Privacy Policy

This Privacy Policy ("Policy") describes the information practices of Project Black Men, LLC ("Project Black Men," "we," "us," or "our") in connection with the ARISE platform ("Platform" or "ARISE"). This Policy applies to all users of the Platform, including parents, legal guardians ("Parents"), youth participants ("Participants"), and organizational facilitators ("Facilitators").

We are committed to protecting the privacy of the young people and families we serve. Because many Participants are under the age of 18, and some are under the age of 13, we have designed this Policy and our data practices to comply with the Children's Online Privacy Protection Act, 15 U.S.C. § 6501–6506 ("COPPA"), and applicable state privacy laws. Where COPPA requires protections only for children under 13, we extend equivalent protections to all Participants under 18 as a matter of organizational policy.

1. Operator Information

The operator of this Platform is Project Black Men, LLC For privacy inquiries, contact: privacy@raisingmenproject.org.

2. Information We Collect

2.1 Information Provided Directly by Parents

Account registration information, including email address, full name, and selected role. Weekly parent observation responses submitted through the Platform's structured questionnaires. Free-text commentary regarding the Participant's week. Consent records, including IP address at time of consent.

2.2 Information Collected from Participants

Participants access ARISE through single-use secure links provided by their Parent; they do not create accounts or provide credentials. The following information is collected from Participants: first name and age; responses to structured weekly check-in questions covering mood, habits, relationships, goals, and wellbeing; free-text responses where the Participant chooses to elaborate; and behavioral metadata, including response timing (time spent on each question) and answer revision patterns (instances where an answer was changed before submission).

2.3 Information Collected Automatically

IP address (used solely for rate limiting and security); browser user-agent string; timestamps of Platform interactions. We do not deploy tracking cookies, advertising pixels, or third-party analytics services.

3. Use of Information

3.1 AI-Assisted Developmental Insight Generation

Participant check-in responses are transmitted to Anthropic, PBC ("Anthropic") via their application programming interface for processing by the Claude large language model. This processing generates: (a) a personalized developmental message delivered to the Participant through the Platform; (b) numerical developmental scores across six domains of the ARISE Youth Development Framework; (c) a Parent-facing summary of the Participant's week; and (d) a Facilitator-facing clinical-language report.

Data minimization. We transmit only the minimum information necessary for insight generation. Specifically, we transmit the Participant's first name, age band, and check-in responses. We do not transmit email addresses, last names, physical addresses, school names, or other directly identifiable information to Anthropic.

The AI system does not render clinical diagnoses, prescribe treatment, or make autonomous decisions affecting the Participant. All outputs are informational and designed to support human mentoring relationships.

3.2 Developmental Tracking

Longitudinal check-in data is retained within the Platform to identify developmental patterns, track progress, and personalize future interactions. This data is accessible only to the Participant's Parent, authorized Facilitators within the Parent's enrolled organization, and Platform administrators.

3.3 Safety Monitoring and Mandatory Escalation

The Platform includes automated safety monitoring. If a Participant's responses indicate potential crisis — including but not limited to self-harm ideation, suicidal language, or disclosures of abuse — the Platform will: (a) immediately display crisis intervention resources, including the 988 Suicide & Crisis Lifeline and Crisis Text Line; (b) create an immutable safety record in the Platform database; and (c) generate a notification to Facilitators and program staff for follow-up. This safety protocol is non-optional and cannot be disabled by any user. We consider this mandatory escalation to be in the Participant's vital interest.

Mandatory Reporting. Depending on applicable state law, Project Black Men and its staff may be required to report certain disclosures — including disclosures of child abuse, neglect, or imminent threat of harm — to child protective services, law enforcement, or other governmental authorities. Such reporting obligations exist independent of and take precedence over this Policy. We will endeavor to notify the relevant Parent of any such report, except where prohibited by law or where notification may compromise the safety of the Participant.

4. Third-Party Service Providers

We engage the following service providers in connection with Platform operations:

Supabase, Inc. — Database hosting and authentication services. Data is stored on servers located in the United States and encrypted at rest (AES-256) and in transit (TLS 1.2+).

Anthropic, PBC — AI inference services for developmental insight generation. Data transmitted to Anthropic via API is not used by Anthropic to train, improve, or fine-tune its models, pursuant to Anthropic's API Terms of Service.

Vercel, Inc. — Application hosting. Vercel processes HTTP requests but does not have access to stored user data.

We do not sell, rent, license, or otherwise disclose Participant data to any third party for advertising, marketing, profiling, or any purpose unrelated to the operation of the Platform.

5. Parental Consent

Consistent with COPPA, we obtain verifiable parental consent before collecting personal information from any Participant under the age of 13. As a matter of organizational policy, we require equivalent consent for all Participants under 18. Consent is obtained through our electronic consent flow, which requires the Parent to: (a) review this Privacy Policy and the Terms of Service; (b) acknowledge the use of AI for data processing; (c) acknowledge the right to delete the Participant's data at any time; (d) acknowledge the safety monitoring protocol; and (e) affirmatively consent by activating the Participant's check-in access.

Consent may be revoked at any time. Revocation immediately deactivates the Participant's access link and halts further data collection. Previously collected data may be deleted upon request as described in Section 6.

6. Parental Rights

Parents have the following rights, exercisable at any time through the Platform dashboard or by written request to privacy@raisingmenproject.org:

Right of access and review. Parents may review all information collected from or about their child through the Platform dashboard.

Right of portability. Parents may request and receive a complete export of their child's data in a structured, machine-readable format (JSON).

Right of deletion. Parents may request permanent, irreversible deletion of all data collected from or about their child. Upon such request, we will delete all check-in responses, developmental insights, scoring data, onboarding responses, memory profiles, parent observations, and safety records associated with the Participant. The sole exception is an immutable audit log entry recording that deletion was performed, the date of deletion, and the identity of the requesting Parent — retained for compliance evidence.

Right to revoke consent. Parents may withdraw consent for ongoing data collection at any time, as described in Section 5.

Right to information. Parents may request a description of the types of information collected, the purposes for which it is used, and whether it has been disclosed to any third party.

7. Data Security

We implement administrative, technical, and physical safeguards designed to protect Participant data, including: encryption at rest and in transit; Row Level Security database policies ensuring data isolation between families and organizations; server-side input validation on all API endpoints; rate limiting to prevent abuse; structured audit logging of security-relevant events; and authentication via Supabase Auth with cookie-based session management (no client-side token storage).

8. Data Retention

We retain Participant data for the duration of the Parent's active consent. If consent is revoked or deletion is requested, data is permanently deleted within seventy-two (72) hours. In the event of account inactivity exceeding twelve (12) consecutive months (no check-ins or Parent logins), we will send a notification to the Parent's registered email address. If no response is received within thirty (30) days of notification, we reserve the right to delete the associated Participant data.

9. Amendments

We may amend this Policy from time to time. Material amendments — including changes to categories of data collected, new third-party disclosures, or modifications to parental rights — will be communicated to Parents via email at least thirty (30) days before taking effect. Non-material clarifications or formatting changes may be made without advance notice. Continued use of the Platform following the effective date of an amendment constitutes acceptance of the revised Policy. If a Parent does not agree to an amendment, they may exercise their right of deletion and discontinue use of the Platform.

10. Contact

For questions, requests, or complaints regarding this Policy or the handling of Participant data:

Project Black Men, LLC
Attn: Privacy Inquiries
Email: privacy@raisingmenproject.org

This Privacy Policy is designed to comply with the Children's Online Privacy Protection Act (15 U.S.C. § 6501–6506), the FTC's COPPA Rule (16 C.F.R. Part 312), and applicable state privacy statutes.