Perkins Fund Logo

Privacy Policy

Back to Home

Effective Date: Insert Effective Date

1. Introduction

The Perkins Cybersecurity Educational Fund (“PCEF,” “we,” “our,” or “us”) is a nonprofit organization dedicated to cybersecurity education, public-interest research, threat analysis, student development, and the creation of free or low-cost tools for individuals, students, educators, researchers, nonprofits, and the broader security community.

This Privacy Policy explains how PCEF collects, uses, stores, protects, discloses, and retains information when you access our website, use our cybersecurity tools, upload files or ransom notes, interact with our APIs, participate in programs, contact us, donate, volunteer, attend events, subscribe to communications, or otherwise engage with PCEF.

This Privacy Policy is intended to be broad enough to cover PCEF’s current and future nonprofit, educational, research, cybersecurity, API, tooling, and operational activities. By using our website, tools, APIs, or services, you acknowledge that you have read and understood this Privacy Policy.

2. Scope of This Policy

This Privacy Policy applies to information collected or processed through:

  • PCEF websites, web pages, landing pages, forms, and online resources.
  • Cybersecurity tools, scanners, dashboards, search tools, file-analysis systems, malware-analysis systems, ransom-note tools, APIs, and related services.
  • Educational programs, courses, training materials, workshops, events, webinars, mentorship programs, and nonprofit initiatives.
  • Email communications, contact forms, support requests, partnership inquiries, grant communications, donation interactions, volunteer applications, and similar communications.
  • Research, development, testing, data analysis, threat intelligence, and public-interest cybersecurity projects.
  • Any other service or activity that links to or references this Privacy Policy.

This Privacy Policy does not apply to third-party websites, services, tools, platforms, or resources that PCEF does not own or control, even if they are linked from our website.

3. Nonprofit Mission and Data Stewardship

PCEF operates for educational, charitable, research, public-interest, and cybersecurity-focused purposes. Information submitted to or generated by our services may be used to support cybersecurity education, threat analysis, malware research, ransomware identification, system improvement, public-benefit tooling, abuse prevention, and the continued development of accessible cybersecurity resources.

We strive to limit collection of personal information to what is reasonably necessary for our mission, operations, security, compliance, research, and service improvement. We do not sell personal information.

Because cybersecurity research often requires analyzing suspicious files, indicators, logs, artifacts, ransom notes, metadata, and historical samples, certain submitted materials may be retained for long periods or indefinitely where appropriate for legitimate cybersecurity, educational, nonprofit, or research purposes.

4. Information We May Collect

Depending on how you interact with PCEF, we may collect, receive, generate, or process the following categories of information:

  • Website usage information: page views, referral information, browser information, device type, approximate location, interaction events, file downloads, outbound link activity, and similar analytics data.
  • Contact information: name, email address, phone number, organization, role, mailing address, social media handle, or other information you voluntarily submit.
  • Communications: messages, inquiries, support requests, partnership requests, grant-related communications, volunteer communications, event registrations, feedback, and other correspondence.
  • Donation-related information: donor name, contact details, donation amount, donation date, campaign information, receipt information, and payment confirmation data. Payment card or bank information may be processed by third-party payment processors and may not be stored directly by PCEF.
  • Educational participation information: course registrations, attendance, certifications, submissions, survey responses, program participation, learning progress, or related educational records where applicable.
  • Volunteer, applicant, or contributor information: information submitted in connection with volunteering, internships, mentorship, collaborations, research contributions, employment inquiries, or similar opportunities.
  • Uploaded files: files submitted for malware scanning, cybersecurity analysis, research, classification, reverse-engineering support, detection, or educational purposes.
  • Uploaded ransom notes: ransom notes submitted for ransomware identification, matching, classification, correlation, or research.
  • Uploaded text, URLs, hashes, indicators, or artifacts: suspicious URLs, domains, IP addresses, file hashes, metadata, logs, screenshots, code snippets, indicators of compromise, notes, or other cybersecurity artifacts.
  • API usage information: API keys, request metadata, endpoint activity, timestamps, rate-limit data, authentication events, abuse-prevention signals, error logs, response codes, integration details, and technical logs.
  • Generated results: scan results, classifications, labels, model outputs, detections, scores, hashes, metadata, enrichment data, correlated findings, indicators, and analysis outputs generated by PCEF systems.
  • Security and abuse-prevention data: IP addresses, user-agent strings, authentication signals, access logs, error logs, suspicious activity indicators, request frequency, and other information necessary to protect our systems.
  • Publicly available information: information from public websites, threat intelligence sources, open-source repositories, public reports, public datasets, or other lawful public sources relevant to cybersecurity research or nonprofit operations.
  • Third-party-provided information: information provided by service providers, research partners, educational partners, grantors, donors, cybersecurity partners, or users who submit content to PCEF.

5. Information You Should Not Submit

Unless PCEF has specifically requested it in writing, you should not submit:

  • Social Security numbers, government identification numbers, passport numbers, driver’s license numbers, or similar identifiers.
  • Payment card numbers, bank account numbers, private keys, seed phrases, passwords, authentication tokens, API secrets, or credentials.
  • Protected health information, medical records, insurance information, or similar regulated health data.
  • Education records protected by law unless you are authorized to share them.
  • Attorney-client privileged information, trade secrets, confidential business information, or proprietary information you are not authorized to disclose.
  • Personal information of victims, employees, students, minors, customers, patients, donors, or third parties unless you are authorized to provide it.
  • Classified, export-controlled, legally restricted, or government-sensitive information unless expressly authorized by law and by PCEF in writing.

If you submit sensitive, regulated, confidential, or third-party information to PCEF, you represent that you have the authority to do so and that your submission complies with all applicable laws, contracts, policies, duties, and obligations.

6. File Uploads and Cybersecurity Research Use

When you upload files to PCEF’s scanning, analysis, or research tools, those files may be stored securely and retained for cybersecurity research, malware analysis, system validation, educational use, model improvement, abuse prevention, historical comparison, and future reference.

Uploaded files may be analyzed by automated systems, machine learning models, artificial intelligence systems, malware classifiers, antivirus engines, sandboxing systems, static-analysis tools, dynamic-analysis tools, signature systems, heuristic systems, metadata extractors, or other cybersecurity technologies.

Results generated from uploaded files may be stored in secure databases and used internally or with trusted partners to improve detection, classification, research, threat intelligence, educational content, and defensive cybersecurity capabilities.

Uploaded files may contain hidden metadata, embedded identifiers, file paths, usernames, comments, document properties, geolocation data, credentials, personal information, or other sensitive content. You are responsible for reviewing and sanitizing files before uploading them where appropriate.

PCEF is not responsible for information you choose to submit or for the presence of sensitive information inside submitted cybersecurity artifacts.

7. Malware, Suspicious Files, and Harmful Content

PCEF may receive malware, suspicious files, exploit samples, scripts, binaries, documents, archives, URLs, indicators, or other potentially harmful cybersecurity artifacts for legitimate analysis, education, or research.

PCEF may store, isolate, hash, classify, label, detonate, sandbox, reverse engineer, compare, cluster, or otherwise analyze such artifacts. PCEF may also generate derived data such as signatures, behavioral indicators, metadata, feature vectors, model embeddings, classifications, detection logic, or threat-intelligence outputs.

Submission of malware or harmful content is permitted only for legitimate cybersecurity, educational, defensive, research, or public-interest purposes. PCEF may restrict, block, report, or investigate submissions that appear malicious, unlawful, abusive, excessive, or inconsistent with our mission.

8. Ransom Note Uploads

PCEF may provide tools that allow users to upload ransom notes for ransomware identification, correlation, classification, matching, education, public-interest research, or threat intelligence. Ransom notes are often valuable for cybersecurity research and may be retained even if no immediate match or result is produced.

  • Ransom notes may be stored indefinitely for cybersecurity research, model training, threat intelligence, historical comparison, and educational purposes.
  • Uploaded ransom notes may be used to train, test, evaluate, or improve artificial intelligence systems, including systems designed to classify, correlate, detect, cluster, or identify ransomware variants.
  • Ransom notes may be stored in secured, access-controlled infrastructure, including cloud storage such as secured S3 buckets.
  • Ransom notes may be transformed into hashes, embeddings, text features, similarity scores, indicators, or other derived data.
  • Ransom notes may be compared against prior submissions, public samples, internal datasets, open-source intelligence, or trusted research datasets.
  • You are responsible for reviewing ransom notes before upload and removing personally identifiable information, confidential information, credentials, victim names, contact information, payment information, or other sensitive content where appropriate.

By submitting a ransom note, you represent that you have the legal authority to provide it to PCEF and that your submission does not violate applicable law, contractual obligations, confidentiality duties, privacy obligations, or the rights of any third party.

9. Hashes, Indicators, Metadata, and Derived Data

PCEF may generate, collect, store, and use derived data from submitted files, ransom notes, URLs, text, or other artifacts. Derived data may include hashes, fuzzy hashes, file names, file sizes, MIME types, timestamps, entropy values, import tables, strings, metadata, behavioral indicators, model outputs, feature vectors, embeddings, signatures, labels, classifications, similarity scores, and other analysis outputs.

Derived data may be retained separately from the original submitted material and may continue to be used even if the original submission is deleted, restricted, quarantined, or no longer actively processed, where permitted by law.

PCEF may use derived data for research, detection, model development, educational materials, system improvement, abuse prevention, threat intelligence, and nonprofit cybersecurity purposes.

10. Artificial Intelligence and Machine Learning

PCEF may use submitted files, ransom notes, text, metadata, indicators, generated results, derived data, and related cybersecurity artifacts to develop, train, fine-tune, test, evaluate, validate, monitor, and improve artificial intelligence systems, machine learning models, malware classifiers, ransomware classifiers, similarity systems, anomaly-detection systems, and other cybersecurity technologies.

AI and machine learning systems may generate classifications, predictions, labels, confidence scores, explanations, embeddings, summaries, detections, or other outputs. These outputs may be inaccurate, incomplete, or subject to revision. PCEF does not guarantee that AI-generated or automated analysis results are correct, complete, current, or suitable for any particular use.

PCEF may retain AI training datasets, evaluation datasets, derived features, labels, model outputs, and related research artifacts for extended periods or indefinitely where useful for cybersecurity research, reproducibility, benchmarking, education, nonprofit operations, or system improvement.

11. How We Use Information

PCEF may use collected, submitted, generated, or derived information for the following purposes:

  • To operate, maintain, secure, and improve our website, tools, APIs, databases, infrastructure, and services.
  • To perform malware scanning, file analysis, URL analysis, ransom-note matching, classification, clustering, correlation, and cybersecurity research.
  • To develop, test, validate, and improve machine learning models, artificial intelligence systems, malware classifiers, ransomware classifiers, similarity systems, and related cybersecurity technologies.
  • To generate aggregate statistics, nonprofit impact reports, research findings, educational materials, threat intelligence, public-interest datasets, or security advisories.
  • To detect, prevent, investigate, or respond to abuse, scraping, attacks, spam, credential misuse, denial-of-service activity, unauthorized access, malicious submissions, excessive usage, or misuse of our systems.
  • To manage accounts, API access, authentication, permissions, rate limits, usage thresholds, service availability, and operational integrity.
  • To respond to inquiries, support requests, privacy requests, partnership discussions, licensing requests, donor communications, volunteer applications, or other communications.
  • To administer educational programs, courses, events, training, workshops, mentorship programs, certifications, and nonprofit initiatives.
  • To process donations, issue receipts, maintain donor records, satisfy accounting obligations, and support nonprofit fundraising operations.
  • To comply with laws, regulations, subpoenas, court orders, lawful requests, tax obligations, accounting requirements, grant obligations, and nonprofit reporting obligations.
  • To enforce our rights, protect our nonprofit mission, safeguard our users, defend against claims, preserve evidence, and protect the public from cybersecurity threats.
  • For any other purpose disclosed at the time of collection or reasonably related to PCEF’s nonprofit, educational, cybersecurity, research, operational, or legal needs.

12. Legal and Operational Bases for Processing

Depending on the context and applicable law, PCEF may process information because:

  • You provided consent or voluntarily submitted information.
  • Processing is necessary to provide, secure, maintain, or improve our services.
  • Processing supports legitimate nonprofit, educational, cybersecurity, research, security, fraud-prevention, or operational interests.
  • Processing is necessary to comply with legal, tax, accounting, grant, regulatory, or reporting obligations.
  • Processing is necessary to protect the rights, safety, security, or integrity of PCEF, our users, our infrastructure, the public, or third parties.
  • Processing is necessary to establish, exercise, or defend legal claims.

13. Analytics, Cookies, and Tracking Technologies

PCEF may use analytics, cookies, tags, scripts, pixels, log files, and similar technologies to understand website usage, measure engagement, improve services, protect systems, evaluate outreach, and support nonprofit operations.

PCEF may use privacy-conscious analytics tools, including Plausible Analytics, to understand page views, file downloads, outbound links, tagged events, and general engagement with our services.

PCEF may also use Google tags or similar tools to measure site performance, conversion activity, campaign effectiveness, outreach performance, or service usage. These tools may process technical information such as device data, browser data, referral information, approximate location, interaction events, or advertising-related identifiers, depending on user settings, browser behavior, and applicable platform controls.

You can manage cookies, tracking preferences, and similar technologies through your browser settings, device settings, consent tools, or applicable platform controls. Disabling certain technologies may affect site functionality or measurement.

14. Logs, Security Monitoring, and Abuse Prevention

PCEF may collect and retain logs and technical information necessary to secure our website, tools, APIs, infrastructure, and users. Logs may include IP addresses, request timestamps, endpoints accessed, user-agent strings, referrers, API keys, authentication events, error messages, rate-limit events, security alerts, and similar operational data.

We may use this information to detect abuse, enforce rate limits, block malicious traffic, investigate incidents, preserve evidence, troubleshoot errors, prevent fraud, protect availability, and maintain the integrity of PCEF services.

Where necessary, PCEF may share security-relevant information with hosting providers, security vendors, incident-response partners, law enforcement, affected organizations, or trusted cybersecurity partners.

15. Information Sharing

PCEF does not sell personal information. We may disclose or share information in limited circumstances, including:

  • Service providers: with vendors, contractors, hosting providers, cloud providers, analytics providers, payment processors, email platforms, cybersecurity vendors, and infrastructure providers who help us operate, secure, analyze, or improve our services.
  • Research and security partners: with trusted cybersecurity researchers, nonprofits, educational institutions, public-interest organizations, threat-intelligence partners, or defensive security partners, where appropriate and consistent with our mission.
  • Educational and nonprofit partners: with schools, educators, mentors, grantors, sponsors, partner nonprofits, or program collaborators where necessary to administer educational or nonprofit programs.
  • Donation and payment processors: with third-party processors that handle donations, receipts, fraud prevention, accounting, or payment processing.
  • Aggregated or de-identified outputs: in public reports, educational materials, statistics, presentations, datasets, model evaluations, advisories, research findings, or threat-intelligence outputs that do not intentionally identify individuals.
  • Legal compliance: when required by law, subpoena, court order, regulatory obligation, tax obligation, audit requirement, grant obligation, or lawful government request.
  • Protection of rights and safety: when we believe disclosure is reasonably necessary to protect PCEF, our users, our infrastructure, affected victims, the public, or others from harm, fraud, abuse, exploitation, attacks, security threats, or illegal activity.
  • Organizational transactions: in connection with a merger, restructuring, fiscal sponsorship, grant transition, asset transfer, dissolution, reorganization, or similar nonprofit organizational event, subject to appropriate safeguards where applicable.
  • With your direction or consent: when you ask us to share information, authorize disclosure, participate in a program requiring disclosure, or otherwise consent.

16. Public Reports, Research, and Threat Intelligence

PCEF may publish or share research findings, statistical summaries, educational content, security advisories, threat-intelligence reports, model evaluations, malware trends, ransomware trends, indicators, hashes, signatures, or other cybersecurity outputs.

Where feasible, PCEF will seek to avoid intentionally publishing personal information that directly identifies individual users or victims. However, cybersecurity artifacts may contain indicators, file names, paths, domains, wallet addresses, email addresses, usernames, or other data that could be sensitive or identifying in context.

PCEF may publish or share indicators, hashes, signatures, derived data, or technical findings where we believe doing so supports cybersecurity defense, education, public safety, research, or threat mitigation.

17. Donations, Grants, and Nonprofit Administration

If you donate to PCEF, sponsor a program, provide grant funding, or otherwise support our nonprofit work, we may collect and retain information necessary to process contributions, issue receipts, maintain accounting records, comply with tax requirements, prevent fraud, recognize supporters where authorized, and administer nonprofit operations.

Payment information may be processed by third-party payment processors. PCEF may receive limited payment confirmation information but does not necessarily store full payment card or bank account details.

We may use donor or supporter contact information to send receipts, acknowledgments, updates, impact reports, campaign communications, or legally required notices. You may request to opt out of non-essential communications.

18. Educational Programs, Events, and Volunteers

PCEF may collect information from students, educators, mentors, volunteers, applicants, speakers, event participants, and program participants. This may include registration details, contact information, attendance, submissions, feedback, credentials, interests, background information, and program-related communications.

We may use this information to administer programs, evaluate applications, communicate with participants, provide educational resources, issue certificates, coordinate volunteers, improve programming, maintain records, comply with grant obligations, and report aggregate nonprofit impact.

PCEF may use photos, recordings, testimonials, or participant names only where authorized, where legally permitted, or where participants voluntarily provide materials for publication or promotional use.

19. API Usage and Nonprofit Sustainability

PCEF may provide public APIs, including the Aura API, as free educational and cybersecurity research tools. These services are intended to support individuals, students, educators, researchers, nonprofits, and public-interest cybersecurity work.

Commercial entities, high-volume users, automated integrations, SaaS platforms, enterprise security environments, security orchestration systems, dashboarding systems, managed service providers, or organizations using PCEF APIs in revenue-generating workflows may be required to enter into a separate written license, data-use, research, partnership, or commercial-use agreement with PCEF.

These requirements help protect PCEF’s nonprofit resources, prevent uncompensated commercial extraction, preserve service availability for the public, and support the continued development of free cybersecurity tools.

PCEF may apply rate limits, authentication requirements, API keys, usage reviews, logging, access restrictions, throttling, blocking, account suspension, or commercial licensing requirements where necessary to protect system integrity, availability, research value, user trust, or nonprofit sustainability.

PCEF may monitor API usage to identify abuse, scraping, automated extraction, commercial misuse, excessive load, security threats, or violations of applicable agreements.

20. Commercial Use, Scraping, and Automated Access

PCEF’s public-interest resources are not intended to be exploited in a manner that harms availability, extracts value without permission, circumvents access controls, misrepresents affiliation, or interferes with our nonprofit mission.

PCEF may restrict, throttle, block, or terminate access by users, bots, crawlers, scrapers, automated systems, commercial entities, or high-volume integrations where we believe such activity is abusive, excessive, unauthorized, security-sensitive, commercial without authorization, or inconsistent with PCEF’s mission.

This section does not limit PCEF’s ability to enter into separate written agreements with approved commercial, academic, nonprofit, government, or research partners.

21. Data Retention

PCEF retains information for as long as reasonably necessary to support our nonprofit mission, operate our services, conduct cybersecurity research, improve our systems, comply with legal obligations, resolve disputes, prevent abuse, preserve evidence, maintain audit records, and protect our rights.

Uploaded files, ransom notes, URLs, hashes, indicators, metadata, scan results, classifications, labels, derived data, model outputs, logs, and research artifacts may be retained for extended periods or indefinitely where useful for cybersecurity research, model training, benchmarking, reproducibility, threat analysis, abuse prevention, historical comparison, education, nonprofit reporting, legal compliance, or protection of PCEF and the public.

Donation, accounting, tax, grant, audit, and nonprofit governance records may be retained for the period required by applicable law, accounting practices, grant terms, or organizational recordkeeping policies.

Communications, support requests, program records, and operational records may be retained as needed for business continuity, accountability, legal compliance, security, and nonprofit administration.

22. Deletion, Correction, and Retention Limits

Depending on your location and applicable law, you may request access to, correction of, deletion of, restriction of, or portability of certain personal information.

PCEF will review such requests in accordance with applicable law. However, deletion or restriction requests may be limited or denied where information is needed for cybersecurity research, legal compliance, security, abuse prevention, evidence preservation, tax or accounting requirements, grant obligations, nonprofit administration, research integrity, public-interest threat analysis, defense of legal claims, or protection of PCEF and others.

In some cases, PCEF may delete or restrict original submitted content while retaining derived data, hashes, indicators, metadata, model features, aggregate statistics, logs, or research outputs where permitted by law and reasonably necessary for cybersecurity or nonprofit purposes.

PCEF may need to verify your identity or authority before responding to privacy requests.

23. Security Measures

PCEF uses commercially reasonable technical, administrative, and organizational safeguards designed to protect information against unauthorized access, misuse, loss, alteration, disclosure, or destruction.

These safeguards may include access controls, authentication, encryption where appropriate, secured cloud storage, internal permission restrictions, logging, monitoring, backup controls, vulnerability management, least-privilege practices, and other protective measures.

However, no website, API, cloud system, database, storage system, email system, or cybersecurity tool can be guaranteed to be completely secure. PCEF cannot warrant that information submitted to or processed by our services will be free from unauthorized access, misuse, corruption, loss, or disclosure.

24. Security Incidents

If PCEF becomes aware of a security incident affecting information we maintain, we may investigate, contain, remediate, document, and notify affected parties or authorities where required by law or where PCEF determines notification is appropriate.

PCEF may delay or limit notification where necessary to investigate the incident, prevent further harm, preserve evidence, comply with law enforcement requests, protect security operations, or comply with applicable law.

25. User Responsibilities

You are responsible for the information, files, ransom notes, indicators, URLs, text, communications, and other content you submit to PCEF. You agree not to submit content that:

  • You do not have the legal right or authorization to provide.
  • Contains personal, sensitive, regulated, confidential, privileged, proprietary, classified, export-controlled, or third-party information that you are not authorized to share.
  • Violates any applicable law, contract, court order, privacy obligation, confidentiality duty, intellectual property right, or third-party right.
  • Is submitted for the purpose of attacking, disrupting, overloading, scraping, reverse engineering, probing, exploiting, or abusing PCEF’s systems.
  • Contains malware or harmful content except where submitted in good faith for legitimate cybersecurity analysis, research, educational, defensive, or public-interest purposes.
  • Misrepresents your identity, affiliation, authorization, purpose, or legal right to submit the content.

PCEF reserves the right to restrict, suspend, block, throttle, investigate, report, or terminate access to its services where we believe use is abusive, unlawful, harmful, excessive, unauthorized, commercial without authorization, or inconsistent with our nonprofit mission.

26. No Guarantee of Anonymity or Confidentiality

Although PCEF uses reasonable safeguards and may limit intentional collection of personal information in certain tools, users should not assume that uploaded files, ransom notes, logs, metadata, indicators, communications, or submitted content are anonymous, confidential, privileged, or free of sensitive information.

Cybersecurity artifacts may contain embedded metadata, identifiers, usernames, system paths, victim information, wallet addresses, credentials, email addresses, contact information, internal hostnames, network details, organization names, or other sensitive content.

You are responsible for reviewing, redacting, and sanitizing submissions before upload where appropriate.

27. Accuracy of Results and No Security Warranty

PCEF’s tools, scan results, ransomware identifications, AI outputs, classifications, threat intelligence, educational materials, and API responses are provided for informational, educational, research, and defensive cybersecurity purposes.

Results may be incomplete, outdated, inaccurate, misleading, false-positive, false-negative, or subject to change. PCEF does not guarantee that any scan, classifier, tool, report, model, or output will identify all threats, correctly classify all artifacts, prevent harm, or satisfy any legal, regulatory, compliance, insurance, or security requirement.

You are responsible for independently validating results before relying on them for security, legal, operational, commercial, or incident-response decisions.

28. Children’s Privacy

PCEF’s general website and educational resources may be accessed by students and educators. However, our file scanning, malware analysis, ransom note analysis, API services, and advanced cybersecurity tools are not intended for unsupervised use by children under 13.

We do not knowingly solicit personal information from children under 13 without appropriate consent or authorization. If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take reasonable steps to delete or limit the information where required by law.

Parents, guardians, schools, and educators are responsible for supervising minors’ use of PCEF resources where appropriate.

29. International Users

PCEF is operated from the United States. If you access our website, tools, APIs, or services from outside the United States, you understand that your information may be processed, stored, transferred, or accessed in the United States or other jurisdictions where PCEF, its service providers, or partners operate.

Privacy, cybersecurity, data protection, nonprofit, and government-access laws in these jurisdictions may differ from those in your location.

By using PCEF services, you understand that information may be transferred to and processed in jurisdictions outside your country of residence where permitted by applicable law.

30. Privacy Rights for Certain Jurisdictions

Depending on your jurisdiction, including certain U.S. states or international regions, you may have rights related to personal information, such as the right to request access, correction, deletion, restriction, objection, portability, or information about disclosures.

PCEF will respond to legally valid requests as required by applicable law. Some rights may not apply to nonprofit organizations, research data, security data, de-identified data, aggregated data, publicly available data, or information retained for legal, security, research, tax, accounting, or public-interest purposes.

To exercise available rights, contact PCEF through the contact information on our website. We may request verification before processing your request.

31. Do Not Track and Global Privacy Controls

Some browsers or devices offer “Do Not Track,” Global Privacy Control, or similar preference signals. PCEF may respond to such signals where required by applicable law or technically feasible.

Because there is not always a uniform technical standard for such signals, PCEF may not respond to every browser-based signal unless required by law.

32. Third-Party Links, Tools, and Services

Our website may link to third-party websites, tools, platforms, repositories, educational resources, cybersecurity services, payment processors, social media pages, or partner organizations. PCEF does not control and is not responsible for the privacy practices, security, availability, content, policies, or conduct of third-party websites or services.

Your use of third-party services is subject to their own terms, privacy policies, and security practices. You should review those policies before using third-party services or submitting information to them.

33. Social Media and Public Communications

If you interact with PCEF on social media, public forums, comment sections, community spaces, or public repositories, your information may be visible to others and governed by the policies of the platform you use.

PCEF may view, respond to, preserve, moderate, or use public communications for community engagement, education, security, support, nonprofit reporting, or abuse prevention.

34. Legal Requests, Law Enforcement, and Safety

PCEF may preserve, disclose, or provide information when we believe doing so is required or permitted by law, subpoena, warrant, court order, regulatory request, tax inquiry, audit, grant obligation, or lawful government request.

PCEF may also disclose information where we believe disclosure is reasonably necessary to prevent harm, respond to cybersecurity threats, protect victims, prevent fraud, investigate abuse, defend legal claims, enforce our rights, or protect PCEF, our users, our infrastructure, or the public.

PCEF may preserve information in response to legal requests, anticipated disputes, security investigations, abuse reports, or law enforcement inquiries.

35. Organizational Changes

If PCEF undergoes a merger, restructuring, fiscal sponsorship transition, grant transition, asset transfer, partnership transition, dissolution, or other organizational change, information may be transferred, disclosed, preserved, or assigned as part of that process where permitted by law.

PCEF will seek to ensure that any successor or recipient handles information consistently with this Privacy Policy or with appropriate protections.

36. Changes to This Privacy Policy

PCEF may update this Privacy Policy from time to time to reflect changes in our services, tools, APIs, legal obligations, research activities, nonprofit operations, data practices, security practices, or organizational needs.

The updated version will be posted on this page with an updated effective date where appropriate. Your continued use of PCEF’s website, tools, APIs, programs, or services after a policy update means you acknowledge the revised Privacy Policy.

37. Contact Us

If you have questions about this Privacy Policy, PCEF’s data practices, API licensing, security research, privacy requests, or nonprofit operations, please contact us through the contact section on our home page.

Please do not send sensitive personal information, credentials, private keys, payment card information, protected health information, or confidential third-party information through general contact forms unless specifically requested by PCEF through a secure channel.