Legal

Privacy Policy

Last updated 17 July 2026. How we collect, use, store, and protect your personal data.

1. Who this policy covers

This policy applies to anbuillamtrust.org, including its 1 Million Palm Trees pages, and describes how Anbu Illam Trust ([[Registered Trust — add registration number and 12A/80G status]]) collects and handles personal data from visitors, donors, guardian applicants, and volunteers.

We are the data controller for information collected through this site. Questions about this policy or your data can be sent to [email protected].

2. What we collect

We collect only what a form on this site asks for, directly from you:

  • Contact form — name, email, subject, and message.
  • Guardian applications — name, email, phone, district, and which guardian tier interests you.
  • Adoption / donation enquiries— name, email, phone, the campaign and species or package chosen, and an optional dedication name ("in honour of").
  • Newsletter or updates — email address, and language preference if given.

We also collect basic technical data automatically — IP address, browser type, and page-request logs — generated by any visit to a website, for security and to keep the site running.

We do not currently process online payments on this site. Donations are arranged directly by email or bank transfer until a verified payment channel is connected; if that changes, this policy will be updated to name the payment processor and what it collects.

3. Why we collect it

  • To respond to an enquiry, message, or request you sent us.
  • To process a guardian application or an adoption/donation enquiry, and follow up with you about it.
  • To send programme updates or a newsletter, only if you asked to receive them.
  • To keep records that let us answer a donor's question about their own contribution — see our Transparency page.
  • To secure the site and diagnose technical problems.
  • To meet legal, tax, and regulatory obligations that apply to a registered trust.

4. Our legal basis

Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), we process your data on the basis of your consent — given when you submit a form — or, for technical and security logs, our legitimate use in operating the site safely.

For visitors in the European Economic Area or UK, where GDPR applies, the equivalent bases are: consent (forms, newsletter), legitimate interests (security, fraud prevention), and legal obligation (statutory recordkeeping).

5. Where and how we store it

Form submissions are stored in a database hosted on Cloudflare's infrastructure. Cloudflare operates data centres in multiple regions; we do not currently commit to a single data-residency location. We use industry-standard access controls — only trust staff who need it to respond to your enquiry can see your data.

[[If a data-residency commitment or a specific Cloudflare region is fixed for this deployment, state it here plainly.]]

6. How long we keep it

  • Contact and general enquiries — up to 24 months, or until resolved plus a reasonable follow-up period.
  • Guardian applications — for the duration of the application process, and for as long as you remain an active or prospective guardian.
  • Adoption/donation enquiry records — retained as long as needed to service the adoption and to meet our statutory recordkeeping duties as a registered trust.
  • Newsletter subscriptions — until you unsubscribe.
  • Technical/security logs — a short rolling window, typically weeks, not years.

7. Who we share it with

We do not sell your data. We may share it with:

  • Our infrastructure providers (Cloudflare) acting strictly as data processors, to run this website.
  • A payment processor, if and when one is connected for online donations — this policy will be updated first.
  • Our auditor or statutory authorities, where required by law.
  • Our partner organisations named on the Partnership page — only where a specific programme you signed up for is run jointly, and only the data needed for that programme.

We do not share your data for third-party advertising.

8. Your rights

Under the DPDP Act, as a Data Principal you have the right to:

  • Ask what personal data we hold about you, and get a summary of it.
  • Ask us to correct inaccurate or incomplete data.
  • Ask us to erase data that is no longer needed for the purpose it was collected for.
  • Withdraw consent at any time — for a newsletter, this is as simple as unsubscribing.
  • Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
  • Register a complaint with the Data Protection Board of India if you believe we have mishandled your data.

If GDPR applies to you, you additionally have the right to data portability and the right to object to processing based on legitimate interests.

To exercise any of these rights, write to [email protected]. We will respond directly, not with a form letter.

9. Children's data

This website's forms are for adults — donors, volunteers, and guardian applicants. We do not knowingly collect personal data from children through this site. Photographs or information about children in our residential care or education programmes are handled separately, under child-safeguarding practice, and are never published without appropriate consent and care for the child's privacy and safety.

10. Cookies

This site uses only what is strictly necessary to function — no third-party advertising or tracking cookies. If that changes, we will add a cookie notice and consent control before any non-essential cookie is set.

11. Security

We use reasonable technical and organisational measures — access controls, encrypted transport (HTTPS), and limited internal access — to protect the data you give us. No system is completely secure, and we will notify affected individuals and the relevant authority if a breach involving your personal data occurs and creates a real risk to you, as required by law.

12. Changes to this policy

We will update this page when what we collect or how we use it changes, and update the date below. Material changes — a new payment processor, a new category of data collected — will be called out plainly, not buried in a version bump.

13. Contact

For any privacy question, request, or concern: [email protected], or write to us at 22, Swamy Nagar, Kolathur, Chennai — 600099.