Your cart is empty
Browse Donations
Effective Date: May 28, 2026 · Last Updated: May 28, 2026
Quenara Foundation is the humanitarian aid brand operated by No Name Foundation, a 501(c)(3) tax exempt nonprofit organization based in Dover, Delaware, USA (EIN: 35-2882867). This Privacy Policy explains how we collect, use, share, and protect personal data of donors, beneficiaries, volunteers, and website visitors. We are committed to transparency and to complying with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), the Children’s Online Privacy Protection Act (COPPA), and IRS Publication 1771 substantiation requirements for charitable contributions.
Legal entity: No Name Foundation, a Delaware nonprofit corporation recognized as tax exempt under Section 501(c)(3) of the Internal Revenue Code (EIN: 35-2882867).
Operating brand: Quenara Foundation, the public humanitarian aid brand under which we conduct field operations, fundraising, transparency reporting, and donor engagement.
Registered address: Dover, Delaware, USA.
Data controller: No Name Foundation is the data controller for all personal data processed through quenarafoundation.com and related donor systems.
Contact for privacy matters: privacy@quenarafoundation.com
This Policy applies to personal data processed when you:
This Policy does not cover third party services we link to but do not operate (for example, the Stripe payment portal, a local partner organization’s website, or a social media platform’s own policy). When you leave our website, please read the privacy policy of the destination site.
| Category | Examples | When We Collect |
|---|---|---|
| Identity data | First name, last name, salutation | Account creation, donation checkout |
| Contact data | Email address, postal address (optional), phone number (optional) | Account creation, donation, newsletter signup |
| Donation data | Donation amount, currency, frequency, fund/project designation, dedication message | Each donation transaction |
| Payment data | Payment method type (card brand, last four digits), billing country, billing postal code. full card numbers are never stored on our servers | Checkout (collected by Stripe, our PCI DSS Level 1 payment processor) |
| Account preferences | Communication preferences, language preference, currency preference, region preference | Account settings, donation page interaction |
| Profile data | Optional profile photo, biographical statement (volunteers only) | Volunteer signup |
| Communication data | Help desk ticket content, email correspondence, survey responses | When you contact us |
| Children’s data | We do not knowingly collect personal data from children under 13. See Section 11.5 | N/A |
| Category | Examples | Source |
|---|---|---|
| Device data | Browser type and version, operating system, screen resolution | Your browser HTTP headers |
| Network data | IP address (truncated where possible), approximate location (country, region), internet service provider | Network connection |
| Usage data | Pages visited, time on page, navigation path, referrer URL, search terms entered on the site | Our server logs, Google Analytics 4 |
| Cookie data | See our Cookie Policy for the full list | Cookies set on your browser |
| Transaction metadata | Donation timestamp, exchange rate at time of charge, Stripe charge ID, refund status | Our donor dashboard backend |
| Purpose | Data Used | Legal Basis (GDPR Article 6) |
|---|---|---|
| Process your donation and deliver aid | Identity, contact, donation, payment | Contract performance (Art 6(1)(b)) |
| Issue IRS compliant tax deductible donation receipt under IRC §170(f)(8) and IRS Publication 1771 | Identity, contact, donation amount, date | Legal obligation (Art 6(1)(c)) |
| Maintain donor account and provide donor portal dashboard (donation history, tax receipts, recurring management) | Identity, contact, donation history, account preferences | Contract performance (Art 6(1)(b)) |
| Send transactional emails (donation confirmation, receipt, impact updates on the specific project you funded) | Identity, contact, donation data | Contract performance (Art 6(1)(b)) |
| Send marketing emails (newsletter, campaign appeals, year end summary) | Identity, contact, donation preferences | Consent (Art 6(1)(a)) · You can withdraw consent any time |
| Comply with tax, anti money laundering, and sanctions screening laws | Identity, donation, payment country | Legal obligation (Art 6(1)(c)) |
| Prevent fraud, abuse, and securing our infrastructure | Network data, device data, transaction metadata | Legitimate interest (Art 6(1)(f)) |
| Improve our website, donation experience, and impact reporting | Usage data, aggregated donation patterns | Legitimate interest (Art 6(1)(f)) |
| Respond to your help desk inquiries | Communication data, account data | Contract performance (Art 6(1)(b)) or Legitimate interest (Art 6(1)(f)) |
| Defend our rights in legal proceedings | Any relevant data on a individual basis | Legitimate interest or Legal obligation |
We do not sell, rent, or trade your personal data. We share data only with trusted service providers (data processors) and only as necessary to operate the foundation.
| Processor | Service | Data Shared | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing (PCI DSS Level 1) | Payment data, billing data, transaction metadata | United States (with EU subprocessors for EU transactions) |
| Hostinger International Ltd. | Website and database hosting | All stored on the site data (encrypted at rest) | Frankfurt, Germany (EU data center) |
| Google LLC (Analytics 4, Tag Manager, Workspace email) | Anonymized analytics, internal email | Aggregated usage data, IP anonymized | United States with EU subprocessing |
| Email service provider (Brevo / Mailchimp) | Transactional and marketing email delivery | Email address, name, donation context | EU and United States |
| n8n (hosted internally) | Donation workflow automation, receipt generation | Donation data, identity, contact | EU data center |
| WhatsApp Business (Meta) | Optional WhatsApp donor communications | Phone number, message content (only if you initiate) | United States with EU subprocessing |
| Cloudflare | DNS, security, DDoS protection | IP address, request metadata | Global edge network |
Each processor is bound by a Data Processing Agreement that requires confidentiality, security, and GDPR compliant safeguards including Standard Contractual Clauses for international transfers.
We may disclose your data to government authorities, courts, or law enforcement if compelled by a valid legal order or to defend against a legal claim. We will challenge overly broad requests and notify you where legally permitted.
In the unlikely event of a merger, acquisition, or asset transfer involving No Name Foundation, your personal data may be transferred to the successor entity. We will provide notice and you will retain all rights under this Policy.
We may share data with other parties if you direct us to do so or give explicit consent. For example, you may choose to make a donation public on our transparency ledger; in that case only your first name, last initial, city, and donation context are displayed.
No Name Foundation is based in the United States, but we serve donors and beneficiaries in many countries and rely on processors located in both the EU and the US. Where personal data of EU/UK residents is transferred outside the EEA/UK, we rely on:
You may request a copy of the relevant transfer mechanism by emailing privacy@quenarafoundation.com.
| Data Category | Retention Period | Reason |
|---|---|---|
| Donation records and tax receipts | 7 years after the calendar year of donation | IRS requirement for tax exempt organizations (IRC, Form 990) |
| Donor account data | Active account: until you delete it. Inactive account: up to 3 years after last login, then deletion or anonymization. | Service continuity, donor convenience |
| Marketing email subscriber list | Until you unsubscribe | Consent based |
| Help desk tickets | 2 years after ticket closed | Quality assurance, dispute resolution |
| Server access logs | 90 days, then deleted or aggregated | Security and fraud prevention |
| Stripe payment records | Per Stripe’s own retention policy (typically 7 years for tax) | Stripe’s compliance obligations |
| Newsletter open and click tracking | 2 years after collection, then aggregated | Campaign effectiveness analysis |
| Cookie data | See Cookie Policy , varies by cookie | Per cookie purpose |
Under Articles 15 to 22 of the GDPR, you have the following rights:
To exercise these rights, email privacy@quenarafoundation.com with the subject line GDPR Request. We will respond within 30 days. We do not charge a fee for reasonable requests.
If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:
To submit a CCPA request, email privacy@quenarafoundation.com with the subject line CCPA Request. Identity verification will be required to protect your privacy.
We do not knowingly collect personal data from children under the age of 13. Our donation platform requires donors to be at least 18 years old or to have parental consent. If we become aware that we have inadvertently collected data from a child under 13, we will promptly delete it. If you are a parent or legal guardian and believe your child has provided us with personal data, please contact privacy@quenarafoundation.com immediately.
Donors in Canada (PIPEDA), Brazil (LGPD), Singapore (PDPA), Australia (Privacy Act), and other jurisdictions may have additional rights under their national privacy laws. We honor reasonable requests under any applicable law. Contact us at privacy@quenarafoundation.com.
We use cookies and similar technologies to operate the website, remember your preferences, secure your session, and understand usage. For the full list of cookies, their purpose, duration, and how to opt out, please see our Cookie Policy.
You can manage cookie preferences through our consent banner or your browser settings. We honor the Global Privacy Control (GPC) signal from your browser as an opt out of sale/sharing under CCPA.
We send marketing emails only with your explicit consent. Every marketing email includes an unsubscribe link in the footer. You can also manage your communication preferences from your donor dashboard. Transactional emails (donation confirmation, tax receipt, account security) are not marketing and continue regardless of your marketing preference.
We take reasonable and appropriate measures to protect personal data:
No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we work hard to protect your data and to be transparent if a breach occurs.
Our website may contain links to third party websites, services, or social media platforms that we do not control. We are not responsible for their privacy practices. Please read their privacy policies before sharing any personal data with them. Notable third parties:
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes we will:
We encourage you to review this page periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all reasonable inquiries within 30 days. For GDPR data subject requests we respond within one month, extendable by two months for complex requests under Article 12(3).
We use cookies to support your donation experience. Necessary cookies keep the site running (session, language, donation cart). Optional cookies (analytics, marketing) only run with your consent. Learn more in our Cookie Policy.