Privacy Practices

Many organizations and companies maintain a privacy policy on their websites attempting to explain how information about users will be collected and used. Often, these policies are written in a language that appears to be a hard-to-understand dialect of English we like to call corporate mumbo-jumbo.

We’re different. We describe our privacy practices in plain English.

Your privacy is important to us…

Many privacy “policies” begin with the words, Your privacy is important to us (or a variant); sometimes those words appear later on as a heading or subheading. At NPI, we believe in practicing what we preach. While we cannot make any guarantees with respect to user privacy, we do work hard to safeguard the information we collect and we are passionate advocates for privacy and user consent online.

For the purposes of this document , “we”, “our”, and “NPI” refer to NPI’s staff, board of directors, interns, attorneys, and volunteers.

Feel free to browse anonymously

You are welcome to peruse our network — including this website and every other website we operate — anonymously. We will not collect any personally identifiable information unless you choose to share it with us. NPI will never sell, rent, or trade any personally identifiable information that you do share with us. Nor we will we share such information without your written consent, except for the purpose of processing a credit card payment, or unless we are required to by a court order.

What we collect by default

When you access our network, you automatically transit several bits of non-personally identifiable information to our server, including:

  • IP address (a number that identifies the computer you are using)
  • Operating system (for instance, Windows, Mac, or a GNU/Linux distribution)
  • Browser (like Mozilla Firefox, Google’s Chrome, Apple’s Safari, or Microsoft’s Edge)

You share the same bits of information listed above with every website that you visit, not just ours. We aggregate and analyze this information from our server logs to monitor our network security, measure traffic, and improve our websites. We don’t use it for any other purpose, except as required by law, and we do not share it with other parties.

We may collect additional information automatically, including:

  • Referrals. If you came to our website by clicking on a link from somewhere else, our server will record which website that was. (You can disable referrals in your browser if you do not wish to share this information).
  • Search keywords. If you arrived at our website from a search engine like Bing or Google, our server will record what your query was (unless you have referrals disabled in your browser).
  • Screen resolution. If you have JavaScript enabled, we will record the screen resolution you are currently using on your computer. (You can opt not to share your screen resolution by disabling JavaScript).

In addition to analyzing data from our server logs, we use an open source analytics program called Matomo to measure traffic. Matomo runs on our server and does not transmit any information to outside parties. Matomo and WordPress.com’s Jetpack service will automatically collect non-personally identifiable information about your visit to our network if you have JavaScript enabled.

As mentioned, these tools do not collect any personally identifiable information. If you wish to visit without disclosing your IP address to us, you should use a VPN (virtual private network) or Tor.

What we may collect if you share it with us

You are choosing to share personally identifiable information with NPI when you…

  • leave a comment on our long-form blog (The Cascadia Advocate),
  • register an account,
  • complete a survey,
  • contact us through one of our web forms,
  • make a donation,
  • order merchandise,
  • call our telephone number/leave a voicemail,
  • or send us an email message.

For example, you may share your name, telephone number, street address, email address, gender, and biography when signing up to become a supporter.

Donations

If you make a donation online, we require that you provide certain information for accounting purposes and compliance with federal and state laws, such as legal name, billing address, and telephone number.

We transmit this information, along with your credit card number and the expiration date of your card, to Stripe for payment processing, either through our fundraising platform, Zeffy, if you make a donation, or directly to Stripe if you choose to become a member.

We do not store your payment information on our server; rather, it is securely stored by Stripe.

Stripe’s terms of service are here if you’d like to read them.

Form submissions

We use the hCaptcha security service (hereinafter “hCaptcha”) on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation (“IMI”). hCaptcha is used to check whether user actions on our online service (such as submitting a login or contact form) meet our security requirements.

To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI.

hCaptcha analysis in the “invisible mode” may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(b) of the GDPR: the processing of personal data is necessary for the performance of a contract to which the website visitor is party (for example, the website terms) or in order to take steps at the request of the website visitor prior to entering into a contract.

Our online service (including our website, mobile apps, and any other apps or other forms of access offered by us) needs to ensure that it is interacting with a human, not a bot, and that activities performed by the user are not related to fraud or abuse. In addition, processing may also be based on Art. 6(1)(f) of the GDPR: our online service has a legitimate interest in protecting the service from abusive automated crawling, spam, and other forms of abuse that can harm our service or other users of our service. IMI acts as a “data processor” acting on behalf of its customers as defined under the GDPR, and a “service provider” for the purposes of the California Consumer Privacy Act (CCPA).

hCaptcha’s privacy policy and terms of use are available for further reading.

Our use of your information

We use information you provide to us to further our mission.

When you submit a contact form, you grant permission for your comments to be reproduced by us in accordance with our Commenting Guidelines, unless you have requested that your comments be kept off the record. You may also grant us permission to reproduce your comments, but request that you be kept anonymous (unattributed).

You may use a pen name to leave comments on our blog, The Cascadia Advocate, but your pen name must be respectful and it must comply with our Commenting Guidelines. If it does not, it will be substituted with the name of a random species of fish.

Safeguarding what you share with us

We take precautions to ensure that the personally identifiable information you share with us does not get lost, misused, stolen, or destroyed. For example, our forms are encrypted using Transport Layer Security (TLS). We cannot, however, guarantee the absolute security of your information, because no known method of transmitting or storing information, whether physical or electronic, is entirely secure.

Updating your information

You may correct or amend any personally identifiable information you have provided to us — or request that we delete any information that may be on file — by contacting us through our web form. You may also call us at 425-310-2785.

Other websites

Our network contains links to thousands of other websites that we do not operate. NPI is not responsible for the content of these sites, and we have no control over their privacy practices. We encourage you to find out what their policies are before you decide to share any personally identifiable information.

Changes and amendments

We may update this policy at our discretion. If we make substantial changes to our privacy practices, we will announce such changes on our homepage, on our blog (The Cascadia Advocate) and via email to all supporters who are subscribers to the Evergreen Connection.

Current revision

NPI’s privacy practices were last updated on January 13th, 2024.