Perennial Insight (“we,” “us,” or “our”) operates the Perennial Insight website and data platform (the “Service”), which provides financial transparency data for the social impact industry. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website or use our Service.
By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
Categories of Personal Information
The following table describes the categories of personal information we have collected from consumers in the preceding twelve (12) months, the sources from which each category is collected, the business purposes for collection, and the categories of third parties with whom each category is disclosed.
| Category (CCPA) | Examples We Collect | Source | Business Purpose | Third Parties Disclosed To |
|---|---|---|---|---|
| A. Identifiers | Full name, email address, account ID | Directly from you (registration, contact form) | Account creation, communication, inquiry response | Service providers (Supabase, Vercel) |
| B. Personal information per Cal. Civ. Code § 1798.80(e) | Name, email address, organization name | Directly from you (registration, contact form) | Account creation, communication | Service providers (Supabase) |
| D. Commercial information | Organization type, inquiry type, subscription or access level | Directly from you (contact form, account activity) | Service delivery, inquiry response | Service providers (Supabase) |
| F. Internet or other electronic network activity | Browser type, device type, pages viewed, referral source, general geographic region | Collected automatically (Vercel Analytics) | Website improvement, usage analysis | Service providers (Vercel) |
| K. Inferences | User role (admin or user) | Derived from account activity | Access control, platform administration | Service providers (Supabase) |
We do not collect categories C (characteristics of protected classifications), E (biometric information), G (geolocation data beyond general region), H (sensory data), I (professional or employment-related information beyond organization name), or J (non-public education information).
Sensitive Personal Information. We collect account login credentials (email address in combination with a password) which may constitute sensitive personal information under the CCPA. This information is used solely for the purpose of authenticating your identity and providing access to your account. We do not use sensitive personal information for any purpose other than what is necessary to provide the Service, and we do not use or disclose it for the purpose of inferring characteristics about you.
Sources of Personal Information
We collect personal information from the following sources:
Directly from you. When you create an account, submit a contact form, or create notes within the Data Explorer, you provide us with personal information voluntarily.
Automatically from your device. When you visit our website, Vercel Analytics collects anonymized, aggregated usage data such as page views, referral sources, browser type, device type, and general geographic region. Vercel Analytics is designed to be privacy-friendly and does not use cookies or collect personally identifiable information for analytics purposes.
Authentication cookies. We use cookies that are strictly necessary to manage your authentication session when you log in. These cookies are set and managed through Supabase and are required for the Service to function properly. We do not use cookies for advertising or behavioral tracking.
We do not collect personal information from third-party sources.
User-Generated Content
If you are an authenticated user of our data platform, you may create personal notes on financial line items within the Data Explorer. These notes are stored in our database and are visible only to you.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To create and manage your user account and authenticate your identity.
- To provide access to the Data Explorer and other platform features.
- To respond to your inquiries and contact form submissions.
- To store your personal notes within the platform so they are available across sessions.
- To understand how our website is used and to improve the Service.
- To protect the security and integrity of our platform.
- To comply with legal obligations.
3. How We Share Your Information
Sale and Sharing of Personal Information
We do not sell your personal information. In the preceding twelve (12) months, we have not sold any personal information to any third party, as “sell” is defined under the CCPA.
We do not share your personal information for cross-context behavioral advertising. In the preceding twelve (12) months, we have not shared any personal information for cross-context behavioral advertising purposes, as “share” is defined under the CCPA.
Because we do not sell or share personal information, we do not offer a “Do Not Sell or Share My Personal Information” link. If our practices change, we will update this policy and provide the required opt-out mechanism.
Disclosures for Business Purposes
We may disclose personal information to the following categories of service providers strictly for business purposes. Each service provider is contractually obligated to use the information only for the specific purpose for which it was disclosed and to protect it in accordance with applicable law.
Service Providers.
- Supabase — authentication, database hosting, and data storage. Receives: identifiers, account credentials, user-generated notes.
- Vercel — website hosting and privacy-friendly analytics. Receives: anonymized internet activity information (page views, device type, browser type, general region).
- Google Fonts — web typography served via Next.js font optimization. Receives: standard HTTP request data.
Legal Requirements. We may disclose your information if required to do so by law, regulation, legal process, or government request, or if we believe disclosure is necessary to protect our rights, the safety of our users, or the public.
Business Transfers. In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. Such a transfer does not constitute a “sale” under the CCPA. We will notify you of any such change.
4. Data Storage and Security
Your data is stored in Supabase’s cloud infrastructure, which provides enterprise-grade security including encrypted data at rest and in transit, and row-level security policies that ensure users can only access their own data. Administrative access to user data is restricted to authorized personnel with admin-level roles.
While we implement reasonable technical and organizational measures to protect your personal information, no method of transmission over the internet or electronic storage is completely secure.
5. Data Retention
We retain each category of personal information only for as long as reasonably necessary to fulfill the purpose for which it was collected, or as required by law. The following describes our retention practices by category:
| Data Category | Retention Period |
|---|---|
| Account profile information (name, email, role) | Retained for as long as your account is active. Deleted upon account deletion request. |
| Account credentials (password) | Retained in hashed form for as long as your account is active. Deleted upon account deletion request. |
| Contact form submissions (name, email, organization, message) | Retained for up to twenty-four (24) months after inquiry resolution, then deleted. |
| User-generated notes (Data Explorer) | Retained for as long as your account is active. Deleted upon account deletion request. |
| Analytics data (anonymized usage data) | Retained by Vercel in aggregated, anonymized form in accordance with Vercel’s data retention policies. This data is not personally identifiable. |
| Authentication cookies | Expire at the end of your authenticated session or upon logout. |
If you request deletion of your account, we will delete your profile and all associated data, including any personal notes, from our systems within forty-five (45) calendar days.
6. Your Rights and Choices
Depending on your jurisdiction, you may have certain rights regarding your personal information. The following section describes rights available under applicable law, including those provided by the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
Rights Available to All Users
- Access and Portability. You may request a copy of the personal information we hold about you.
- Correction. You may update your account information through your profile settings or by contacting us.
- Deletion. You may request deletion of your account and associated data.
- Withdraw Consent. Where processing is based on consent, you may withdraw consent at any time.
- Restrict Processing. You may ask us to limit how we use your data in certain circumstances.
Additional Rights for California Residents Under the CCPA
If you are a California resident, you have the following rights under the CCPA:
Right to Know. You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom we have shared it. You may make this request for free up to twice in a twelve (12) month period. You may also request personal information collected prior to the twelve-month period preceding your request, as long as it was collected on or after January 1, 2022.
Right to Delete. You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions permitted by law (for example, if the information is needed to complete a transaction, detect security incidents, or comply with a legal obligation).
Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt-Out of Sale or Sharing. You have the right to opt out of the sale or sharing of your personal information. As stated in Section 3, we do not currently sell or share your personal information as those terms are defined under the CCPA.
Right to Limit Use of Sensitive Personal Information. You have the right to limit our use of your sensitive personal information to purposes that are necessary to provide the Service. We only use sensitive personal information (account login credentials) for authentication and do not use it for any additional purposes.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide you a different level or quality of service, or suggest that you will receive a different price or level of service for exercising your rights.
How to Exercise Your Rights
To submit a request to know, delete, or correct your personal information, you may contact us by either of the following methods:
- Email: michael@perennialinsight.com
- Contact Form: Submit a request through the contact page on our website at perennialinsight.com/contact
Verification. When you submit a request, we will verify your identity to protect your information. If you have an account with us, we will verify your identity through your account credentials. If you do not have an account, we may ask you to provide information that matches what we have on file, such as your name and email address.
Response Timing. We will acknowledge your request within ten (10) business days and provide a substantive response within forty-five (45) calendar days of receiving your verifiable request. If we need additional time, we will notify you of the extension and the reason for it, for a maximum total response period of ninety (90) calendar days.
Authorized Agents. You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of written authorization and may still require you to verify your identity directly with us.
7. Publicly Available Data Displayed on Our Platform
Nature and Sources of Public Data
The Perennial Insight Data Explorer aggregates and displays financial data sourced exclusively from publicly available records. We do not collect this data from or about individual consumers. Sources include:
- Audited financial statements published by Community Development Financial Institutions (CDFIs), nonprofits, and foundations.
- IRS Form 990 and Form 990-PF filings which are public records available through the IRS and third-party sources such as ProPublica’s Nonprofit Explorer.
- Annual reports and other publicly released documents from the organizations profiled on our platform.
All data displayed in the Data Explorer pertains to organizations — not to individual consumers — and is presented for informational and educational purposes only.
Individual Names in Public Records
Certain organization profiles on our platform may include the names and titles of officers, directors, key employees, or board members. This information is drawn directly from publicly filed documents, including IRS Form 990 (Part VII — Compensation of Officers, Directors, Trustees, Key Employees) and published audited financial statements. Where applicable, aggregate officer and employee compensation figures derived from these filings may also be displayed.
We display this information because it is part of the public record and is relevant to understanding an organization’s governance and financial management. We do not independently collect personal information about these individuals, and we do not use their names for marketing, profiling, or any purpose beyond presenting the public filing data.
Employer Identification Numbers (EINs)
Organization profiles include Employer Identification Numbers (EINs) assigned by the IRS. EINs are public identifiers for tax-exempt organizations and are published by the IRS as part of the public record. They are not equivalent to individual Social Security Numbers and are not treated as sensitive personal information.
Publicly Available Information Under the CCPA
Under the CCPA, “personal information” does not include information that is lawfully made available from federal, state, or local government records. The organizational financial data, officer and director names, compensation figures, and EINs displayed on our platform are derived from government filings (IRS Form 990, Form 990-PF) and other publicly available sources. To the extent this information qualifies as publicly available government records under Cal. Civ. Code § 1798.140(v)(2), it is exempt from the CCPA’s definition of personal information.
Notwithstanding this exemption, we are committed to handling all data responsibly. If you are an individual named in a public record displayed on our platform and you have concerns about how your information appears, please contact us at michael@perennialinsight.com. We will review your request and, where appropriate, correct inaccurate information or work with you to address your concern.
AI-Assisted Data Extraction
We use artificial intelligence (AI) tools to assist in extracting financial data and impact information from publicly available source documents, including audited financial statements, IRS Form 990 filings, and annual reports. AI is used as a data extraction and processing tool — it reads source documents and structures the information into standardized formats for display on our platform.
AI is not used to make decisions about individuals, generate scores or ratings of consumers, or produce automated assessments that affect any person’s rights, opportunities, or access to services. Its role is limited to processing publicly available organizational data. Human review is part of our quality assurance process, but given the volume and complexity of financial documents, AI-extracted data may contain errors, omissions, or misinterpretations of source material.
Because AI-assisted extraction is involved, we strongly encourage users to verify any data point against the original source document before relying on it for investment, grantmaking, or other decisions. Links to original source documents, including PDF filings and ProPublica Nonprofit Explorer pages, are provided where available on each organization’s profile.
Accuracy and Limitations
We strive to present public financial data accurately and faithfully. However, we make no representations or warranties regarding the completeness, accuracy, reliability, or timeliness of the data displayed on our platform. Financial data is extracted from publicly available source documents using a combination of AI-assisted tools and human review, and may contain errors or omissions present in the original filings or introduced during the extraction process. Users should consult the original source documents before making any decisions based on data presented on our platform.
Our platform does not constitute an authoritative or official source of financial information. The original filing with the IRS or the organization’s published audited financial statements remain the definitive records.
8. Third-Party Links
Our platform may contain links to third-party websites, including ProPublica’s Nonprofit Explorer, the IRS Tax Exempt Organization Search, and individual organization websites. This Privacy Policy applies only to our Service. We are not responsible for the privacy practices of third-party sites, and we encourage you to review their privacy policies before providing them with any personal information.
9. Children’s Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child under 16, please contact us so we can promptly delete it.
10. Changes to This Privacy Policy
We will review and update this Privacy Policy at least once every twelve (12) months. When we make material changes, we will update the “Last Updated” date at the top of this page and, where required by law, provide additional notice such as a prominent announcement on our website. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Notice to California Residents — CCPA Supplemental Disclosures
This section applies solely to visitors, users, and others who reside in the State of California and supplements the information contained elsewhere in this Privacy Policy with disclosures required under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
Personal information collected. In the preceding twelve (12) months, we have collected the categories of personal information described in the table in Section 1 of this Privacy Policy.
Personal information sold or shared. In the preceding twelve (12) months, we have not sold or shared (as those terms are defined under the CCPA) any personal information of California residents to any third party for monetary or other valuable consideration, or for the purpose of cross-context behavioral advertising.
Sensitive personal information. We collect account login credentials (email and password) as described in Section 1. We do not use or disclose sensitive personal information for purposes other than those permitted under Cal. Civ. Code § 1798.121(a).
Publicly available information. A significant portion of the data displayed on our platform is derived from publicly available government records and other publicly available sources, as described in Section 7. To the extent such data qualifies as publicly available information under Cal. Civ. Code § 1798.140(v)(2), it is not subject to the CCPA.
Financial incentives. We do not offer any financial incentives, price differences, or service differences in exchange for the collection, retention, or sale of personal information.
12. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal information, please contact us:
Perennial Insight
michael@perennialinsight.com
perennialinsight.com/contact