Privacy Policy

1. Who We Are

NACSA (North America Chattada Sri Vaishnava Cultural Association) is a nonprofit cultural association dedicated to uniting Chattada Sri Vaishnava families across North America. NACSA is a volunteer-led organization. Our website is located at na-csa.org.

This Privacy Policy applies to all information collected through our website (na-csa.org), the membership application form, email communications, and any other interactions with NACSA.

For any privacy-related questions or requests, contact us at: data@na-csa.org

2. Information We Collect

We collect personal information that you voluntarily provide when you apply for membership, contact us, or otherwise interact with NACSA. This may include:

2.1 Membership Application Data

• Full name (first and last)
• Email address
• Phone number
• Home address (street, city, state/province, ZIP/postal code, country)
• Date of birth (to verify age eligibility — 18+ required)
• Gender
• Gothram and mother tongue
• Native state (Indian state of family origin)
• Acharya affiliation (if provided)
• Father's name and mother's name (if provided)
• Profession, employer, and industry (if provided)
• Dependent family members' names, relationships, dates of birth, and email addresses
• Volunteer interests and community expectations
• Region of residence within North America

2.2 Communications Data

• Messages you send us via email or contact forms
• Your email address when you contact data@na-csa.org

2.3 Automatically Collected Data

• Standard web server logs (IP address, browser type, pages visited, referral source) — retained for security and diagnostic purposes
• Website analytics data (if Google Analytics is enabled — see Section 5)

Sensitive information: We do not collect Social Security numbers, government-issued ID numbers, financial account details, or health information. However, we do collect certain categories of information that may be considered sensitive under applicable state privacy laws, including religious affiliation (Acharya/Mutt), ethnic and cultural heritage (Gothram, Mother Tongue, Native State, and Acharya Affiliation). This information is collected voluntarily and only when you affirmatively choose to provide it during membership registration. You may decline to provide this information without affecting your eligibility for membership.

3. Legal Basis for Processing

NACSA processes your personal data on the following legal bases:

• Consent: You provide personal information voluntarily when applying for membership or contacting us. By submitting a membership application, you consent to the processing described in this Policy.
• Contractual necessity: To fulfill our obligations as your membership organization — including sending payment instructions, membership confirmation, and community communications.
• Legitimate interests: To operate and improve our website, prevent fraud, and maintain the security and integrity of our systems, provided these interests are not overridden by your privacy rights.
• Legal compliance: To comply with applicable laws, regulations, or valid legal process.

4. How We Use Your Information

We use the personal information we collect solely for the following purposes:

• Processing and managing your membership application and status
• Sending membership payment instructions and confirmation emails
• Communicating community news, event announcements, and NACSA updates
• Maintaining our internal member directory (accessible to verified members only)
• Coordinating event logistics and volunteer efforts
• Responding to your inquiries and support requests
• Improving our website and services
• Complying with legal obligations
• Protecting against fraudulent, unauthorized, or illegal activity

We will never use your information for commercial advertising, sell it to third parties, or share it with outside organizations without your explicit written consent.

5. Cookies & Analytics

Essential cookies: Our website may use minimal session cookies necessary for basic functionality. These do not track you across other websites and expire when you close your browser.

Google Analytics: We may use Google Analytics (Google LLC, USA) to collect anonymized, aggregated website usage statistics (pages visited, session duration, referral source). If enabled, Google Analytics uses cookies and may transfer data to Google servers in the United States. Google's use of this data is governed by Google's Privacy Policy. You may opt out by using the Google Analytics Opt-out Browser Add-on.

Google reCAPTCHA: Our membership form uses Google reCAPTCHA v2 (Google LLC) to protect against spam and abuse. reCAPTCHA collects hardware and software information and sends that data to Google for analysis. Use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

We do not use advertising cookies, retargeting pixels, or any cross-site behavioral tracking.

6. How We Share Your Information

NACSA does not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

6.1 Service Providers

We use the following third-party service providers to operate our systems. These providers process your data only on our behalf and are bound by data protection obligations:

• Amazon Web Services (AWS): Cloud infrastructure for data storage (DynamoDB) and email delivery (SES). Data stored in the United States (us-east-1).
• Zeffy: Third-party payment processor for membership fee collection. We share your name and email with Zeffy solely to facilitate payment. Zeffy is a PCI DSS-compliant platform built on Stripe. Your payment card details are processed and stored by Zeffy/Stripe — NACSA never receives or stores payment card information. See Zeffy's Privacy Policy.
• Google LLC: For reCAPTCHA bot protection and, if enabled, Google Analytics.

6.2 Member Directory

NACSA may maintain an internal member directory accessible only to verified current members. By joining, your name, city/state, and contact information may be included. You may opt out at any time by contacting data@na-csa.org.

6.3 Legal Requirements

We may disclose your information if required by applicable law, regulation, court order, or other valid legal process, or to protect the rights, property, or safety of NACSA, its members, or others.

6.4 Organizational Transfers

In the event of a merger, reorganization, or dissolution of NACSA, member data may be transferred to a successor community organization, provided the successor organization agrees to honor this Privacy Policy.

7. Data Storage & Security

All member data is stored on servers physically located within the United States of America (AWS us-east-1 region). We implement reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, alteration, or disclosure.

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, NACSA cannot guarantee absolute security and disclaims liability for any unauthorized access to or disclosure of personal data that occurs despite these measures. By using our services, you acknowledge and accept this inherent risk.

In the event of a data breach that is reasonably likely to result in a risk to your rights and freedoms, we will notify affected members within a reasonable timeframe as required by applicable law.

8. Data Retention

We retain your personal information for as long as your membership is active or as necessary to fulfill the purposes described in this Policy, subject to the following:

• Active members: Data is retained for the duration of membership and for a reasonable period after termination for administrative purposes.
• Inactive / rejected applicants: Application data may be retained for up to 3 years to prevent duplicate or fraudulent applications.
• Email correspondence: Retained for up to 3 years unless a longer retention period is required by law.
• Server logs: Typically retained for 90 days for security and diagnostic purposes.

Upon request, we will delete your personal information in accordance with Section 9 (Your Rights), subject to legal and operational retention requirements.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information. To exercise any of these rights, email data@na-csa.org. We will respond within 30 days (or within the timeframe required by applicable law).

9.1 Rights Under GDPR (EEA / UK residents)

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete information.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
• Right to Restriction: Request that we restrict processing of your data in certain circumstances.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.

9.2 Rights Under the California Consumer Privacy Act (CCPA / CPRA)

California residents have the right to:

• Know what personal information we collect, use, disclose, or sell
• Request deletion of your personal information
• Opt out of the sale of personal information (NACSA does not sell personal information)
• Non-discrimination for exercising your privacy rights

To submit a California privacy request, email data@na-csa.org with subject line "California Privacy Request."

9.3 Rights Under the Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have the right to:

• Confirm whether we process your personal data and access it
• Correct inaccuracies in your personal data
• Delete your personal data
• Obtain a portable copy of your data
• Opt out of the processing of your personal data for targeted advertising, sale, or profiling (NACSA does none of these)
• Opt out of processing of sensitive data — including racial or ethnic origin and religious beliefs. Where we collect such data (e.g., Gothram, Acharya Affiliation, Mother Tongue, Native State), we do so only with your explicit, affirmative consent provided at the time of collection

To submit a Virginia privacy request, email data@na-csa.org with subject line "Virginia Privacy Request." We will respond within 45 days. You may appeal a denied request by emailing us with subject line "Virginia Privacy Appeal."

9.4 Rights Under Other U.S. State Privacy Laws

Residents of the following states have similar privacy rights, including the right to access, correct, delete, and opt out of certain processing of personal data. NACSA honors these rights regardless of state:

• Colorado (Colorado Privacy Act — CPA)
• Connecticut (Connecticut Data Privacy Act — CTDPA)
• Texas (Texas Data Privacy and Security Act — TDPSA)
• Montana (Montana Consumer Data Privacy Act — MCDPA)
• Oregon (Oregon Consumer Privacy Act — OCPA)
• Nevada (Nevada Privacy of Information Collected on the Internet from Consumers — SB 220)
• Utah (Utah Consumer Privacy Act — UCPA)

To exercise your rights under any of these laws, email data@na-csa.org identifying your state and the right you wish to exercise. We will respond within the timeframe required by your state's law.

9.5 Opt-Out of Communications

You may unsubscribe from NACSA email communications at any time by clicking the unsubscribe link in any email or by contacting data@na-csa.org. Note that unsubscribing from marketing emails does not affect transactional communications (e.g., membership confirmation, payment instructions) which are necessary for your membership.

10. Children's Privacy

Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. Minor dependents may be listed on a family membership application by the adult primary member, who is responsible for obtaining appropriate consent on behalf of minors in their household.

If you believe that a child under 13 has provided us with personal information without parental consent, please contact us at data@na-csa.org and we will take steps to delete such information promptly.

11. International Data Transfers

NACSA is based in the United States and your information is processed and stored on servers in the United States. If you are located outside the United States — including in the European Economic Area (EEA), United Kingdom, or Canada — please be aware that your information will be transferred to and processed in the United States, which may have different data protection laws than your country.

By submitting your information to NACSA, you consent to this transfer. Where required by law, we implement appropriate safeguards (such as standard contractual clauses) for international data transfers.

12. Third-Party Links

Our website may contain links to external websites and platforms (e.g., YouTube, social media, Zeffy). NACSA is not responsible for the privacy practices or content of those external sites. We strongly encourage you to review the privacy policies of any third-party sites you visit. The inclusion of any link does not imply our endorsement of the linked site.

13. Disclaimer of Liability for Data Incidents

NACSA is a volunteer-run nonprofit community organization with limited technical resources. While we apply reasonable security practices, NACSA, its board members, officers, and volunteers disclaim all liability for any unauthorized access, disclosure, alteration, or loss of your personal data to the maximum extent permitted by applicable law, including but not limited to liability arising from:

• Security breaches of our third-party service providers (AWS, Zeffy, Google)
• Unforeseeable cyberattacks or hacking incidents
• Data loss due to technical failures or force majeure events
• Interception of data during transmission over the Internet

In all cases, NACSA's total liability related to any data privacy matter shall not exceed the membership fees paid by you in the preceding 12 months.

14. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Commonwealth of Virginia, United States of America, without regard to its conflict of law provisions. Any disputes arising under this Privacy Policy shall be subject to the dispute resolution provisions set forth in our Terms & Conditions, including binding arbitration and class action waiver.

15. Changes to This Policy

NACSA reserves the right to modify this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page. Continued use of our website or services after changes are posted constitutes your acceptance of the revised Policy. We encourage you to review this page periodically.

For significant changes affecting how we handle your personal data, we will make reasonable efforts to notify active members via email.

16. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: