Legal

Privacy Policy

Last updated: June 28, 2026

1. Who we are

Indian Caucus of Secaucus ("we," "us," or "our") is a registered 501(c)(3) nonprofit organization based in Secaucus, New Jersey, EIN on file with the IRS. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit indiancaucus.org, use our community application on the web or as a mobile app (the "App"), subscribe to our communications, make a donation, attend our events, or otherwise interact with us.

By using our website, the App, or by providing your information, you agree to the practices described in this policy. If you do not agree, please do not use our website, the App, or our services.

2. Information we collect

Information you provide directly

  • Name and email address — when you subscribe to our newsletter, contact us, or register for an event.
  • Phone number — when you optionally provide it through our phone collection campaigns or event registration. By providing your phone number, you expressly consent to receive informational text messages (SMS) and phone calls from Indian Caucus of Secaucus. Message and data rates may apply. You may opt out at any time by replying STOP to any text message or contacting us at the address below.
  • Payment information — when you make a donation or pay for an event sponsorship or vendor spot. All payment transactions are processed by Stripe, Inc. using PCI DSS-compliant encryption. We do not store, transmit, or have access to your full card number, CVV, or bank account details. In-person card transactions at our events are also processed through Stripe.
  • Mailing address — when you optionally add it to your profile, register as a vendor or sponsor, or provide it during event registration or checkout.
  • Message content — when you submit our contact form.
  • Event registration details — name, contact information, and any other information you voluntarily submit when registering for our events.

Information collected automatically

  • Usage data — pages visited, time on site, referring URL, browser type, device type, and operating system, collected via server logs and analytics tools.
  • Cookies and similar technologies — we use session cookies required for site functionality. We also use Vercel Analytics for aggregate, anonymized usage insights. You can disable cookies in your browser settings; doing so may affect certain site functionality.
  • IP address — collected automatically by our hosting provider (Vercel) for security and performance purposes and is not linked to your identity.

Information collected through the community app

  • Account profile — when you create an App account we collect your first and last name, email address, phone number, and (optionally) your mailing address and preferred language, and store a record of the agreements you accept during setup (age confirmation and acceptance of our Community Guidelines and Terms).
  • Identity verification (optional) — to post certain listings such as rentals or job offers, we may ask you to verify your identity through Stripe Identity. Stripe collects and processes your government ID and a selfie directly; we receive only a pass/fail result and a verification reference, and we never store your ID document or selfie.
  • Content you share — posts, comments, photos, event and meetup listings, channel messages, profile details, and any other content you choose to submit. This content may be visible to other members of the community.
  • Direct messages — private one-to-one messages are end-to-end encrypted on your device. We store only the encrypted ciphertext and cannot read the contents of your private messages.
  • Reports and safety signals — if you report content or another member, or block someone, we record that action to operate our safety tools.
  • Notification tokens — if you enable push notifications, we store the device/browser push subscription needed to deliver them. You can turn notifications off at any time in your device or browser settings.

3. How we use your information

  • To send you our newsletter and event announcements (email subscribers only). Every email includes an unsubscribe link as required by the CAN-SPAM Act. You may also unsubscribe at any time at indiancaucus.org/unsubscribe.
  • To send SMS/text messages and make phone calls to individuals who have provided express written consent to receive such communications from us, as required by the Telephone Consumer Protection Act (TCPA).
  • To process donations and issue tax-deductible receipts as required for 501(c)(3) organizations.
  • To respond to contact form inquiries and support requests.
  • To administer events and communicate event-related information to registered participants.
  • To improve our website and understand how visitors use it.
  • To operate the community app — create and secure your account, display your profile and content to other members, deliver push notifications you have enabled, and power community features such as feeds, meetups, channels, and messaging.
  • To keep the community safe. Public posts, comments, and other non-private text are automatically screened for objectionable content using an automated moderation service. We use this, together with member reports, to remove violating content and suspend abusive accounts. Private end-to-end encrypted messages are not readable by us and are not screened.
  • To power optional AI features. If you ask a question to our in-app assistant, the text of your question is sent to our AI provider to generate a response, and we may retain it to improve answers and for human review. We may also send content to an AI or translation provider to translate announcements and messages. These providers process the text only to deliver the feature and do not use it to build advertising profiles.
  • To comply with legal obligations, including New Jersey data breach notification requirements under the New Jersey Identity Theft Prevention Act (N.J.S.A. 56:8-163).

We do not sell, rent, lease, or share your personal information with third parties for their own marketing purposes.

4. Legal basis for processing (GDPR)

For visitors from the European Economic Area or United Kingdom, our legal bases for processing personal data are:

  • Consent — for newsletter subscriptions, SMS communications, and non-essential cookies.
  • Contractual necessity — to process donations and event registrations.
  • Legitimate interests — for website security, fraud prevention, and improving our services, where such interests are not overridden by your rights.
  • Legal obligation — where required by applicable law.

5. SMS and telephone communications (TCPA)

By providing your phone number and expressly opting in, you consent to receive recurring text messages (SMS/MMS) and/or phone calls from Indian Caucus of Secaucus. Messages may include: promotional messages — event announcements, Diwali Mela updates, volunteer opportunities, sponsorship and performer updates, and donation appeals; account and service messages — sign-in verification codes, payment and donation receipts, and event or shift reminders; and customer-care messages — replies to questions and requests you send us.

  • How you opt in: You provide your mobile number through our website forms, event registration forms, volunteer signup forms, sponsorship forms, performer registration forms, community interest forms, or in-person signup sheets at community events. Each form includes consent language explaining that you agree to receive SMS updates, that message frequency varies, that message and data rates may apply, and that you can reply STOP to unsubscribe or HELP for help.
  • Message frequency: Varies — typically 1–4 messages per month, with additional reminders during major event periods.
  • Opt-out: Reply STOP (or STOPALL, STOPEND, UNSUBSCRIBE, CANCEL, END, QUIT, OPTOUT, REMOVE, REVOKE, or ARRET) to any text message to unsubscribe. You will receive a one-time confirmation and no further messages. Reply START (or UNSTOP, YES, JOIN, OPTIN, or SUBSCRIBE) to opt back in.
  • Help: Reply HELP (or INFO), or contact us at the address below, for assistance.
  • Message and data rates may apply depending on your carrier plan.
  • We do not sell or share mobile numbers or SMS consent information with third parties for marketing purposes. Mobile information is shared only with the messaging vendor that helps us deliver these messages, solely for that purpose.
  • Phone and text communications are conducted using Telnyx as our telephony provider. Telnyx operates under its own privacy policy.

6. Third-party service providers

We share personal information only with service providers necessary to operate our organization:

ProviderPurposeData shared
StripePayment processing (online & in-person)Name, email, payment card data (PCI DSS compliant)
Stripe IdentityOptional identity verification to post rentals/jobsGovernment ID & selfie (processed by Stripe; we receive only a pass/fail result)
ResendEmail delivery & newsletter broadcastsName, email address
TelnyxSMS & phone communicationsPhone number, call/message content
EventbriteEvent ticketing & attendee importName & email of ticket buyers (received from Eventbrite)
VercelWebsite & app hosting & infrastructureIP address, usage data
Vercel Postgres (Neon)Subscriber, donation & app member databaseName, email, phone (encrypted at rest)
Vercel BlobPhoto & file storage for the appImages & files you upload
PusherReal-time chat & community messaging deliveryMessage data (private DMs are end-to-end encrypted)
OpenAIContent moderation, in-app AI assistant & translationPublic post/comment text for safety screening; questions you ask the assistant; text to translate
GoogleAddress autocomplete & optional translationPartial address text you type; text to translate
FreshdeskSupport tickets & data/privacy request handlingName, email, message content
Vercel AnalyticsAnonymized usage analyticsAnonymized usage events, no PII
CloudflareBot & spam protection on our forms (Turnstile)IP address, browser & device signals

Each provider operates under its own privacy policy and data processing agreements. We do not authorize any provider to use your data for their own marketing purposes.

Our forms use Cloudflare Turnstile to protect against spam and automated abuse. Turnstile runs invisibly and may collect device and browser information to verify that a visitor is human. Its processing of this data is governed by the Cloudflare Turnstile Privacy Addendum.

7. Data retention

  • Newsletter subscribers: Retained until you unsubscribe, after which your record is marked inactive. You may request complete deletion at any time.
  • Donation records: Retained for a minimum of 7 years as required for nonprofit tax records under IRS guidelines and New Jersey law.
  • Contact form submissions: Retained for up to 2 years.
  • Payment processing records: Stripe retains transaction records per their data retention policy and applicable financial regulations.
  • Website analytics: Anonymized usage data is retained for up to 24 months.

8. Your rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to our legal retention obligations.
  • Opt-out of communications: Unsubscribe from emails via the link in any email, or from SMS by replying STOP.
  • Data portability (GDPR): Receive your data in a structured, machine-readable format.
  • Restriction / objection (GDPR): Object to or restrict certain processing of your data.
  • Delete your App account: If you have a community App account, you can delete it yourself at any time from Profile → Delete my account inside the App. This permanently removes your account and personal profile data, and removes or anonymizes the content you posted. Please note that your App account is separate from our newsletter and contact list: deleting your App account does not automatically unsubscribe you from email or SMS communications, and vice-versa. To also be removed from our newsletter or contact list, use the unsubscribe link in any email, reply STOP to any text, or contact us.

To exercise any of these rights, please contact us. We will respond within 30 days. We will not discriminate against you for exercising any of your privacy rights.

9. California privacy rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), gives you specific rights regarding your personal information. Over the preceding 12 months we may have collected the categories of personal information described in Section 2 (such as identifiers, contact details, payment information processed by Stripe, and internet/usage activity), for the business purposes described in Section 3.

Subject to certain exceptions, California residents have the right to:

  • Know / access — request the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and the categories of third parties with whom we share it.
  • Delete — request deletion of the personal information we collected from you, subject to legal retention obligations (for example, donation and tax records).
  • Correct — request correction of inaccurate personal information.
  • Opt out of the sale or sharing of your personal information, and limit the use of sensitive personal information.
  • Non-discrimination — we will not deny services, charge different prices, or provide a different level of service because you exercised your CCPA/CPRA rights.

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. Because we do not sell or share personal information, we do not offer a "Do Not Sell or Share My Personal Information" link, but you may still contact us with any request. You may exercise these rights, or designate an authorized agent to do so on your behalf, by contacting us. We will verify your request using the contact information associated with your records and respond within the timeframes required by law.

10. International users and global processing

Indian Caucus of Secaucus is based in the United States, and our service providers (including hosting, database, email, and payment processors) primarily store and process data in the United States. If you access our website or the App from outside the United States, you understand and agree that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

We are a local community nonprofit and do not market to or target individuals outside the United States. Regardless of where you are located, we honor the core privacy rights described in this policy — including the rights to access, correct, and delete your information — and we will work in good faith to respond to requests from individuals protected by the EU/UK GDPR, Canada's PIPEDA, and other applicable privacy laws. For European Economic Area and United Kingdom users, the legal bases for our processing are described in Section 4 above. To make any such request, please contact us.

11. Children's privacy (COPPA)

Our website, the App, and our services are not directed to children under the age of 13. Creating an App account requires you to confirm that you are at least 13 years old before you can access the community. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it promptly, as required by the Children's Online Privacy Protection Act (COPPA).

12. Data security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information, including:

  • TLS/HTTPS encryption for all data transmitted to and from our website.
  • Encrypted-at-rest storage for our database via Vercel Postgres (Neon).
  • PCI DSS-compliant payment processing through Stripe — we never transmit or store raw card numbers on our own servers.
  • Access controls limiting dashboard access to authenticated, authorized personnel only.
  • End-to-end encryption for private member-to-member messages, so their contents cannot be read by us or by our service providers.
  • Signed, expiring sign-in tokens for App accounts, with no passwords stored.

In the event of a data breach that materially affects your personal information, we will notify affected individuals as required by the New Jersey Identity Theft Prevention Act (N.J.S.A. 56:8-163) and other applicable law.

13. Do Not Track

Our website does not respond to browser "Do Not Track" signals at this time. We use anonymized analytics only and do not engage in cross-site tracking for advertising purposes.

14. Links to third-party websites

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated date. Material changes will be communicated to newsletter subscribers by email.

16. Contact us

For questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact:

Indian Caucus of Secaucus

Secaucus, New Jersey

support@indiancaucus.org

indiancaucus.org/contact