The Klarman Family Foundation Privacy Policy

Effective Date: June 11, 2026 | Last Updated: June 11, 2026

1. Introduction

The Klarman Family Foundation (“Foundation,” “we,” “us,” or “our”) is a private philanthropic foundation headquartered in Boston, Massachusetts. We are committed to protecting the privacy of individuals who visit our website at www.klarmanfoundation.org (the “Site”) or otherwise interact with us.

This Privacy Policy explains what information we collect, how we use and protect it, and your rights with respect to that information. It applies to all visitors to the Site regardless of location, including visitors from the United States, the European Union (“EU”), the United Kingdom (“UK”), and elsewhere.

Please read this policy carefully. By using the Site, you acknowledge that you have read and understood the practices described here. If you do not agree with this policy, please do not use the Site.

2. Information We Collect

2.1 Information You Provide Directly

When you contact us through our online contact form, you may provide:

Full name
Email address
Subject of inquiry (Funding Inquiry or Other Inquiry)
Message content

We do not require you to create an account to use the Site. We collect only the information you voluntarily submit through the contact form.

2.2 Information Collected Automatically

When you visit the Site, we and our service providers may automatically collect certain technical information, including:

IP address and approximate geographic location (country/region)
Browser type and version
Operating system
Referring URL (the page you visited before arriving at our Site)
Pages visited, time spent on pages, and links clicked
Date and time of your visit

This information is collected through server logs and cookies (see Section 5 below). It is used to maintain the security and performance of the Site and to understand aggregate usage patterns.

2.3 Information We Do Not Collect

The Foundation does not collect payment card information, Social Security numbers, government-issued identification, sensitive personal data (such as health information, racial or ethnic origin, or political opinions beyond what you voluntarily share in a message), or information from children under the age of 13 (see Section 11 below).

3. How We Use Your Information

We use the information we collect for the following purposes:

Responding to your inquiries and communications submitted via the contact form
Evaluating grant proposals and funding inquiries submitted to the Foundation
Maintaining, securing, and improving the performance of the Site
Analyzing aggregate, anonymized usage patterns to understand how visitors interact with the Site
Complying with applicable legal obligations
Detecting and preventing fraud, abuse, or other harmful activity

We do not sell, rent, or lease your personal information to third parties for their marketing purposes. We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

4. Legal Basis for Processing (EU and UK Visitors)

If you are located in the European Economic Area (“EEA”) or the United Kingdom, we process your personal data under the EU General Data Protection Regulation (GDPR) and the UK GDPR, respectively. Our legal bases for processing are:

Legitimate interests (Article 6(1)(f) GDPR): We process automatically collected technical data (e.g., server logs, analytics) to operate and secure the Site. We have assessed that our legitimate interests in maintaining Site security and functionality are not overridden by your privacy interests.
Performance of a task carried out in the public interest / Legitimate interests: We process contact form submissions to respond to your inquiry and, where relevant, to evaluate grant requests consistent with our charitable mission.
Consent (Article 6(1)(a) GDPR): Where we deploy non-essential cookies or similar tracking technologies, we rely on your consent, which may be withdrawn at any time (see Section 5).
Legal obligation (Article 6(1)(c) GDPR): We may process data where required to comply with applicable law.

5. Cookies and Tracking Technologies

5.1 What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work, to improve efficiency, and to provide information to website operators.

5.2 Cookies We Use

The Site uses cookies in the following categories:

Strictly necessary cookies: These are required for the Site to function. They include session cookies set by WordPress, our content management system, to manage page navigation. These cookies do not collect personally identifiable information and cannot be disabled.
Analytics/performance cookies: We may use analytics tools (such as WordPress-integrated analytics) to collect aggregated, anonymized information about how visitors use the Site. This helps us improve content and navigation. Where required by law, these are only activated with your consent.
Functional cookies: Some cookies remember your preferences (e.g., language settings) to provide a more personalized experience.

5.3 Managing Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and receive alerts when cookies are set. Disabling strictly necessary cookies may affect the Site’s functionality. For more information on how to manage cookies, visit www.allaboutcookies.org.

If you are located in the EU or UK and we use non-essential cookies, we will request your consent via a cookie consent banner before placing such cookies. You may withdraw consent at any time by adjusting your browser settings or contacting us at the address in Section 12.

6. Sharing of Information

6.1 Service Providers

We may share your information with trusted third-party vendors who assist us in operating the Site and conducting Foundation activities. These include our web hosting provider and email service provider. Service providers are contractually obligated to process your information only on our instructions, to maintain appropriate security, and not to disclose it for their own purposes.

6.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests from public authorities (e.g., a court order or government agency). We may also disclose information where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of the Foundation, our staff, or others.

6.3 Business Transfers

In the unlikely event of a merger, restructuring, or transfer of the Foundation’s operations or assets, personal information held by us may be among the assets reviewed or transferred, subject to equivalent privacy protections.

6.4 No Sale of Personal Data

We do not sell, trade, or otherwise transfer your personal information to outside parties for commercial purposes. The Foundation does not engage in data brokerage or targeted advertising.

7. International Data Transfers

The Foundation is based in the United States. If you are accessing the Site from the EU, UK, or another jurisdiction with data protection laws that differ from those of the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

For transfers of personal data from the EEA or UK to the United States, we rely on appropriate safeguards as permitted under applicable law, which may include Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office, or other lawful transfer mechanisms. By submitting your personal data through our contact form, you acknowledge that your data may be processed in the United States.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to respond to your inquiry, to evaluate a grant request, and to comply with our legal, accounting, or reporting obligations.

In general, contact form submissions are retained for a period of three (3) years from the date of receipt, unless a longer retention period is required or permitted by law or by our grant-making records management policies. Server log data is typically retained for no more than twelve (12) months. Anonymized or aggregated data, which cannot identify you, may be retained indefinitely.

When personal data is no longer needed, we will securely delete or anonymize it.

9. Data Security

We implement appropriate technical and organizational measures to protect the personal information we hold against unauthorized access, disclosure, alteration, or destruction. These measures include transport-layer security (TLS/HTTPS) for data in transit, access controls limiting data access to authorized personnel, and periodic review of our security practices.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach affecting your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law.

10. Your Privacy Rights

10.1 Rights Under the GDPR and UK GDPR

If you are located in the EEA or UK, you have the following rights under the GDPR and UK GDPR, subject to applicable exemptions:

Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request correction of inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”): You may request deletion of your personal data where there is no compelling reason for us to continue processing it.
Right to restriction of processing: You may request that we limit our processing of your personal data in certain circumstances.
Right to data portability: Where processing is based on your consent or a contract, and carried out by automated means, you may request a copy of your data in a structured, machine-readable format.
Right to object: You may object to processing based on legitimate interests or for direct marketing purposes (though we do not engage in direct marketing).
Rights in relation to automated decision-making: We do not engage in automated decision-making with legal or significant effects, so this right is not currently applicable.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us as described in Section 12. We will respond within thirty (30) days of receiving your request, or within the extended period permitted by law if your request is complex. We may ask you to verify your identity before processing your request.

You also have the right to lodge a complaint with your national or local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) at ico.org.uk. In the EU, contact the supervisory authority in the member state of your habitual residence, place of work, or place of the alleged infringement.

10.2 Rights Under U.S. State Privacy Laws

Certain U.S. state privacy laws may provide additional rights to residents of those states. The Foundation’s activities as a private nonprofit are generally exempt from several state privacy statutes, but we are committed to honoring reasonable requests from individuals regardless of where those rights apply as a matter of law.

California: Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), California residents may have rights to know, access, correct, delete, and opt out of the sale or sharing of personal information. The Foundation does not sell or share personal information for cross-context behavioral advertising. As a nonprofit organization, the Foundation may be exempt from certain CCPA obligations, but we will endeavor to honor individual requests in any event.

Other states: Residents of Virginia, Colorado, Connecticut, Texas, and other states with comprehensive consumer privacy laws may have similar rights to access, correct, or delete personal data we hold about them. Please contact us using the information in Section 12 to make such a request.

11. Children’s Privacy

The Site is not directed to children under the age of 13 (or under 16 for users in the EU/UK), and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at the address in Section 12 and we will promptly delete the information.

12. Third-Party Links

The Site may contain links to third-party websites, including links to IRS Form 990 documents hosted on third-party platforms and to the Foundation’s grantee organizations. This Privacy Policy applies only to the Site. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the “Last Updated” date at the top of this policy and, where appropriate, provide additional notice (such as a prominent notice on the Site). We encourage you to review this policy periodically to stay informed about how we protect your information.

Your continued use of the Site after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

The Klarman Family Foundation
Attn: Privacy Officer
P.O. Box 171627
Boston, MA 02117
United States
Tel: 617.236.7909

Online contact form: www.klarmanfoundation.org/contact-us

For EU/UK individuals who wish to exercise rights under the GDPR or UK GDPR, you may also contact your local supervisory authority. We will endeavor to acknowledge all privacy-related inquiries within five (5) business days and provide a substantive response within thirty (30) days.