Política de Privacidad

Tu privacidad nos importa. Así manejamos tu información.

Esta página se muestra en español como referencia. La versión legalmente vinculante es el texto en inglés. Ver en inglés.

Effective Date: May 20, 2026 · Last Reviewed: May 20, 2026

1. Who We Are

Uncarcerated is a nonprofit organization based in Gainesville, Florida, dedicated to supporting justice-impacted individuals and their families. This Privacy Policy describes how we collect, use, and protect information when you use our website at www.uncarcerated.org (the "Site").

2. Information We Collect

Account Information

When you create an account, we collect your email address, a display name of your choosing, and a password (stored using bcrypt one-way hashing — we never see your plaintext password). Your real name is optional and never displayed publicly.

Two-Factor Authentication (if enrolled)

If you enable two-factor authentication, we store: your TOTP secret (used to verify the codes from your authenticator app), and bcrypt hashes of your recovery codes. The plaintext recovery codes are shown to you exactly once during enrollment and are never recoverable from us — store them somewhere safe.

Intake Form Responses

When you use our resource matching tool, we collect information about your state, needs, and situation to match you with relevant resources. For unregistered users, this data is stored locally in your browser. For registered users, it is saved to your account so you don't need to re-enter it.

User-Generated Content

When you post in Discussions, create content or write blog posts on UnStudio, submit a mentor application, or save items for later, we store the content you provide. Your public username is displayed with your posts—never your real name or email.

Newsletter Subscriptions

If you subscribe to our newsletter, we collect your email address to send periodic updates about resources, events, and community news. You can unsubscribe at any time using the link in any newsletter email.

Contact & Mentor Requests

When you submit our contact form or send a mentor connection request, we store the name, email, and message you provide so we can respond and so an admin can audit submissions for spam.

Donations

If you choose to donate "anonymously," we honor that — no user_id and no name are attached to the donation row in our database. Your email is kept so we can send a tax receipt, but is not linked to any account profile or donor list.

Automatically Collected Information

We log the IP address and user agent of every page request for security purposes (rate limiting, abuse detection, audit logging of administrative actions). These logs are not used for analytics or marketing.

3. Cookies & Local Storage

We use the minimum cookies needed to run the Site. We do not run analytics, advertising, or cross-site tracking. The complete list:

Cookie / Storage Purpose Lifetime Category
uncarcerated_session Keeps you signed in and protects forms from CSRF attacks. 2 hours of inactivity Strictly necessary
cookie_notice_seen Records that you dismissed the cookie notice banner so we don't show it again. 365 days Functional
sticky_cta_dismissed Records that you dismissed the donate prompt so we don't keep showing it. 90 days Functional
theme (localStorage) Remembers whether you chose light / dark / follow-system for the site theme. Until you clear it Functional

You can clear any of these at any time using your browser's privacy / cookie settings. Clearing uncarcerated_session will sign you out.

4. How We Use Your Information

  • To provide and improve our services (resource matching, discussions, UnStudio, blog, mentor matching)
  • To authenticate your account and protect your security (login, two-factor, password reset)
  • To send transactional emails (password resets, email verification, mentor notifications, donation receipts)
  • To send newsletter updates (only if you subscribe; you can unsubscribe anytime)
  • To process donations and purchases through our payment processor
  • To detect and prevent abuse (rate limiting, audit logging, CSRF protection)

5. Third-Party Services

We use the following third-party services:

  • Stripe — For processing donations and UnStudio purchases. Stripe handles all payment card data; we never see or store your card numbers. Stripe's Privacy Policy
  • Google Fonts — For typography (Outfit font). Google may collect your IP address when fonts are loaded from their servers. Google's Privacy Policy
  • Spotify / Apple Podcasts / Podbean — Podcast embeds and outbound links on our site are governed by their respective privacy policies.

External Resource APIs (no personal data sent)

When you search the resource finder, we query the following federal data sources to give you live state-specific listings. We send only your selected state code (e.g., "FL") to these services — never your name, email, IP address, or any other personal information:

  • SAMHSA Behavioral Health Treatment Services Locator (findtreatment.gov)
  • HUD Housing Counseling Agencies (via ArcGIS / data.hud.gov)
  • FNS SNAP Retailer Locator (via ArcGIS / fns.usda.gov)
  • CareerOneStop Job Search API (only if configured; currently inactive)

We do not sell, rent, or share your personal information with advertisers or data brokers.

6. Data Security

We take reasonable measures to protect your information, including:

  • Passwords are stored as bcrypt hashes (one-way; we never see plaintext)
  • Two-factor recovery codes are bcrypt-hashed and single-use
  • All connections use HTTPS / TLS encryption
  • CSRF tokens, honeypot fields, and timestamp checks on all forms
  • Prepared database statements (no SQL injection vectors)
  • Strict Content-Security-Policy with violation reporting
  • Login rate-limiting with account lockout after repeated failures
  • Per-IP rate limiting on password reset, verification resends, and contact submissions
  • Server-side audit log of every administrative action

7. Your Rights

You have the right to:

  • Access the personal data we hold about you. Most of it is visible in your Dashboard; for anything you can't see there, email us using the contact link below.
  • Update your profile, email, password, two-factor settings, and saved preferences via your dashboard at any time.
  • Export your data. We're building a one-click export; until it ships, email the address below and we'll send you a copy within 30 days.
  • Delete your account. Email us (or use the contact form) and we'll permanently delete your account, your saved items, your mentor history, and any private messages within 30 days. Public posts you authored will be anonymized (your username replaced with "Former member") rather than deleted, so the conversation threads other members participated in stay intact — you can request full content removal of specific posts on request.
  • Unsubscribe from the newsletter at any time using the link in any newsletter email.
  • Object to a specific processing activity. Tell us what and why; we'll respond within 30 days.

8. Children's Privacy

Our Site is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we update the "Effective Date" at the top. Material changes will be announced via newsletter (if you're subscribed) and via a banner on the Site. We encourage you to review this page periodically.

10. Contact Us

If you have questions about this Privacy Policy or your personal data, you can reach us through our contact form or:

Email: info@uncarcerated.org
Organization: Uncarcerated
Location: Gainesville, FL