Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide when using our Site and App:

• Account Information: Name, email address, phone number, mailing address
• Profile Data: User preferences, role assignments, conservation interests
• Authentication Data: Login credentials, password hashes, session tokens (via Supabase)
• Payment Information: Billing details, payment methods (processed securely via Stripe)
• Communication Data: Messages, support requests, feedback submissions

1.2 Wildlife & Conservation Data

• Sighting Reports: Photos, videos, GPS coordinates, timestamps, observer notes
• Wildlife Observations: Band numbers, auxiliary markers, behavior descriptions, habitat information
• Injury Reports: Wildlife health observations, injury documentation, rehabilitation data
• Generated Content: AI-generated testimony, UIPA requests, conservation documents
• Research Data: Scientific observations, population data, conservation metrics

1.3 Technical Information

• Device Data: IP addresses, browser type, operating system, device identifiers
• Usage Analytics: Page views, feature usage, session duration, click patterns
• Location Data: GPS coordinates (when permission granted), general location information
• Mobile App Data: App version, crash reports, performance metrics, offline usage patterns
• Cookies & Tracking: Session cookies, preference cookies, analytics cookies

1.4 Third-Party Service Data

• Stripe: Payment processing, subscription management, transaction records
• SendGrid: Email delivery, communication logs, engagement metrics
• Google Maps API: Mapping services, geocoding, location visualization
• DeepSeek AI: AI processing for testimony generation and content creation
• Supabase: Database hosting, authentication, real-time data synchronization

2. How We Use Your Information

2.1 Service Delivery

• Process and manage Nēnē adoption programs and subscriptions
• Generate AI-powered testimony for conservation advocacy
• Create and manage UIPA government information requests
• Facilitate wildlife sighting submissions and community reporting
• Provide injury tracking and wildlife health monitoring services
• Enable mobile field data collection through Kilo App
• Deliver offline data access for field research and conservation work

2.2 Conservation & Research

• Conduct scientific analysis and population monitoring studies
• Support habitat research and conservation planning initiatives
• Generate conservation reports and impact assessments
• Collaborate with research institutions and conservation partners
• Contribute to peer-reviewed scientific publications and studies

2.3 Platform Operations

• Maintain and improve Site and App functionality
• Provide customer support and technical assistance
• Ensure security and prevent fraud or misuse
• Analyze usage patterns to enhance user experience
• Send important notifications and service updates

2.4 Legal & Compliance

• Comply with applicable laws and regulatory requirements
• Respond to legal requests and court orders
• Protect our rights, property, and safety
• Enforce our Terms of Use and other policies

3. Information Sharing & Disclosure

3.1 Conservation Partners

We share wildlife data with authorized conservation partners for legitimate research and conservation purposes:

• Government wildlife agencies and departments
• Academic research institutions and universities
• Non-profit conservation organizations
• Licensed wildlife rehabilitation centers
• Authorized field researchers and biologists

3.2 Hawaiʻi Wildlife Center Data

Special Protection: All injury tracking data, rehabilitation records, and wildlife health information provided by Hawaiʻi Wildlife Center remains their exclusive property and is subject to additional restrictions:

• Access requires explicit prior approval from Hawaiʻi Wildlife Center
• Usage restricted to personnel specifically authorized by Hawaiʻi Wildlife Center
• Research or publication requires written consent from Hawaiʻi Wildlife Center
• Additional terms and conditions may apply as specified by Hawaiʻi Wildlife Center

3.3 Public Information

Certain information may be made publicly available for conservation and educational purposes:

• General wildlife sighting data (with sensitive locations removed)
• Conservation success stories and impact reports
• Educational content and community engagement materials
• Aggregated population and conservation statistics

3.4 Service Providers

We share information with trusted third-party service providers who assist in operating our services:

• Stripe: Payment processing and subscription management
• SendGrid: Email delivery and communication services
• Supabase: Database hosting and authentication services
• Google: Mapping and location services
• DeepSeek: AI-powered content generation services

3.5 Legal Requirements

We may disclose information when required by law or to protect our rights:

• Compliance with legal obligations and court orders
• Response to government requests and regulatory inquiries
• Protection against fraud, security threats, or illegal activities
• Enforcement of our Terms of Use and other policies

4. Data Security & Protection

4.1 Security Measures

• Encryption: All data transmitted and stored using industry-standard encryption
• Access Controls: Role-based permissions and multi-factor authentication
• Monitoring: Continuous security monitoring and threat detection
• Regular Audits: Periodic security assessments and vulnerability testing
• Data Backup: Secure, encrypted backups with disaster recovery procedures

4.2 Mobile App Security

• Device-level security requirements (lock screens, biometric authentication)
• Secure offline data caching with automatic expiration
• Real-time monitoring of data access and usage patterns
• Immediate revocation of access upon security violations

4.3 Data Breach Response

In the event of a data breach, we will:

• Immediately investigate and contain the breach
• Notify affected users within 72 hours when required by law
• Cooperate with law enforcement and regulatory authorities
• Implement additional security measures to prevent future incidents

5. Data Retention & Deletion

5.1 Retention Periods

• Account Data: Retained while account is active, plus 7 years after closure
• Wildlife Data: Retained indefinitely for conservation research purposes
• Payment Records: Retained for 7 years for tax and legal compliance
• Technical Logs: Retained for 2 years for security and operational purposes
• Communication Records: Retained for 3 years for support and legal purposes

5.2 Data Deletion

You may request deletion of your personal data, subject to certain limitations:

• Wildlife conservation data may be retained for scientific research
• Legal and regulatory requirements may prevent immediate deletion
• Aggregated or anonymized data may be retained indefinitely
• Backup systems may retain data for additional recovery periods

6. Your Privacy Rights

6.1 Access & Control

You have the right to:

• Access: Request copies of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data (subject to limitations)
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your information
• Objection: Object to certain types of data processing

6.2 Communication Preferences

• Opt out of marketing communications at any time
• Customize notification preferences in your account settings
• Unsubscribe from email lists using provided links
• Contact us directly to update communication preferences

6.3 Location Data

• Control location sharing through device and app settings
• Choose whether to include GPS coordinates in wildlife reports
• Opt out of location-based features while maintaining core functionality

7. Cookies & Tracking Technologies

7.1 Types of Cookies

• Essential Cookies: Required for basic site functionality and security
• Preference Cookies: Remember your settings and customizations
• Analytics Cookies: Help us understand site usage and performance
• Marketing Cookies: Used for targeted content and communications

7.2 Cookie Management

You can control cookies through your browser settings, though disabling certain cookies may affect site functionality. We respect "Do Not Track" signals where technically feasible.

8. International Data Transfers

Our services are primarily operated from the United States. If you access our services from outside the US, your information may be transferred to, stored, and processed in the United States. We implement appropriate safeguards to protect your information during international transfers.

9. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our Site and updating the "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

11. Contact Information

For questions about this Privacy Policy, to exercise your privacy rights, or to report privacy concerns, contact us at:

• Email: legal@nene.org
• Privacy Officer: privacy@nene.org
• General Contact: contact@nene.org
• Address: P.O Box 1899 Keaau, HI 96749