Privacy Policy

1. Who We Are

Saints of Florida, Inc. is a 501(c)(3) nonprofit educational organization serving homeschool families in the State of Florida.

Our mailing address is: 5079 N. Dixie Hwy #283 Fort Lauderdale, FL 33334

For privacy questions, contact us at [email protected]or call 954-646-5903.

2. Information We Collect

Information You Provide Directly

• Parent/Guardian Information: Name, email address, phone number, and mailing address
• Student Information: First name, last name, and date of birth
• Registration Data: Program selections, location preferences, t-shirt sizes, and responses to custom form fields
• Support Tickets: Subject, message content, and any follow-up communications
• Account Credentials: Email address (for parent accounts via magic link) or email and password (for staff accounts)

Payment Information

We use Stripe to process credit/debit card and ACH (bank account) payments. Full card numbers and bank account details are collected and processed directly by Stripe and never touch or are stored on our servers. We retain only the last four digits of your card and the card brand (e.g., "Visa") for receipt and reference purposes.

Information Collected Automatically

• Session Data: We use a single, essential session cookie to keep you signed in. This cookie is encrypted, HTTP-only, and cannot be read by JavaScript running in your browser.
• Error Logs: If an error occurs while you use our site, diagnostic information (such as the error message and page visited) may be sent to our error tracking service. Email addresses are automatically redacted from error reports before transmission.

Information We Do Not Collect

We do not use analytics trackers, advertising pixels, third-party cookies, device fingerprinting, geolocation tracking, or any form of behavioral advertising technology.

3. How We Use Your Information

We use the personal information we collect solely for the following purposes:

• Processing and confirming registrations
• Processing payments and generating receipts
• Communicating with you about your registrations, payments, and account (transactional emails only)
• Responding to support tickets and inquiries
• Administering programs, tracking enrollment, and managing capacity
• Generating receipts for scholarship reimbursement purposes
• Maintaining audit trails for student record corrections

We do not sell, rent, or trade your personal information to any third party. We do not use your information for marketing or advertising purposes.

4. Third-Party Services

We use the following third-party services to operate our platform. Each processes only the minimum data necessary for its function:

Stripe (Payment Processing)

Stripe processes all payment transactions. Card numbers and bank account details are collected directly by Stripe's secure, PCI-compliant infrastructure. We never see or store full payment credentials. Stripe's privacy policy is available at stripe.com/privacy.

Resend (Transactional Email)

Resend delivers transactional emails on our behalf (e.g., sign-in links, registration confirmations, payment receipts, support ticket updates). Resend receives the recipient email address and email content necessary for delivery. Resend's privacy policy is available at resend.com/legal/privacy-policy.

Cloudflare R2 (Document Storage)

Receipt PDFs are stored securely on Cloudflare R2. These documents contain student names, parent names, payment amounts, and receipt numbers. Access is restricted to authenticated users. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.

Sentry (Error Monitoring)

Sentry helps us detect and fix errors on our platform. Before any data is sent to Sentry, email addresses are automatically redacted and replaced with "[EMAIL]". Sentry's privacy policy is available at sentry.io/privacy.

5. Children's Privacy

Our platform collects limited information about students (minors), including first name, last name, and date of birth, solely for the purpose of program registration. This information is provided by the parent or legal guardian, not by the child directly.

As a nonprofit organization, we are generally exempt from the Children's Online Privacy Protection Act (COPPA). Nevertheless, we voluntarily follow COPPA's guiding principles:

• We collect only the minimum student information necessary for registration
• Student data is provided and managed exclusively by the parent/guardian
• We do not contact students directly
• We do not share student information with third parties except as necessary for payment processing and receipt generation
• Parents may request access to, correction of, or deletion of their child's information at any time

6. Data Security

We implement the following security measures to protect your information:

• Encryption in Transit: All data is transmitted over HTTPS (TLS/SSL encryption)
• Password Hashing: Staff passwords are hashed using Argon2, a memory-hard algorithm resistant to brute-force attacks
• Session Security: Session tokens are hashed with SHA-256 before storage; only the hash is stored in our database
• Magic Link Authentication: Parent accounts use one-time, time-limited magic links instead of passwords, reducing credential theft risk
• CSRF Protection: Cross-site request forgery protections are enabled on all form submissions
• Security Headers: We set strict security headers including X-Frame-Options, X-Content-Type-Options, and restrictive Permissions-Policy
• PCI Compliance: Payment card data is handled entirely by Stripe's PCI DSS Level 1 certified infrastructure

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy:

• Registration and Payment Records: Retained for a minimum of seven (7) years for tax and scholarship reimbursement purposes
• Receipt PDFs: Retained indefinitely for scholarship reimbursement documentation
• Session Data: Automatically expires after 30 days of inactivity
• Magic Links: Expire after 24 hours and are marked as used
• Support Tickets: Retained for the duration of the parent-organization relationship

8. Your Rights

You have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you and your children
• Correction: You may update your family and student information through the Parent Portal, or request corrections by contacting support
• Deletion: You may request that we delete your personal information, subject to our legal retention obligations (e.g., tax records)
• Data Portability: You may request your data in a commonly used electronic format

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use a single, essential cookie to maintain your authenticated session. This cookie:

• Is HTTP-only (inaccessible to JavaScript)
• Is marked Secure (transmitted only over HTTPS)
• Has SameSite protections enabled
• Contains only a randomly generated session token
• Expires after 30 days

We do not use analytics cookies, advertising cookies, or any third-party cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify affected users by email. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of our platform after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: