Privacy Disclosure

Execute Big is a nonprofit organization that strongly believes your right to privacy, especially given we work with students on a regular basis. We only ask for your information when we actually need it, and we are very careful when handling data.

We hope this privacy disclosure can give you some clarity with how we handle your personal information.

Third-Parties

Data Processors

The only third parties that we share data with are trusted, and we only share what’s required:

  • Stripe, for third-party payment processing. We use industry-standard methods when handling your transaction information, and we do not store or collect your payment details.
  • Airtable, for storing our operations data (ex. when you apply to our programs, or become a supporter).
  • Zapier, for automation our data-processing workflow (ex. sending you a confirmation email after you apply to our program).
  • Substack, to send emails and newsletters to people who have consented to be on our mailing list. We only share your name and email address with them, and we only share that information when you have consented for that information to be shared (ex. when you sign up for our newsletter, or become a supporter).
  • hCaptcha, to protect our payment gateway against bots and fraud users. See the hCaptcha section for more information about the service.

Program-Specific Providers

When participating in our events and programs, you may also be asked to use the following platforms and services to register yourself or communicate with us:

Additionally, if we are shipping you physical material, your information (name, address, and shipment details) will be shared with USPS.

Hosting

We host our software systems in the cloud via the following infrastructure providers:

Tracking & Data Collection

Tracking

To get information about the behavior of our visitors, we use Umami. Our instance of Umami is deployed and shown as umami.executebig.org, and all information collected by Umami is stored on our own servers.

This analytics software gives us insight about our visitors only in general. Umami does not collect any personally identifiable information and anonymizes all data collected. Users cannot be identified and are never tracked across websites. Umami does not use any cookies in the tracking code, either.

In order to better understand how our visitors have been using our website, we use Hotjar to collect information like how much time they spend on which pages, which links they choose to click, etc., and this enables us to continue improving our website’s accessibility.

Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

We use Segment to send data from our application and website listed on this page to some third parties listed on this page. You can read Segment’s privacy policy at https://segment.com/legal/privacy/. We collect most data for research purposes – these information will be deleted as soon as we finish processing them.

hCaptcha

We use the hCaptcha anti-bot service (hereinafter “hCaptcha”) on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation (“IMI”). hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled.

For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the “invisible mode” may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a “data processor” acting on behalf of its customers as defined under the GDPR, and a “service provider” for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI’s privacy policy and terms of use, please visit the following links: https://hcaptcha.com/privacy and https://hcaptcha.com/terms.

Additional Policies

Aside from our organizational privacy disclosure, you may also be interested in reading about our commitment to privacy in other programs of Execute Big. These policies outline the steps that we are taking to ensure we collect, process, and potentially release the right information to create a safe environment for you to be involved in our programs.

Questions & Data Control

You may request a copy of your data or ask us questions about this privacy disclosure by contacting us through emailing, calling, or writing to us.

Execute Big will never sell your personal information to third parties.

Last updated: April 2, 2021