Privacy Policy

1. Introduction

Gotham & Oz ("we," "our," or "us") is committed to protecting the privacy and confidentiality of individuals and organizations who apply for grant-funded strategic defense services through our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at gothamandoz.com or submit a grant application.

Given the sensitive nature of our work with activists, nonprofits, and human rights defenders, we maintain the highest standards of data protection and operational security.

2. Information We Collect

2.1 Information You Provide to Us

When you submit a grant application through our contact form, we collect:

• Grant Application Type: The category of grant you are applying for (Active Crisis, Urgent Situation, Strategic Defense, or General Inquiry)
• Name or Organization Name: Your individual name or the name of your organization
• Email Address: Your primary email address for communication
• Phone Number: Optional contact phone number
• Grant Application Details: Your detailed description of the situation, how our services would support your work, and relevant eligibility information
• Confidentiality Acknowledgment: Your agreement that communications are confidential and protected under attorney work-product privilege where applicable

2.2 Information Automatically Collected

We currently do not use analytics tools, cookies, or tracking technologies on our website. We may implement basic website analytics in the future to improve user experience. If we do, we will update this Privacy Policy and provide notice on our website.

2.3 Third-Party Services

Our website uses Google Fonts for typography. When you visit our website, your browser may connect to Google's servers to load these fonts. This connection is governed by Google's privacy policy. We use rel="preconnect" headers to optimize this connection for performance.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Grant Application Processing: To evaluate your eligibility for grant-funded services through the Embassy Row Project
• Communication: To respond to your inquiries, provide updates on your application status, and coordinate service delivery
• Crisis Response: To assess the urgency of your situation and initiate appropriate response protocols within our stated timeframes (2 hours for active crisis, 8-12 hours for urgent consultation, 24-48 hours for strategic planning)
• Service Delivery: If your grant application is approved, to provide the strategic defense, forensic analysis, and litigation support services you require
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security and Protection: To protect the rights, property, and safety of Gotham & Oz, our clients, and others

4. How We Share Your Information

4.1 Grant Evaluation

Grant applications submitted through Gotham & Oz are evaluated by the Embassy Row Project, which manages all grant decisions and funding. Your application information will be shared with Embassy Row Project leadership for independent evaluation.

4.2 Service Providers

If your grant is approved, we may share necessary information with trusted service providers who assist in delivering our services (e.g., legal counsel, forensic analysts, technical consultants). All service providers are bound by strict confidentiality obligations.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government inquiries). Where legally permissible, we will make reasonable efforts to notify you before disclosure.

4.4 Attorney Work-Product Privilege

Communications related to approved grant services may be protected under attorney work-product privilege where applicable. Information subject to such privilege will not be disclosed except as required by law or with your explicit written consent.

4.5 We Do NOT Sell Your Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Our funding model (100% grant-funded by James Scott through the Embassy Row Project) ensures we have zero commercial incentive to monetize applicant data.

5. Data Security

We implement security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security practices include:

• Secure Communication Channels: All data transmission between your browser and our servers is encrypted using HTTPS/TLS protocols
• Access Controls: Access to applicant information is restricted to authorized personnel who require it to perform their duties
• Operational Security: We employ military-grade operational security practices to protect sensitive activist and nonprofit data
• Security Headers: Our website implements Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, and other security headers to prevent common web vulnerabilities
• Secure Data Storage: Grant application data is stored securely with appropriate encryption and access logging

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to maintaining industry-leading practices appropriate for the sensitivity of the data we handle.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Grant Applications (Not Approved): Retained for up to 12 months to track application patterns and improve our evaluation process
• Grant Applications (Approved): Retained throughout the service engagement and for up to 7 years thereafter for legal compliance, litigation support, and evidence preservation purposes
• Crisis Response Records: Retained indefinitely where necessary to support ongoing litigation, maintain evidence chains, or comply with legal obligations

You may request deletion of your information by contacting us at support@gothamandoz.com, subject to our legal obligations to retain certain records.

7. Your Privacy Rights

7.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request confirmation of whether we process your personal information and obtain a copy of such information
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request a copy of your personal information in a structured, commonly used, machine-readable format
• Objection: Object to processing of your personal information for certain purposes
• Restriction: Request restriction of processing under certain circumstances

7.2 GDPR Rights (European Economic Area Residents)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to withdraw consent at any time where processing is based on consent
• The right to lodge a complaint with your local data protection authority
• The right to receive information about international data transfers and safeguards in place

7.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, disclose, and sell
• The right to request deletion of your personal information
• The right to opt-out of the sale of personal information (note: we do not sell personal information)
• The right to non-discrimination for exercising your CCPA rights

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at:

• Email: support@gothamandoz.com
• Phone: +1-800-555-1234

We will respond to your request within 30 days (or as otherwise required by applicable law). We may require verification of your identity before processing your request.

8. International Data Transfers

Gotham & Oz serves activist organizations, nonprofits, and human rights defenders worldwide. If you are located outside the United States, please be aware that information we collect may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

When we transfer personal data from the EEA to countries without an adequacy decision from the European Commission, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information promptly.

10. Third-Party Links

Our website may contain links to third-party websites (e.g., Secure Portal at secure.gothamandoz.com, Embassy Row Project). This Privacy Policy applies only to information collected through gothamandoz.com. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Privacy Policy on this page with a revised "Last Updated" date.

If we make material changes that significantly affect your privacy rights, we will provide prominent notice on our website or, where appropriate, contact you directly via email.

Your continued use of our website after changes are posted constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

For urgent privacy concerns related to active grant engagements, please indicate "URGENT: Privacy Matter" in your subject line.

13. Acknowledgment

By using our website and submitting a grant application, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.