Privacy policy.
Last Update: November 4, 2025
Welcome
This Privacy Policy (“Policy”) explains how we collect, use, store, protect, and share your personal information through our services. Post Fire LA Foundation is the data controller of the personal information collected through the services (as defined in our Terms of Use “Terms”). Post Fire LA Foundation is referred to in this Policy as “PostFire”, “we”, “our” or “us”.
We deeply value your privacy. In general, we receive very little information from visitors, but we collect more data from people who desire to access the resources available through our portal. Demographic data allows us to present tailored recovery opportunities to our members.
This Policy is grouped into these sections:
We encourage you to read this Policy carefully. If you have questions, please contact us.
About us & this policy
This Policy is designed to explain how we process your personal information and how you can exercise control over our processing. Capitalized terms that are used but not defined in this Policy are defined in our Terms. The Terms describe how the Services works in general, and establish a contract between you and us governing your use of the Services.
Contact us
If you have any questions or feedback about this Policy, contact us at help@postfire.org or write to us at: Post Fire LA Foundation, 556 S Fair Oaks Ave., Ste 101-437 Pasadena, CA 91105-2657
Changes to this Policy
Because the Services change often, this Policy may change over time. Anytime we modify the Policy, we will post a revised version on the Services as noted at Last Update above. If we intend to materially change our collection or use of information, we will notify you before the material changes to this Policy take effect, so you have time to review them. If we have your contact information (such as your email), we’ll try to notify you that way. We may also post a temporary notice on the Services, or notify you by other means to the extent required by law.
Check the Last Update periodically to ensure you’re aware of the current Policy. By using or accessing the Services, you signify that you have read, understand and agree to be bound by this Policy and the Terms.
When this Policy applies
This Policy applies to you when you use the Services, effective as of the Last Update. However, some collection and use of information falls outside this Policy:
Outside services: The Services link to, embed, integrate or otherwise connect you with third-party websites, services or other events or activities that are not owned or controlled by PostFire (“Outside Materials”). Outside Materials are not part of the Services. This Policy doesn’t apply to any information you may exchange with providers of Outside Materials. Those third parties have their own policies and practices about data. We encourage you to familiarize yourself with their privacy notices and applicable contractual terms.
Key example: embedded content
The Services may embed content like YouTube videos. Those embedded containers, like the content they display, are Outside Materials. For example, YouTube designed the embedded player surrounding all YouTube video. If you interact with YouTube video, YouTube decides what data to extract from you before YouTube will serve its video to you.
When you interact with embedded content, information about your requests, such as your originating IP address, may be collected by the player. For example, YouTube’s container may pull Google identifiers and data about you from your browser. The player may also collect information about the URL of your browser (a page on the Service), without the involvement of our Services.
When we don’t control your information: If we receive your information in our role as a service provider to another business, our agreement with that business governs our use of your information. We will refer any questions or concerns of yours to that business.
Information we collect & why we use it
We and our third-party service providers collect and process information when you interact with the Services. This includes:
information you submit or provide directly,
data collected automatically by various technologies (which we call “Usage Data”), and
information we receive from other sources.
The following tables describe, comprehensively, how the services collect and use your information, and the purpose behind that processing. Please note that we may, and often do, de-identify certain personal information as part of our minimization practices.
Information You Submit
| What we collect | How we use it | Why we process it | Legal basis | Retention |
|---|---|---|---|---|
| Account management data – login credentials, permissions, and account actions (such as when your account is created, when you log in, add information, request a service, and any changes to your account). | We collect, analyze, process, and store your account management data. | • To create and maintain an account at your direction. | Account management data is processed as part of performance of a contract. | Account lifetime, or as applicable law requires |
| Demographic data – address, race, income, gender, age and certain other sensitive and nonsensitive information | Solely to provide recommendations and options to you where eligibility is based on demographic criteria. We do not use demographic data for any other purpose. | • To present tailored opportunities (grants, nonprofit funding, etc.) to you where eligibility criteria consider or require certain demography. |
Performance of a contract. Consent. |
Account lifetime; some demographic data may be deleted earlier in the ordinary course (such as prolonged periods of inactivity). |
| Communication data – interactions with or through PostFire, via our SMS or email service providers | We receive, process and store your communication data. |
• To send you relevant marketing emails. • To improve our Services. |
Our legitimate interests in providing a valid and relevant service to our users and to continue to improve our products and services. We provide an opt out so you can object to marketing messages. | Account lifetime |
| Feedback and survey data – including ratings and plain text feedback on how we can improve our services. | We process, review, store, and analyze feedback and satisfaction data. | • To inform our product roadmap and services and improve the services with user feedback. | Our legitimate interest in operating, managing, and improving our Services. | Account lifetime |
Usage Data
| What we collect | How we use it | Why we process it | Legal basis | Retention |
|---|---|---|---|---|
| Device information – IP address, device identifiers, user agent. | We collect, process and store your device information. |
• For fraud prevention. |
Our legitimate interests in keeping our services safe and secure and to provide a valid and relevant service to our users. We only collect imprecise location data, and only when you have not indicated that you do not wish to share it. |
Account lifetime; otherwise, deleted in the ordinary course. |
| Activity data – the Web page you came from, the URL you go to next, your interactions with content or advertising on the Services, and the time and duration of the activity. | We collect, analyze, process, and store activity data including via automated means. |
• For fraud prevention. • To improve our services. |
Our legitimate interests in understanding how users interact with and use our services; and keeping our services safe and secure. Activity data is monitored to prevent malicious and fraudulent activity and unauthorized use on our services as part of performance of a contract. |
Account lifetime; otherwise, periodically deleted in the ordinary course |
Information We Receive From Others
| What we collect | How we use it | Why we process it | Legal basis | Retention |
|---|---|---|---|---|
| Analytics data – we receive unique identifiers and demographic, location and interest-based info | We receive and process analytics data from providers of analytics and technical services. In many cases, Post Fire cannot, or does not, associate this data with information you’ve provided |
• To develop and enrich datasets about our audience, including visitors, users and others |
Our legitimate interest in operating a low or no-cost service. |
Analytics data collected by Outside Materials are, in general, periodically deleted in the ordinary course of business. |
| Purchase Data – if you purchase products through the Services or use an outbound referral link, we may receive information about any resulting transaction or interaction, such as cart behavior, items purchased and purchase price | We receive purchase data from providers of technical, payment and delivery services |
• To associate purchases with your account or profile • To validate purchases and interactions attributable to activity on the Services |
As part of performance of a contract. Our legitimate interest in operating, managing, and improving our Services. |
Account lifetime, or as long as applicable law requires |
Any personal information that PostFire obtains from other third-party sources will be processed by PostFire in accordance with this Policy and all applicable laws. For example, our use and transfer of information via Google APIs will adhere to the Google API Services User Data Policy, including its Limited Use requirements.
Technologies we use
When you use and interact with the Services, software automatically collects Usage Data. To give you more insight, this section summarizes the main types of technologies the Services to generate and collect Usage Data:
Cookies and Local Storage
Cookies and local storage may be set and accessed on your computer. Upon your first visit to the Services, a cookie or local storage will be sent to your computer that uniquely identifies your browser. “Cookies” and local storage are small files containing a string of characters that is sent to your computer’s browser and stored on your device when you visit a website. Most Web services use cookies to provide useful features for their users.
Most browsers are initially set up to accept cookies. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent; however, if you reject cookies, you will not be able to sign in to the Services or take full advantage of our Services. Additionally, if you clear all cookies on your browser at any point after setting your browser to refuse all cookies or indicate when a cookie is being sent, you will have to again reset your browser to refuse all cookies or indicate when a cookie is being sent.
Pixel Tags
We also use “pixel tags,” which are small graphic files that allow us and third parties to monitor the use of the Services and collect Usage Data. A pixel tag can collect information such as the IP address of the device that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time (and length of time) the page containing the pixel tag was viewed; the type of browser that retrieved the pixel tag; and the identification number of any cookie previously placed by that server on your computer.
Security
PostFire has implemented technical, administrative and physical security measures designed to protect your information from unauthorized access, use or disclosure. Still, no data transmission online is 100% secure, so we cannot guarantee or warrant the security of any information you provide, and you do so at your own risk. We cannot promise that your information will remain absolutely secure in all circumstances. We are not responsible for the circumvention of any privacy settings or security measures we may provide.
Our disclosures of information to others
This section describes how and why we exchange personal information with contractors and third parties. It also describes exchanges made for certain purposes, like advertising, legal reasons and consensual direct marketing. We may also disclose de-identified and/or anonymized data for these purposes.
We do not ‘sell’ or ‘share’ personal information
That means we don’t provide or exchange your personal information with others to facilitate behavioral ads (i.e., ads targeted to you) or otherwise sell it. For clarity, we haven’t shared or sold any personal information for that purpose in the past twelve (12) months.
With our Affiliates
We may share, link or pool user information among our corporate affiliates, but always in accordance with applicable law, applicable agreements and this Policy.
Direct marketing
We only exchange information about you with third parties for direct marketing purposes if you opt in, and will only do so until you opt out.
We may share information about you with third party sponsors or partners who will use it for marketing purposes but only if you opt in to such sharing or do not opt out when prompted. We will never share information in this manner without giving you one of these two options.
Functional disclosures
We also contract with other businesses to provide certain services related to the functionality and features of the Services, including payment processing, email and hosting services, software development, shipping and fulfillment, data management, and administration of contests and other promotions. We refer to them as “contractors.”
Contractors may collect information about you on our behalf, such as Personal Identifiers, Commercial Information, Internet Activity and Device Information, as necessary for them to perform their services. At other times, we disclose information about you to contractors.
Contractors are not permitted to use information about you for any purpose other than performing their services for us. In the past twelve (12) months, we have disclosed these types of information to the following types of contractors:
Analytics providers, namely Google Analytics, to tell us how the Services is doing, such as which parts interest visitors and how long they visit before leaving. Among other data, they may receive your IP address.
Various hosting services and data processors to provide the infrastructure of the Services, such as Cloudflare, which ensures that traffic is from real people, not computers. Among other data, they may receive your IP address.
With your consent or at your request
We may periodically ask for your consent to share your contact information to third parties (and, to be clear, no other data, such as demographic data). Whenever we ask your consent for this reason, we will summarize the purpose and scope of the disclosure. For example, we may offer discounts to you if you consent to join our mailing list or participate in a promotion involving direct marketing communications.
In those cases, the Services will display a tickbox near an email-entry field explaining that by submitting your information, you agree to share your email with the content provider.
To be clear, we only exchange information about you with third parties for direct marketing purposes if you opt in, and will only do so until you opt out.
For legal reasons
Finally, we may disclose personal information:
In response to subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us;
When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of our company, our users, or others; and in connection with the enforcement of our Terms and other agreements; or
In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
How long we retain your information
We retain your information only as long as we need it for the purposes described under Information we collect & how we use it, except when longer retention is required by our compliance policies and efforts toward applicable legal, tax, accounting and regulatory requirements.
How long we need information for those purposes varies by category, and even within categories. These retention determinations always consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from its unauthorized use or disclosure and whether we can achieve those purposes without using the personal information.
For example, we delete some Usage Data as soon as you exit the Services, whereas we may retain records of your orders for services and products for several years as required by law or contract, such as agreements with our payment processors or under our accounting standards.
Use by minors
The Services are intended for adult users. We do not knowingly collect information from anyone under the age of 18, and we do not share or sell information about anyone under 18 without affirmative authorization. If we learn that we have collected information from a person under age 18, we will delete that information as quickly as possible.
If you are under 18: sorry, but please leave the Services. If you’ve already sent us information, please contact us first so we can delete it.
If you are a parent or guardian of a person under 18 years of age and you believe that person provided information to us, please contact us.
How to control your privacy
In General
As a user of the Services, you have rights and choices about your personal information. We want you to be in control of your information, so we want to remind you of the following options and tools available to you:
Account controls: You can update the personal information in your Account through the account settings made available on the services. Any updated information will be reflected in our records and throughout the services promptly.
Newsletter opt-outs: you may opt-out of any marketing communications from us by following the unsubscribe instructions in the communication you receive. We may continue to send you communications regarding the Services, such as notices about administrative updates, transaction reports, and changes to the Services, this Policy or the Terms.
Exercising rights: If any of the local privacy laws listed below apply to you, see Requesting information to exercise your rights.
International Data Transfers
If you reside outside the United States, we transfer information about you for processing in the United States. Our Service is not intended for residents of non-U.S. jurisdictions. If you live outside the U.S., by providing your information to us, you consent to the processing of the information in the United States. The transfer of this information to the United States is necessary for the performance of our contract for use of the Services.
U.S. law is not equivalent to laws in other countries, such as GDPR in Europe or PIPEDA in Canada. As of the Last Update, the U.S. has not been deemed an ‘adequate’ jurisdiction under GDPR for the purposes of international data transfers.
Information about local privacy laws
The Services operate from the United States, but this Policy applies worldwide. Our practices generally do not differ based on your location, but your rights and choices depend in part on the law where you live.
If any of these local privacy laws apply to you, that section overrides any contrary descriptions elsewhere in the Policy as they relate to you. If you have questions about your rights under other data privacy laws, please contact us.
Requesting information
Submitting requests
To exercise any rights described in this Policy, please contact us or use our Opt-Out Request Form (when available). Your request must:
provide sufficient information to identify you and the law that applies to you, such as your name, e-mail address, home or work address, or other information we maintain.
not include social security numbers, driver’s license numbers, third-party account numbers, credit or debit card numbers, or health information.
Verifying requests
We verify requests by attempting to match information in the request to information we maintain. We may require you to confirm your identity by authenticating via your account or other access method.
If your request is unclear or we are unable to authenticate your identity, we may ask for more information, in accordance with law that applies to you.
If you are an authorized agent submitting a request on a user’s behalf (where permitted), we may require proof of the user’s written authorization before processing the request.
If we cannot verify the identity of the data subject in the request, we may deny it, in full or in part.
Responses to requests
We will respond to your request as quickly as we can, taking into account the nature of your request and the volume of pending requests. The content of our response will vary with the nature of your request, but will always respond in accordance with any deadlines or requirements specified by the laws that applies to you.
At times, we may be unable to provide responsive personal information, such as when disclosure would create a substantial, articulable and unreasonable risk to the security of the information, user accounts, or the security of our systems or networks. We do not disclose account passwords or any other non-personal information that enables access to an account.
We reserve the right to retain an archive of any deleted information, to the extent permitted by law. We may also retain deidentified or aggregate data derived from personal information.
Appealing decisions
Residents of jurisdictions that provide for an appeal mechanism may appeal a decision we have made regarding their requests by contacting us.
Information for Users in Certain U.S. States
Exercising your rights: As described in the “How to control your privacy" section of the Policy, all users have control over their information and can limit what data we process. If you are a resident of California, Colorado, Connecticut, Utah, Virginia or another state with a similar data-privacy law, you may have additional rights that you (or, in certain states, an authorized agent acting on your behalf) can exercise by contacting us, including the right to:
More information about the categories and specific pieces of personal information we have collected and disclosed for a business purpose in the last 12 months
Access and/or receive a copy of certain personal information we hold about you
Correct your personal information
Delete certain personal information we hold about you
Receive information about the financial incentives that we offer to you, if any
Opt out of the processing of your personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects, if applicable
You also have the right to not be discriminated against for exercising your rights. You may also have the right to opt out of “sales” of your information and “sharing/processing of your information for targeted advertising.”
Certain information may be exempt from the requests above under applicable law. For example, we need to retain certain information in order to provide our services to you. We also need to take reasonable steps to verify your identity before responding to a request.
If you have any questions about these rights, wish to exercise them, or request an appeal, see Requesting information or contact us.
Additional Information for Users in California
In addition to the rights described above, consumers residing in California are afforded the right to certain additional information with respect to their personal information under the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you.
Our collection and use of personal information: We collect the following categories of personal information: identifiers (such as your username, the email address you used to sign up, and your phone number if you’ve chosen to provide it); commercial information (a record of what you’ve bought or transacting from or while using PostFire, if anything); internet or other network information (how you interact with the services); location information (because your IP address may indicate your general location); inference data about you (for example, what opportunities you may be interested in); and other information that identifies or can be reasonably associated with you.
For more information about what we collect and the sources of such collection, please see the “Information we collect & why we use it” section of the Privacy Policy. To the extent we collect or use sensitive personal information as defined by law (such as the CCPA), we do so in accordance with applicable legal requirements, and we do not use or disclose it other than for purposes for which there is not a right to limit under the CCPA.
Disclosure of personal information: We may disclose and share your personal information with service providers and third parties as described in the “Our disclosures of information to others” section of the Policy. We disclose the categories of personal information mentioned in that section for business or commercial purposes.
No sale or “share” of personal information: The CCPA sets forth certain obligations for businesses that sell or “share” personal information. We do not sell or share the personal information of our users as those terms are defined in the CCPA. We do disclose certain information as outlined in the “Our disclosures of information to others” section of the Policy and you can make choices with respect to your information as outlined in that policy.
We disclose personal information for the following categories of purposes, as defined by CCPA:
Advertising and Marketing
Error Management
Internal Research
Provide Products or Services
Quality Assurance
Security
Short-Term Transient Use
We retain personal information as described in the “How long we retain your information” section of the Policy.
California’s “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties, as defined under applicable law, for their direct marketing purposes. We only share your personal information with third parties for their own direct marketing purposes with your consent and, if you have consented, only until you withdraw your consent.
If you have any questions about these rights, wish to exercise them, or request an appeal, see Requesting information or contact us.