation database | Name, email, phone (encrypted at rest) |
| PostHog | Product analytics, A/B testing & session replay (inputs masked) | Anonymized usage events & masked recordings, no PII |
| Vercel Analytics | Anonymized usage analytics | Anonymized usage events, no PII |
| Cloudflare | Bot & spam protection on our forms (Turnstile) | IP address, browser & device signals |
Each provider operates under its own privacy policy and data processing agreements. We do not authorize any provider to use your data for their own marketing purposes.
Our forms use Cloudflare Turnstile to protect against spam and automated abuse. Turnstile runs invisibly and may collect device and browser information to verify that a visitor is human. Its processing of this data is governed by the Cloudflare Turnstile Privacy Addendum.
7. Data retention
- Newsletter subscribers: Retained until you unsubscribe, after which your record is marked inactive. You may request complete deletion at any time.
- Donation records: Retained for a minimum of 7 years as required for nonprofit tax records under IRS guidelines and New Jersey law.
- Contact form submissions: Retained for up to 2 years.
- Payment processing records: Stripe retains transaction records per their data retention policy and applicable financial regulations.
- Website analytics: Anonymized usage data is retained for up to 24 months.
8. Your rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to our legal retention obligations.
- Opt-out of communications: Unsubscribe from emails via the link in any email, or from SMS by replying STOP.
- Data portability (GDPR): Receive your data in a structured, machine-readable format.
- Restriction / objection (GDPR): Object to or restrict certain processing of your data.
To exercise any of these rights, please contact us. We will respond within 30 days.
9. Children's privacy (COPPA)
Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it promptly, as required by the Children's Online Privacy Protection Act (COPPA).
10. Data security
We implement reasonable administrative, technical, and physical safeguards to protect your personal information, including:
- TLS/HTTPS encryption for all data transmitted to and from our website.
- Encrypted-at-rest storage for our database via Vercel Postgres (Neon).
- PCI DSS-compliant payment processing through Stripe — we never transmit or store raw card numbers on our own servers.
- Access controls limiting dashboard access to authenticated, authorized personnel only.
In the event of a data breach that materially affects your personal information, we will notify affected individuals as required by the New Jersey Identity Theft Prevention Act (N.J.S.A. 56:8-163) and other applicable law.
11. Do Not Track
Our website does not respond to browser "Do Not Track" signals at this time. We use anonymized analytics only and do not engage in cross-site tracking for advertising purposes.
12. Links to third-party websites
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated date. Material changes will be communicated to newsletter subscribers by email.
14. Contact us
For questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact: