Privacy policy

Related

This page covers data collection, retention, and user rights. For the broader ethical framework — non-waivable commitments, abuse vectors we've thought about, and accountability — see /ethics. For how to report a security vulnerability under our coordinated-disclosure policy, see /security.

In one paragraph

Guardians of the AV collects the minimum information needed to connect a person in crisis with verified help. We never sell your information. We never share it with law enforcement, immigration enforcement, or any third party without your consent or a lawful court order. Domestic-violence survivors' records are handled by partner victim-service providers, not by us. You can request export or deletion of your data at any time.

Who runs this site

Guardians of the AV is a grassroots project of Aaron & Anadora Turner. We are seeking fiscal sponsorship from Social Good Fund (a California 501(c)(3) public charity, EIN 46-1323531) and forming our own nonprofit, Guardians of the AV, Inc. Aaron Turner is the founder and lead operator; Anadora Turner, MSW (USC), LCSW co-leads field validation.

Contact: hello@guardiansofsolano.com

What we collect

• Identity: name, email, optional phone number, date of birth (only when required for a coordination packet).
• Account state: tier level (0-4), partner verifications, attestations, your earn history, your credit balance.
• Donations: donor name, email, donation amount, Stripe payment-intent ID, optional marketing-consent flag.
• Coordination-packet drafts: form answers you enter at /docs, the signature image, the generated PDF.
• Device + browser: IP address, browser type, session cookies needed to keep you signed in.
• SMS metadata (if you opt into SMS): your phone number, message timestamps, opt-out keyword status.
• Optional demographic info (you choose to share): city, year of birth (year only, not full date of birth), whether you have minor children living with you, and which of the six populations Guardian serves you identify with. All four fields are opt-in from /app/me/settings and can be cleared from the same page at any time. See the "Optional demographic info" section below for what we use them for. has_minor_children is classified as Sensitive Personal Information under CCPA §1798.140(ae)(1)(L) (familial status); your populations selection is also Sensitive Personal Information when it discloses behavioral-health or justice-system status.

Optional demographic info

If you choose to share your city, year of birth, family-status, or the populations you identify with, we use it only to:

• Match you to events you may want to attend
• Aggregate anonymized population-level statistics on /transparency (k-anonymity floor of 5; never an individual record)

We never sell or share this data. We never use it to decide whether you qualify for help. You can clear any of it any time from your Settings page.

California residents: family-status (has_minor_children) and health- / justice-related population tags are "Sensitive Personal Information" under CCPA §1798.140(ae). You may limit our use of this data at any time by clearing the relevant fields on /app/me/settings or by emailing hello@guardiansofsolano.com.

SMS communications (opt-in only)

By providing your mobile number to Guardians of the AV (in account creation, partner verification, event signup, or elsewhere), you agree to receive transactional SMS messages from us. Message types include:

• One-time sign-in codes (account access)
• Credit issuance notifications
• Event eligibility alerts (only events you qualify for)
• Account-status updates

Message frequency: variable; typically fewer than 4 messages per month per recipient.

Message and data rates may apply. Check with your carrier.

To stop receiving messages: reply STOP to any Guardians of the AV SMS. Your number is removed within 24 hours and you will receive no further transactional SMS from us (you may still receive emails if you have an account).

For help: reply HELP to any Guardians of the AV SMS, or email hello@guardiansofsolano.com.

Carriers are not liable for delayed or undelivered messages.

HIPAA-protected health information

In Phase 0 (current), Guardians of the AV does not receive Protected Health Information (PHI) directly. When and if we do — as a coordination layer receiving discharge data from county Behavioral Health, a jail medical contractor, or a hospital discharge planner — we would operate as a Business Associate under 45 CFR 164.500(c) and the HITECH Act. PHI handling would be governed by an executed Business Associate Agreement (BAA) with each covered entity before any data exchange. No PHI would be collected, transmitted, or stored without an executed BAA. Planned audit-log retention: 6 years per 45 CFR 164.316(b)(2), 10 years where Medi-Cal/CalAIM contracts require longer.

Domestic-violence survivor records

Guardians of the AV does not retain DV-survivor records. We are not a data controller for VAWA-protected information. DV-survivor records live in a Comparable Database operated by a local victim-service provider under 24 CFR §578.103(b), governed by VAWA 34 U.S.C. §12291(b)(2) (formerly §40002(b)(2)), FVPSA 42 U.S.C. §10406(c)(5), and VOCA confidentiality requirements.

If you are a survivor seeking help, call the National DV Hotline at 1-800-799-7233.

42 CFR Part 2 (substance use treatment records)

In Phase 0 (current), Guardians of the AV does not receive SUD treatment records. If and when we receive such records from DMC-ODS providers (Partnership HealthPlan, CalAIM Justice-Involved Reentry), they would be handled under 42 CFR Part 2 as amended February 16, 2024. That would require a written treatment-payment-operations consent meeting §2.31 form requirements, segregation of SUD counseling notes behind separate consent, logging of every redisclosure, and propagation of the Part 2 prohibition-on-redisclosure notice to downstream recipients.

What we do with your data

• Coordinate services with verified Guardians of the AV partner businesses
• Issue and redeem credits within our partner network
• Send transactional emails and (with opt-in) SMS
• Produce coordinated outcome reporting for county/state funders (de-identified or aggregate only — never individual records)
• Improve the service based on usage patterns (also de-identified)

What we do NOT do with your data

• We do not sell your information to anyone for any purpose.
• We do not share your individual record with law enforcement, immigration enforcement, employers, landlords, or insurance companies. (We comply with lawful court orders if served.)
• We do not use your information for advertising or profiling.
• We do not allow donors who fund credits for a specific person to see that person's identity.

California Privacy Rights (CPRA)

We do not sell or share your personal information for cross-context behavioral advertising as defined under the California Privacy Rights Act (Cal. Civ. Code §1798.100 et seq.). California residents may exercise their rights under CPRA by contacting us at hello@guardiansofsolano.com.

Sensitive personal information: When we collect sensitive personal information (as defined under Cal. Civ. Code §1798.140(ae)) — including health-related coordination data or demographic information you provide — we use it only to provide the services you have requested. We do not use sensitive personal information for inferring characteristics about you or for other secondary purposes. California residents have the right to limit our use of their sensitive personal information; contact hello@guardiansofsolano.com to exercise this right.

Your rights

• Right of access: request a copy of all data we hold about you.
• Right of deletion: request that we delete your records, subject to HIPAA/CalAIM retention requirements where applicable.
• Right of correction: request that we correct inaccurate information.
• Right to opt out of SMS: reply STOP at any time.
• Right to pause your account: contact us to suspend your account without deleting it.

To exercise any right, email hello@guardiansofsolano.com. We respond within 30 days.

For your CPRA rights

If you have an account with us, the three rights below are self-serve from your account pages. You do not need to email us first.

• Right to know your data: /app/me/export-data — download a JSON file containing every row we hold linked to your account. See the page for what is and is not included.
• Right to delete your account: /app/me/delete-account — type your phone or email to confirm; 30-day grace window before hard deletion. Some financial-record and audit-log rows are retained for legally required windows, with personally identifying fields redacted.
• Block-list (self-determination): /app/me/block-list — block a partner organization (or rarely, a specific user) from referral routing, navigator assignment, and partner-side resource searches. Blocks are private; the blocked party is never notified.

How we secure your data

• TLS 1.3 in transit. AES-256 at rest (Supabase-managed).
• Postgres Row-Level Security at the database boundary.
• Append-only, hash-chained audit log for PHI access — planned for implementation before any BAA is executed.
• Break-glass oversight access with reason code and record-owner notification — planned alongside PHI integration.
• Incident response within 60 days per HIPAA Breach Notification Rule — applicable once PHI is in scope.

The "Exit" button — what it does and what it can't do

Every page has an "Exit" button in the top corner. Pressing it (or hitting the Escape key when you're not typing) blanks the page, overwrites the current history entry with a neutral URL, and sends the browser to a Google weather search. The goal is that the visible back-button no longer points here and the tab-switcher snapshot doesn't show this site.

This works best on a desktop browser. On a phone there are limits we can't close from inside the site:

• The phone's operating system may have already cached a picture of this site for the tab-switcher view before you pressed Exit. That picture clears the next time the tab refreshes, but it can linger for a few seconds.
• Typing a few letters into the address bar may suggest previously-visited pages from the device's URL history, which is stored outside the browser's back-button list.
• Routers, DNS caches, parental-control software, and device-management tools may record visits at a layer this site can't reach.

If you need to leave no trace at all, the most reliable steps are: press Exit, then close the tab, then open the browser's settings and clear browsing data for the last hour. On Safari iOS, that's Settings > Safari > Clear History and Website Data. On Chrome Android, that's the three-dot menu > History > Clear browsing data > Last hour.

We name this honestly so you can decide what level of caution you need. If you're using a device someone else can see, the resource map at /map works without an account, without a sign-in, and without leaving an account-linked trail.

Cookies and tracking

We use only the minimum cookies needed to keep you signed in and to remember your language preference (English or Spanish). We do not use third-party advertising trackers, Google Analytics, or cross-site behavioral tracking.

Hosting and infrastructure

Guardians of the AV is hosted on Vercel, a content-delivery network that routes web traffic to our application. To do that routing, Vercel records standard edge request logs: the URL you visited, the HTTP status code, the response time, your IP address (which is required to route a packet back to you), and your user-agent string. Vercel retains these logs for a limited period (typically 30 days on our plan tier) and uses them for platform operations, not for advertising. Vercel does not see the contents of forms you submit to us — those go directly to our database — and Vercel does not assign you a tracking identifier across visits.

We have deliberately not installed Vercel Web Analytics, Vercel Speed Insights, Google Analytics, or any third-party behavioral-analytics product. We do not measure scroll depth, click maps, page-flow funnels, or session recordings. This is a deliberate choice tied to the commitments on /ethics; adding any of those tools would require an ethics-board sign-off and a public update to this page first.

If we ever add lightweight, privacy-respecting page-view analytics (a Phase 1.5 consideration), we will self-host it on infrastructure we control, it will not use cookies or assign cross-visit identifiers, and we will disclose it here before turning it on.

Children

Guardians of the AV does not knowingly collect personal information from children under 13. Minors may appear in coordination packets only when an authorized adult (parent, guardian, or social worker) is also the account holder.

Changes to this policy

We may update this policy as the service evolves. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be announced via email to account holders and posted on the homepage.

The full transparency catalog

This privacy policy is one entry in a larger index of public accountability surfaces — live counters, the Anadora-led field-interview ledger, primary sources, ethics commitments, security disclosure policy, and the founding documents. See /transparency for the full catalog.

For journalists and analysts

Reporters working a story on Guardians of the AV can read the primary-sources index (every numerical claim on the public site paired with its source), the founder's essay on how we started. Direct press inquiries to press@guardiansofsolano.com.

Policy updates