At Cheerful Hearts Youth Academy, we are deeply committed to fostering a safe, trustworthy, and supportive environment, and this commitment extends unequivocally to the privacy and security of the personal information belonging to our students, their families, our dedicated staff, our valued volunteers, and generous donors. We recognize that entrusting us with sensitive information, particularly data pertaining to children, is an act of profound confidence, and we strive to honor that trust by implementing robust physical, technical, and administrative safeguards that meet or exceed industry best practices. This Comprehensive Privacy Policy is designed to clearly articulate our practices regarding the collection, use, maintenance, and disclosure of information gathered through our various operational channels, including our website (chya.site), our digital application portals, and the documentation generated during the course of delivering our core educational and mentorship programs. We believe that transparency is paramount to maintaining the strong partnerships we build with every family, and therefore, this policy sets forth in detail the specific types of data we collect, the legitimate purpose for that collection, the strict limitations on how we use that data, and the legal and operational rights you possess concerning your family’s private information within our custody. We urge all users, families, and partners to read this document thoroughly to gain a complete understanding of our unwavering dedication to protecting your privacy in every aspect of our youth empowerment work.

1. Scope of This Policy and Organization Identification

This Privacy Policy governs the data practices of the Cheerful Hearts Youth Academy (referred to herein as “CHYA,” “the Academy,” “we,” “us,” or “our”), a non-profit organization dedicated to empowering youth through education, mentorship, and community involvement. This policy applies to all information collected by us, whether electronically, verbally, or in physical form, across all services and programs we offer at our physical location at 12501 N MURPHY RD, MARICOPA, AZ 85138, and through our related digital properties, including our public-facing website and internal systems. It is important to understand that while we prioritize the academic and social development of youth, we must also operate within a comprehensive legal framework that mandates specific protections for different categories of personal data, especially data related to minors. Our commitment is to manage all collected information in strict compliance with applicable laws, including specific mandates concerning children’s data privacy, and to use such data solely for the purposes necessary to fulfill our mission: ensuring the safety, facilitating the education, and supporting the healthy development of every child enrolled in our Academy programs.

2. The Principles Governing Our Data Collection Practices

Our collection of personal information is governed by the principles of necessity, proportionality, and explicit consent, meaning we only collect data that is directly relevant and absolutely necessary to achieve specific, legitimate organizational goals, and whenever legally required, we secure clear, verifiable permission before proceeding. We categorize the data we collect into several distinct groups, each serving a critical operational function, whether it relates to emergency preparedness, academic accountability, regulatory compliance, or program quality improvement. We commit that all data collection methods are transparent, and we clearly inform individuals at the point of collection about the purpose for which their information is being requested and how it will be utilized within the Academy’s operations. For instance, when collecting health insurance information, the primary purpose is immediate emergency medical response; when collecting academic records, the purpose is to tailor our tutoring and enrichment programs effectively; and when collecting contact information, the purpose is seamless communication regarding scheduling and student progress. We consistently review our data collection procedures to ensure that we maintain the minimum amount of personal information necessary to deliver high-quality, safe, and effective youth services, discarding redundant or expired data securely and promptly in accordance with our data retention schedule.

3. Detailed Categories of Personal Information Collected

The scope of our work requires the collection of several distinct categories of personal information to ensure comprehensive service delivery, safety, and operational efficiency, and we distinguish clearly between information collected from students, parents, and other stakeholders.

A. Student (Child) Data Collected for Program and Safety

This category includes highly sensitive and protected information essential for educational delivery and student safety. We collect the student’s full legal name, date of birth, current grade level, attending school, and specific academic performance data, including standardized test scores and grades provided by parents or guardians to tailor our educational support precisely. Crucially, we collect sensitive health information, including known allergies, dietary restrictions, chronic medical conditions (e.g., asthma, diabetes), prescribed medications, and details of any individualized education plans (IEPs) or behavioral support plans, all necessary for emergency preparedness and reasonable accommodation in our facility. Furthermore, with explicit parental consent, we collect photographs, video, and written media (such as testimonials or student work) solely for internal program documentation, sharing student achievements, and promotional materials related to the Academy’s mission.

B. Parent/Guardian and Family Contact Data

This information is necessary for effective communication, emergency response, and securing required program funding and administrative fees. We collect the full names, residential addresses, email addresses, and primary telephone numbers for all custodial parents and designated emergency contacts. We also require documentation establishing legal guardianship and authority to enroll the child. For administrative purposes, particularly in the case of enrollment and fee management, we may collect financial information such as payment card details or bank account information; however, all such transactional data is processed through secure, encrypted third-party payment gateways that are PCI-DSS compliant, and CHYA itself does not store full payment card numbers on its servers. We also collect demographic information on a voluntary basis (e.g., family size, ethnicity, income range) strictly for aggregated, anonymized reporting required by grant providers and organizational quality assessments, never linking this data back to an individual for public disclosure.

C. Volunteer, Staff, and Donor Data

For staff and volunteers, we collect necessary human resources data, including social security numbers (for payroll and background checks), employment history, academic credentials, and professional references, all of which are securely maintained in a separate, highly restricted database. For all prospective volunteers, we require and retain the results of mandatory state and federal criminal background checks to ensure the safety of the minors in our care. For donors, we collect contact information and donation history for the purpose of issuing tax receipts, acknowledging support, and complying with non-profit regulatory requirements. Donor names and amounts are handled with the highest level of confidentiality and are never sold, rented, or exchanged with third parties.

D. Website and Technical Data

When users interact with our website (chya.site), we automatically collect certain technical information to improve site functionality and security. This may include the user’s Internet Protocol (IP) address, browser type, operating system, the pages viewed, the duration of visit, and referral source. This data is collected primarily through common technologies like cookies and web server logs. We use this technical data exclusively for aggregated statistical analysis, monitoring website performance, preventing security breaches, and enhancing user experience, never attempting to use this information to personally identify individual children browsing the site. Users have control over cookies through their browser settings, and disabling cookies will not impede the basic functionality of accessing our mission statement and contact information.

4. How We Utilize Collected Personal Information

The personal information we collect is utilized strictly for specified, legitimate purposes that are directly tied to the operation of the Academy and the fulfillment of our mission, always prioritizing the safety and educational benefit of our enrolled youth. We commit that we will never use personal information for any purpose inconsistent with the primary reason it was collected without obtaining additional, specific consent from the responsible parent or guardian.

A. Core Program Delivery and Safety

Student academic data and learning profile information are used by our certified educators and dedicated mentors to customize the tutoring, academic support, and enrichment workshops to meet the student’s individual learning needs, ensuring our support is targeted and effective. Health information and emergency contact data are maintained in secure, easily accessible files solely for the purpose of responding swiftly and effectively to medical or other emergencies that may arise while the child is in our care at the facility or during supervised field trips. Behavioral records, when applicable, are used by the Social-Emotional Development Specialist to create supportive intervention strategies and communicate effectively with parents regarding a child’s progress in developing key social and emotional skills, reflecting our holistic approach to youth well-being.

B. Communication and Administrative Functions

Parent and guardian contact information is utilized for all critical and routine communications, including scheduling reminders, informing parents about facility closures or event changes, providing mandated weekly progress reports on the student’s academic standing, and coordinating logistical details such as student drop-off and pick-up. Financial information, as previously stated, is processed through secure third parties to manage enrollment fees, program charges, and payment processing related to the services rendered. Donor information is used exclusively for internal fundraising analysis, legal compliance related to non-profit status, and the issuance of required tax documentation.

C. Program Improvement and Evaluation

Non-identifiable, aggregated data—such as average academic growth across a cohort, participation rates in enrichment programs, and general demographic breakdowns—is regularly used for program evaluation, quality assessment, and internal strategic planning. This data allows us to measure the efficacy of our mentoring models and adjust our curriculum to better serve the evolving needs of the Maricopa youth community. Furthermore, anonymized data summaries are often required by our grant providers to demonstrate the demographic reach and positive educational outcomes achieved by the Academy, securing the funding necessary to keep our high-quality programs accessible to all families. We employ rigorous techniques to ensure that any data used for public reporting or evaluation purposes is fully de-identified and cannot be traced back to any specific individual student or family.

5. Children’s Online Privacy Protection Act (COPPA) Compliance

The protection of privacy for children under the age of 13 is a matter we treat with the utmost seriousness, and our practices are designed to be in strict compliance with the U.S. Children’s Online Privacy Protection Act (“COPPA”) and other applicable regulatory standards. The Cheerful Hearts Youth Academy website is not targeted at children under 13, and we do not knowingly collect personal information online directly from children under 13 without first obtaining verifiable parental consent.

A. Verifiable Parental Consent

For any digital activity that requires the collection of personal information from a child under 13—such as setting up a student account for an online learning tool we utilize or for participation in a supervised digital survey—we will first require verifiable parental consent from the parent or legal guardian. This consent process is explicit and requires the parent to confirm their identity and their permission for the specific data collection and use. Parents have the absolute right to review the personal information collected from their child, request its deletion, and revoke their consent for any further collection or use of that child’s information at any time, simply by contacting the Academy’s Program Director.

B. Limitations on Child Data Use

All personal information collected from a child, even with parental consent, is used exclusively to provide the service requested, such as facilitating their participation in an educational module or enabling communication related solely to their enrollment in a supervised program. We commit that we will never condition a child’s participation in any of our activities, online or offline, on them disclosing more personal information than is reasonably necessary to participate in that activity. Furthermore, we will never use a child’s personal information for any commercial purposes, advertising, or marketing efforts, nor will we allow any third-party advertising or behaviorally targeted advertising to be displayed to children on any digital platform directly controlled by CHYA.

6. Disclosure and Sharing of Information with Third Parties

We maintain a strict policy of minimizing the disclosure of personal information outside of the Academy. We will only share personal information under limited circumstances, and always with the goal of ensuring program safety, fulfilling our operational necessities, or complying with legal obligations, and we never sell, rent, or trade student, family, or donor personal data to outside parties for their independent marketing purposes.

A. Service Providers and Business Operations

We engage certain trusted third-party service providers to perform essential operational functions on our behalf, such as secure financial processing platforms (for enrollment fees), cloud-based data hosting and storage providers (for secure record keeping), and specific communication tools (for sending mass emails and texts). These third parties are contractually bound to maintain the confidentiality of the personal information they handle, are prohibited from using it for any purpose other than providing the agreed-upon services to CHYA, and must adhere to our stringent data security and privacy standards, including those related to children’s data.

B. Public Schools and Educational Partners

To effectively tailor our academic support and tutoring services, it is often necessary to communicate with the student’s current public school or educational placement. We will only share relevant academic or behavioral information with the student’s school with the explicit written consent of the parent or guardian, and this sharing is strictly limited to information necessary for coordinating educational services, such as sharing progress reports or coordinating accommodation strategies. Any sharing of data with third-party educational partners (e.g., specialized test prep services) will require separate, explicit consent.

C. Legal Compliance and Protection

We may be required to disclose personal information if mandated by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation, a court order, or governmental request; (b) protect and defend the rights or property of Cheerful Hearts Youth Academy; (c) act in urgent circumstances to protect the personal safety of students, staff, or the public; or (d) protect against potential legal liability or fraud. In any such legal scenario, we will always strive to minimize the scope of the data disclosed to the absolute minimum required by law.

7. Data Security and Protection Measures

Cheerful Hearts Youth Academy implements and continuously updates a robust array of technical, physical, and administrative security measures designed to protect personal information against unauthorized access, use, modification, or destruction, both online and offline. We recognize that data security is not a one-time setup but an ongoing process that requires constant vigilance and adaptation.

A. Technical Security

All digital data, especially information classified as sensitive (such as health records or financial transaction data), is protected using industry-standard encryption protocols, including Secure Socket Layer (SSL) technology, during transmission to and from our website and internal systems. Our internal databases are protected by multi-factor authentication, strong password requirements, and rigorous network access controls that segment data based on the “need-to-know” principle, ensuring only designated staff members can access specific data sets (e.g., only the Program Director and Social-Emotional Specialist can access certain behavioral records). We utilize commercial-grade firewall and intrusion detection systems to monitor and prevent unauthorized electronic access to our network infrastructure.

B. Physical and Administrative Security

Physical access to our facility at 12501 N MURPHY RD, MARICOPA, AZ 85138, and specifically to areas where physical records are stored (e.g., enrollment forms, health folders), is secured through locked doors, controlled access codes, and video monitoring. All physical student files are kept in locked cabinets and are destroyed using cross-shredding methods when they meet their retention expiration date. Administratively, all staff and key volunteers are required to undergo mandatory and recurring privacy and security training, emphasizing best practices in data handling, adherence to this policy, and immediate reporting of any suspected data security incidents to the Academy leadership, fostering a culture where privacy protection is everyone’s responsibility.

8. Data Retention and Destruction Policy

We are committed to retaining personal information only for as long as necessary to fulfill the operational and legal purposes for which it was collected, or as required by any applicable local, state, or federal law, ensuring we do not indefinitely store unnecessary sensitive data. The length of time we retain data varies depending on its type and function. For instance, student enrollment and health records are typically maintained for a specific period after a child graduates or leaves the program to address potential future inquiries, reference checks, or legal compliance needs. Once data reaches the end of its required retention period, or upon a verified parental request for deletion (subject to legal exceptions), we take appropriate steps to securely destroy or permanently de-identify the information in a manner that prevents any reconstruction or future use. Physical records are shredded, and digital records are permanently wiped using industry-accepted secure deletion standards.

9. Your Rights Regarding Your Personal Information

We are committed to supporting your right to control your personal information, offering several mechanisms for access, correction, and control over the data you provide to us, in line with modern privacy frameworks (like principles found in GDPR and CCPA, even if those laws do not fully apply to our localized non-profit operations).

A. Right to Access and Review

You have the right to request a review of the personal information that Cheerful Hearts Youth Academy maintains about you or your child. Upon receiving a verifiable written request, we will provide you with a copy of the requested records in an accessible format, subject to legal and administrative limitations (e.g., we cannot share information pertaining to other individuals).

B. Right to Correction and Amendment

If you believe that any personal information we hold about you or your child is inaccurate, incomplete, or outdated, you have the right to request that we correct or amend the data promptly. We require reasonable documentation to verify the accuracy of the requested changes, particularly for legal names or addresses.

C. Right to Object and Request Deletion

You have the right to object to certain uses of your data (e.g., objecting to the use of your child’s photo in promotional materials) and to request the deletion of personal information. Please be aware that a request for deletion must be carefully balanced against our legal obligation to maintain certain records (ee.g., safety-related health forms, financial tax records) for a mandated period, and any data required for immediate student safety and program delivery may not be eligible for immediate deletion while the child is actively enrolled in the Academy.

All requests regarding your rights must be submitted in writing to the Program Director via email at info@chya.site or by postal mail to our official address, ensuring your identity is verifiable before any sensitive data is accessed or modified.

10. Policy Updates and Contact Information

This Comprehensive Privacy Policy is subject to change as our programs evolve, as we adopt new technologies, or as new legal requirements necessitate updates. We reserve the right to modify this policy at any time, and any changes will be effective immediately upon posting the revised version on our website. We will notify enrolled families of any material changes to this policy through email or a prominent notice posted within the Academy facility. Your continued use of the Academy’s services following the posting of the updated policy constitutes your agreement to and acceptance of those changes.

For any questions, concerns, or requests related to this Privacy Policy, our data practices, or the handling of your family’s personal information, please contact our administrative leadership team directly:

Cheerful Hearts Youth Academy Program Director (Privacy Contact) 12501 N MURPHY RD, MARICOPA, AZ 85138 Email: info@chya.site

We are dedicated to addressing all inquiries regarding privacy promptly and transparently, upholding our foundational commitment to trust and the secure empowerment of every young heart in our care.