Privacy Policy Website Privacy Policy

The San Francisco AIDS Foundation (“SFAF,” “we,” “us”) is an independent, nonprofit California public benefit corporation that promotes health, wellness, and social justice for communities most impacted by HIV, through sexual health and substance use services, advocacy, and community partnerships. This Privacy Policy explains the personal information we collect about you in connection with the Services (defined below), how we use and share it, and the choices you have regarding this information.

1. Applicability of this Privacy Policy

By accessing and using the Services (defined below), you are agreeing that SFAF is the “controller” of your personal data provided to, collected by, or processed in connection with the Services. If you don’t agree with this Privacy Policy, do not access or use the Services.

This Privacy Policy applies to visitors to (the “Website”), the “Other Services” (defined below), and any other products and projects of SFAF that state that this Privacy Policy applies to our collection of personal data (the “Services”). This Privacy Policy does not apply to products, programs, or activities of SFAF that do not incorporate this Privacy Policy by reference or expressly refer to a separate privacy policy.

2. Information We Collect About You

2.1 Website Visitors

When you visit the Website, we collect the following information (collectively, “Website Visitor Information”):

From You
We collect certain information from you when you provide it to us directly. Specifically:

Subscribing to our newsletter. When you sign up to receive our newsletter, you provide us with your first and last names and your email address. Unless you ask us not to, we may contact you via email in the future to tell you about events, news updates or related information, or changes to this privacy policy.

Making a donation. When you make a donation on the site, you may provide us with you first and last name, billing address, shipping address, phone number, email address, employer name, credit card number, expiration date, security code, bank name, bank routing number, bank checking account number, and/or PayPal account information so that the donation can be processed.

Forms. Users of this Website may be asked to complete registration forms for actions such as making a donation. During registration, a user is required to give certain information (such as name and email address). To complete these forms, you must provide contact information (like name, shipping address, and phone number) and financial information (like credit card number, expiration date). This information is used for billing purposes in processing donations. If we have trouble processing a donation, we’ll use this information to contact you. Information collected in these forms is securely stored in our third-party CRM database (Salesforce).

IP Address. Your IP Address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP Address may be identified and logged automatically in our server log files whenever a user accesses the Site, along with the time of the visit and the pages visited.

Requesting User Support. If you email us with a support request or comments at a email address published on our Website, you may provide us with information so that we can respond, such as your contact information and a description of the issue.

From Your Browser or Device
Whenever you use any online service, certain information gets created and logged automatically; the same is true when you visit our Website. Here’s what we collect:

Log. When you visit our Website (whether on your computer or on a mobile device), we gather certain information automatically and store it in log files. This information includes IP addresses, the Internet Service Provider, referring/exit pages, date/time stamps, clickstream data, login/logout times, and duration of time spent on our Website.

Device. In addition to log data, we collect information about the device you’re using to access the Website; this includes the type of device, browser type, operating system, settings, unique device identifiers, and crash data that helps us understand when something goes wrong.

Cookies. We also use cookies (small text files sent by your computer each time you visit our Website that are unique to your account or your browser) and similar technologies. For example, we use Google Analytics, which places cookies that collect information, which allows us to understand how often you use the Website, where you are accessing the Website from, and events that happen on the Website. You can opt out of Google Analytics here.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services. For example, we may not be able to recognize your computer, and you may need to log in every time you visit.

Pixels. San Francisco AIDS Foundation uses Facebook, Instagram and Twitter pixels to reach website visitors after they have left this site. Visitors to this site may see San Francisco AIDS Foundation advertisements while using Facebook, Instagram or Twitter.

2.2 Other Services
We use certain third-party online services to provide information about SFAF’s work (like Salesforce, Twitter, Instagram, Facebook, LinkedIn, and Application Manager) (those services we refer to as, “Other Services”). When you follow, like, comment, or otherwise engage with us through these Other Services, we see the personal data that the Other Service generally makes available about its users (that information, “Other Service Information”). For example, when you comment on our post on an Other Service, that Other Service will commonly attribute your comment to you in a way that others can see (including us). You can check the privacy policy of any Other Service for more information on how it collects, uses, and shares data, including the Other Service Information that may be provided to us. We will not attempt to re-identify you from information provided by Other Services in aggregated or de-identified form.

3. Use of Your Data

3.1 Website Visitor Information
We use the data we collect about visitors to our Website as follows:

To provide and maintain the Website.
We use the information we collect to provide or serve our Website, and maintain and improve the Website, including understanding the content that our visitors find valuable.

To provide information you’ve requested.
We will inform you – via the email address you provide us – of other initiatives, news, requests for applications, and job opportunities related to SFAF.

To communicate with you.
We may also use your information to directly communicate with you about your use of the Website or to respond to an email or submission from you.

To process your donation.
We will use the information to process your donation. All Information collected in for this purpose is securely stored in our third-party CRM database (Salesforce).

3.2 Other Service Information
We use information from Other Services to understand the particular materials that we posted or linked to that users of those Other Services found most valuable and to inform our marketing efforts.

3.3 Advertising
Our Website does not include advertisements for third-party goods and services. However, we may use advertising to promote the products, programs, and services that we provide and/or support. Subject to your settings, we may use your email address or cookies to direct ads for our own programs to you on third-party sites. Additionally, we do share aggregated demographic information with our partners and advertisers. This is not linked to any personal information that can identify any individual person.

4. Sharing Your Data

Except in the instances listed below, we will not disclose your personal information to others unless you consent to it, nor will we ever sell your personal information to advertisers or other third parties. However, we share your information in the following ways:

Third-Party Service Providers. SFAF works with vendors, service providers, and other partners that help us provide the Website by providing services on our behalf. These services are, for example, sending emails, performing statistical analysis, database management services, database hosting, providing customer support software, and security. In the course of providing these services, our service providers may have access to your information, including personal information.

Legal and Safety Reasons. We may disclose information if we believe in good faith that it’s necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on us; (c) to protect or defend our rights or property or users of our Services or others; and/or (d) to investigate or assist in preventing any violation of the law.

SFAF Entities. We may share your information with our affiliates, in which case we will require them to honor this Privacy Policy. “Affiliates” refers to entities affiliated with SFAF.

Reorganization, Sale, or Merger. We may share your information in connection with a merger, reorganization, or sale of all or a portion of our organization or assets related to SFAF. In the event of a merger, reorganization, or sale of assets, the buyer or other successor entity will continue to be bound by the terms of this Privacy Policy.

5. Choices and Rights Over Your Personal Data

(a) Rights
You have the following rights with respect to the personal data we have about you:

Delete data. You can ask us to erase or delete all or some of your personal data.

Change or correct personal data. You can also ask us to change, update, or fix your data in certain cases, particularly if it’s inaccurate.

Object to, limit, or restrict use of personal data. You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).

Right to access and/or take your personal data. You can ask us for a copy of your personal data in machine-readable form.

The right not to be discriminated against. SFAF will not discriminate against you in any manner for exercising any of the above rights with respect to your personal data.

Contact us at if you have questions or would like to exercise any rights you have under applicable law to control your personal data. If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.

(b) Additional Controls
You have choices available to you through the device you use to access the Website. For example, your browser may let you control cookies and other types of local data storage. Where we receive information about you from Other Services (as described in Section 2.2 above), those Other Services – like social media sites – may offer their own controls around the data you choose to share with us.

6. Retention and Deletion

We will keep your information only for as long as we believe that we need it for the purpose we have collected it (as described above) or to meet legal obligations, resolve disputes, maintain security, prevent fraud and abuse, enforce our agreements with you, or fulfill your request to unsubscribe from further messages from us. When your information is no longer needed, we will destroy or de-identify it.

7. Data Transfer

SFAF is based in the United States; when you engage with the Website, you are sending personal data into the United States, which may have different data protection rules than those of your country. We process data both inside and outside of the United States.

8. Our Legal Bases

We will collect, use, and share your personal data only where we have a legal right to do so. This section explains our legal bases for processing personal data, including under GDPR.

Consent. We rely on consent to engage in certain data collection activities, like through cookies.

Legitimate Interests. We rely on legitimate interests to process the data we collect when you browse our Website. We process this data based on our legitimate interest in understanding how our Website is being used, and your legitimate interest in accessing our Website.

Where we rely on consent, you have the right to revoke your consent; and where we rely on legitimate interests, you have the right to object by emailing us at

9. Other Important Information

(a) Security of Your Information
Security of personal data is important to us. We implement security safeguards designed to protect your personal data, including reasonable administrative, technical, and physical safeguards designed to protect personal data from unauthorized access, use, alteration, and destruction. Despite these efforts, we cannot guarantee that your data may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or administrative safeguards. Please notify us immediately at if you become aware of any security issues relating to our Services.

(b) Your Communications Preferences
The personal information you voluntarily provide for our mailing lists allows us to keep you posted on our latest announcements, requests for applications, job opportunities, and upcoming events. If you no longer want to be on our mailing lists, you can opt out any time by updating your preferences. You may update your preferences or request to unsubscribe from our mailing lists by using the “Unsubscribe ” link at the bottom of any email sent to a SFAF mailing list. You may also send an email to requesting to unsubscribe.

(c) Do Not Track Signals
We don’t currently share personal data with third parties for their direct marketing purposes, nor do we support any Do Not Track signals since there’s currently no standard for how online services respond to those signals. As standards develop, we may establish policies for responding to DNT signals that we would describe in this Privacy Policy.

(d) Changes to This Privacy Policy
We may modify this Privacy Policy from time to time, and you can see when the last update was by looking at the “Last Updated” date at the top of this page. If we make material changes to it, we’ll provide you notice through this Privacy Policy. If you object to any changes, you may stop accessing the Services or exercise other opt-outs or rights that we provide. Your continued use of the Services after we publish a notice about changes to this Privacy Policy means that you acknowledge the updated Privacy Policy following the date it takes effect.

(e) Children.
The Services are not designed or intended for individuals under the age of 13 and, we do not knowingly collect Personal Information from individuals under the age of 13. If we become aware that we have the information of such children collected through the Services, we will promptly delete it.

(f) Contact Information
If you have questions or complaints regarding this Privacy Policy, please contact us at If contacting us does not resolve your complaint, residents in the European Union (and some other countries) also have the right to contact our Privacy Officer (at and their local data protection authorities.