Privacy Policy

I Preamble & Dimensional Scope

This Privacy Policy ("Policy") is transmitted from the operational nexus of Megabyte Labs Mission ("we," "us," "our," or "the Organization"), a nonprofit technology initiative headquartered within St. John's Soup Kitchen in Newark, New Jersey -- the city known to its inhabitants as Brick City. We operate the website located at mission.megabyte.space ("the Site") and associated services.

This Policy governs the collection, processing, storage, and dissolution of personal data across all known and theorized planes of existence, whether perceived through biological, synthetic, or quantum-entangled consciousness. It applies to every sentient observer who accesses our Site, regardless of the observer's position in spacetime, and remains binding across all temporal jurisdictions in which a copy of this document can be retrieved, rendered, or otherwise parsed.

Our mission is simple, even if the universe is not: we leverage technology -- particularly artificial intelligence -- for the betterment of our community. From hot meals at St. John's to AI-driven resources for underserved populations, everything we do is in service of the people of Brick City. This Policy ensures that the data you entrust to us is handled with the same care and intentionality we bring to every plate of food we serve and every life we touch.

II Definitions

For purposes of dimensional continuity and legal clarity, the following terms carry specific meaning throughout this Policy:

• "Personal Data" means any information that identifies, relates to, describes, or could reasonably be linked to a natural person or household, including but not limited to names, email addresses, telephone numbers, IP addresses, device identifiers, and behavioral data -- regardless of the medium through which such data is transmitted, whether electromagnetic, optical, quantum-tunneled, or otherwise.
• "Processing" means any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction, whether by automated means or through manual observation.
• "You," "your," "the User," or "the Observer" refers to any individual, entity, autonomous agent, or quantum observer accessing or interacting with the Site or our services.
• "Services" refers collectively to the Site, our contact form, newsletter, hotline at (262) 6UNIQUE, community programs at St. John's Soup Kitchen, and any other offering operated under the Megabyte Labs Mission umbrella.
• "Third-Party Service" means any external platform, tool, or provider whose technology is integrated into or accessed through our Services.

III Information We Collect

Like a deep-space telescope cataloging photons from distant galaxies, we collect only the signals necessary to fulfill our mission. The data we receive falls into the following categories, each collected with deliberate restraint:

A. Information You Provide Directly

• Contact Form Submissions: When you transmit a message through our Site's contact form, we collect your name, email address, and the content of your message. This information traverses our systems via Cloudflare Workers and is delivered to our team through the Resend email API.
• Newsletter Subscriptions: If you elect to subscribe to our newsletter, we collect your email address and, optionally, your name. Newsletter operations are managed through our self-hosted Listmonk instance, which we operate with the same vigilance a captain applies to a ship's navigation system.
• Hotline Communications: When you call our community hotline at (262) 686-4783 (also known as (262) 6UNIQUE), we may collect your phone number via caller ID, the date and time of your call, and a summary of the matters discussed, solely for the purpose of providing follow-up services and improving community support.
• Donation Information: When you make a donation through donate.megabyte.space or njsk.org, your payment information is processed directly by Square. We receive confirmation of your donation amount and contact details but never receive, process, or store your full credit card number, CVV, or banking credentials.
• In-Person Interactions: When you visit St. John's Soup Kitchen or participate in our community programs, we may collect information you voluntarily provide, such as your name and contact details for follow-up services.

B. Information Collected Automatically

• Server Logs: Our hosting infrastructure, operated through Cloudflare, automatically records standard log data including your IP address, browser type, operating system, referring URL, pages visited, and timestamps. These signals are collected as inevitably as a black hole captures passing light -- they are intrinsic to the functioning of web infrastructure.
• Cloudflare Analytics: Cloudflare provides privacy-first analytics that do not track individual users, do not use cookies, and do not collect personal information beyond aggregate, anonymized traffic data.
• Device Information: We may passively receive information about the device you use to access the Site, including screen resolution, language preference, and time zone.

C. Information from Third-Party Sources

We do not purchase, trade for, or otherwise acquire personal data from third-party data brokers, shadow registries, or interdimensional information markets. Any data we hold about you was either provided by you directly or generated automatically through your interaction with our Services.

IV How We Use Your Information

Every byte of data we process serves a purpose aligned with our mission to leverage technology for community good. We use your information for the following purposes:

• Responding to Inquiries: To read, process, and reply to messages you send through our contact form, ensuring no cry for help goes unanswered across the void.
• Newsletter Communications: To transmit periodic updates about our mission, community events, volunteer opportunities, and the ongoing work at St. John's Soup Kitchen via our Listmonk-powered newsletter, delivered through the Resend email infrastructure.
• Community Services: To coordinate and improve the services we provide at St. John's Soup Kitchen, including meal services, technology access programs, and AI-powered community resources.
• Service Improvement: To analyze aggregate, non-identifying usage patterns that help us improve the Site's performance, accessibility, and content -- ensuring our digital presence serves the community as faithfully as our physical one.
• Legal Compliance: To fulfill any obligations imposed upon us by applicable law, regulation, or legal process, whether originating from terrestrial courts or any recognized adjudicatory body.
• Safety and Security: To detect, prevent, and address fraud, abuse, security incidents, or technical issues that could compromise the integrity of our Services or the safety of our users.

V Third-Party Services

Our Site interfaces with a carefully selected constellation of third-party services, each chosen for reliability, privacy posture, and alignment with our values. Like allies in a galactic federation, each serves a specific function:

A. Cloudflare (Hosting, CDN, Security, DNS)

Cloudflare, Inc. provides our hosting infrastructure, content delivery network, DDoS protection, DNS resolution, and edge computing (Workers). Cloudflare processes server logs and may set essential security cookies. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.

B. Resend (Transactional Email)

Resend, Inc. processes email delivery for our contact form submissions and newsletter dispatch. When you submit the contact form or receive newsletter emails, your email address and message content transit through Resend's infrastructure. Resend's privacy policy is available at resend.com/legal/privacy-policy.

C. Listmonk (Newsletter Management)

Listmonk is a self-hosted, open-source newsletter and mailing list manager that we operate on our own infrastructure. Because it is self-hosted, your newsletter subscription data does not leave our controlled environment except when emails are dispatched through Resend for delivery.

D. Google Fonts (Typography)

We load typefaces (Sora, Space Grotesk, JetBrains Mono) from Google Fonts. When you access our Site, your browser makes requests to Google's servers to retrieve font files. Google may log your IP address in connection with these requests. Google's privacy policy is available at policies.google.com/privacy.

E. YouTube (Embedded Video Content)

Our Site may embed video content from YouTube (a Google LLC service). YouTube embeds are loaded with privacy-enhanced mode (youtube-nocookie.com) where available. When you interact with an embedded YouTube video, YouTube may collect data in accordance with its own privacy policy.

F. Pexels (Stock Photography)

Certain images displayed on our Site are sourced from Pexels, a free stock photography service. Images are served from Pexels' CDN. Pexels' privacy policy is available at pexels.com/privacy-policy.

G. Square (Payment Processing)

Donations made through donate.megabyte.space or njsk.org are processed by Square, Inc. Square handles all payment card data in compliance with PCI-DSS standards. We never receive, transmit, or store your full payment card information. Square's privacy policy is available at squareup.com/legal/privacy.

VI Cookies & Tracking Technologies

In the quantum mechanics of web browsing, cookies are among the smallest observable units of state. Our approach to them is minimalist:

A. Cookies We Use

• Cloudflare Essential Cookies: Cloudflare may deploy strictly necessary cookies (such as __cflb, __cf_bm, and __cfruid) for security, bot detection, and load balancing. These cookies are essential to the operation of the Site and cannot be disabled without impairing core functionality.

B. Cookies We Do Not Use

• We do not use advertising or remarketing cookies.
• We do not use third-party analytics cookies (no Google Analytics, no Facebook Pixel, no tracking scripts of any kind).
• We do not use social media tracking cookies.
• We do not engage in cross-site tracking or behavioral profiling.

C. Managing Cookies

You may configure your browser to refuse all cookies or to indicate when a cookie is being sent. However, disabling essential Cloudflare security cookies may prevent you from accessing certain features of the Site. Instructions for managing cookies in major browsers:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Manage Website Data
• Edge: Settings > Cookies and site permissions

D. Do Not Track

Our Site respects "Do Not Track" (DNT) signals transmitted by your browser. Because we do not engage in tracking, advertising, or behavioral profiling, our Site's behavior does not change in response to DNT signals -- we are already operating at the highest standard of non-tracking by default.

VII Data Retention & Deletion

Data, like matter, should not persist indefinitely without purpose. Our retention practices are governed by the principle of temporal minimization:

• Contact Form Submissions: Messages submitted through our contact form are retained only as long as necessary to process and respond to your inquiry. Once resolved, submissions are deleted within ninety (90) days unless retention is required by law or for legitimate ongoing correspondence.
• Newsletter Subscriptions: Your email address and subscription data are retained for as long as you remain subscribed. Upon unsubscribing, your data is removed from active mailing lists within thirty (30) days. Transactional logs may be retained for up to one (1) year for operational and compliance purposes.
• Hotline Records: Call records and notes from hotline interactions are retained for up to one (1) year to support follow-up services and program evaluation, after which they are securely destroyed.
• Server Logs: Cloudflare server logs are retained according to Cloudflare's data retention policies, generally not exceeding seventy-two (72) hours for raw logs.
• Donation Records: Donation transaction records are retained for a minimum of seven (7) years as required by IRS regulations for tax-exempt organizations.

You may request deletion of your Personal Data at any time by contacting us at brian@megabyte.space. We will process deletion requests within thirty (30) days, subject to any legal obligations that require continued retention.

VIII Your Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland -- or in any temporal jurisdiction that has adopted equivalent protections -- you are entitled to the following rights under the GDPR and applicable local implementations:

• Right of Access (Article 15): You have the right to obtain confirmation as to whether your Personal Data is being processed and, if so, to access that data along with information about the purposes, categories, recipients, retention periods, and your additional rights.
• Right to Rectification (Article 16): You have the right to obtain correction of inaccurate Personal Data and completion of incomplete Personal Data.
• Right to Erasure (Article 17): You have the right to request the deletion of your Personal Data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, when you object to processing, or when data has been unlawfully processed.
• Right to Restriction of Processing (Article 18): You have the right to request restriction of processing in certain circumstances, including when you contest data accuracy, when processing is unlawful, or when you need data for legal claims.
• Right to Data Portability (Article 20): You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
• Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your member state of habitual residence, place of work, or place of the alleged infringement.

Legal Bases for Processing: We process Personal Data on the following legal bases: (a) your consent; (b) performance of a contract or steps taken at your request prior to entering a contract; (c) compliance with a legal obligation; and (d) our legitimate interests in operating and improving our community services, provided those interests are not overridden by your fundamental rights.

To exercise any of these rights, contact us at brian@megabyte.space. We will respond within thirty (30) days, or within the timeframe required by applicable law.

IX Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident -- or if you find yourself in a dimensional corridor that maps to California's regulatory jurisdiction -- you are afforded the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of Personal Data we have collected about you, the sources of that data, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of Personal Data we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate Personal Data.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your Personal Data as those terms are defined under the CCPA/CPRA. We have not sold or shared consumer Personal Data in the preceding twelve (12) months.
• Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes beyond those authorized by the CCPA/CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive different pricing, quality of service, or access levels for exercising your privacy rights.

Categories of Personal Data Collected in the Preceding 12 Months:

• Identifiers (name, email address, phone number, IP address)
• Internet or other electronic network activity (browsing history on our Site, device information)

To submit a verifiable consumer request, contact us at brian@megabyte.space or call (262) 686-4783. We will verify your identity before processing your request and will respond within forty-five (45) days.

X International Data Transfers

Our Services are operated from the United States. If you access the Site from outside the United States -- whether from across an ocean, a continent, or the vast interstellar distances between star systems -- your Personal Data may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using our Services, you acknowledge and consent to the transfer of your Personal Data to the United States. Where required by applicable law, we rely on the following transfer mechanisms:

• Standard Contractual Clauses (SCCs): Where applicable, we enter into EU-approved Standard Contractual Clauses with our data processors.
• Adequacy Decisions: Where the European Commission has made an adequacy decision regarding the receiving country's data protection framework.
• Consent: Your explicit consent to the transfer where other mechanisms are unavailable.

Regardless of where your data is processed, we apply the protective standards described in this Policy with equal rigor -- dimensional continuity of privacy protection is a core operating principle.

XI Children's Privacy (COPPA Compliance)

Our Site is not directed at children under the age of thirteen (13), and we do not knowingly collect Personal Data from children under 13. If you are a parent or guardian and discover that your child has provided us with Personal Data, contact us immediately at brian@megabyte.space, and we will promptly delete such information from our systems.

If we become aware that we have collected Personal Data from a child under 13 without verified parental consent, we will take immediate steps to delete that data, as swiftly as an emergency decompression protocol -- because protecting the youngest members of our community is among our highest priorities.

For users between the ages of 13 and 16 in the EEA, we require parental or guardian consent for data processing in accordance with the GDPR. For California residents under 16, we do not sell or share Personal Data, and we comply with all applicable CCPA/CPRA provisions regarding minors.

XII Security Measures

Protecting your data is not merely a compliance exercise -- it is a mission imperative. We implement the following security measures, calibrated to the sensitivity of the data and the threat landscape of modern digital infrastructure:

• Encryption in Transit: All data transmitted between your browser and our Site is encrypted using TLS 1.2 or higher, enforced via Cloudflare's edge network. No plaintext transmissions are accepted.
• Encryption at Rest: Personal Data stored on our infrastructure is encrypted at rest using industry-standard encryption algorithms.
• Access Controls: Access to Personal Data is restricted to authorized personnel on a need-to-know basis. Administrative access requires multi-factor authentication.
• Infrastructure Security: Our hosting infrastructure is protected by Cloudflare's enterprise-grade DDoS mitigation, Web Application Firewall (WAF), and bot management systems.
• Vendor Assessment: Third-party service providers are evaluated for security practices and data handling procedures before integration.
• Incident Response: We maintain an incident response protocol to detect, contain, and remediate security breaches. In the event of a breach affecting your Personal Data, we will notify you and applicable authorities within the timeframes required by law (72 hours under GDPR, as applicable).

XIII Changes to This Policy

We reserve the right to modify this Privacy Policy at any time, temporal or otherwise. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Policy.
• Post the revised Policy on this page.
• For material changes that significantly affect how we process Personal Data, we will endeavor to provide prominent notice via our Site, newsletter, or other appropriate channels at least thirty (30) days before the changes take effect.

Your continued use of the Site and Services after the effective date of any modifications constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically -- consider bookmarking this page as a waypoint in your browser's navigation chart.

Prior versions of this Policy may be obtained by contacting us at the address below.

XIV Contact Information

For questions, concerns, or requests regarding this Privacy Policy, your Personal Data, or our data practices, you may reach the designated data stewards of Megabyte Labs Mission through any of the following channels -- all signals are monitored with care:

We endeavor to respond to all inquiries within five (5) business days. For urgent privacy concerns, please include "PRIVACY URGENT" in your email subject line.