Privacy Policy
Last updated: December 2025
Collective Threat Response Initiative, Inc. ("CTRI," "we," "us," or "our") is a 501(c)(3) nonprofit organization committed to protecting the security, privacy, and trust of our community. This Privacy Policy explains how we collect, use, store, share, and protect personal information obtained through our website (ctresponse.org), online forms, donation platforms, and related digital services.
This policy applies to all website visitors, donors, volunteers, applicants, event participants, and other individuals who interact with CTRI online.
1. Information We Collect
We collect information only to the extent reasonably necessary to operate our programs, comply with legal obligations, and fulfill our mission.
a. Information You Provide Voluntarily
Depending on how you interact with CTRI, we may collect:
Contact Information: name, email address, phone number, mailing address
Donation Information: donation amount, payment method details (processed by third‑party platforms), donor preferences
Volunteer & Applicant Information: biographical data, background information, training history, references, licensing details, certifications, availability, equipment readiness, and other information relevant to volunteer screening and placement
Event & Program Information: registration details, attendance records, and related communications
Communications: emails, messages, and form submissions you send to us
b. Sensitive Information
Some CTRI programs—particularly volunteer security screening—require the collection of sensitive personal information, which may include:
Government‑issued identification details
Background screening information
Licensing and credentialing information
Training, firearms, or security‑related qualifications
We collect such information only when necessary, limit access strictly, and apply heightened safeguards.
c. Information Collected Automatically
When you visit our website, we may automatically collect limited technical data, such as:
IP address
Browser type and operating system
Pages viewed and referring URLs
Date and time of access
This information is used for website security, analytics, and performance improvement.
2. How We Use Information
CTRI uses collected information for the following purposes:
To operate, administer, and improve our programs and services
To process donations and issue acknowledgments where applicable
To evaluate, screen, and manage volunteers and applicants
To communicate with you regarding programs, events, training, or organizational updates
To comply with legal, regulatory, licensing, and insurance requirements
To protect the safety, integrity, and security of CTRI operations and the communities we serve
We do not use personal information for commercial advertising purposes.
3. Sharing and Disclosure of Information
a. Background Checks and Fair Credit Reporting Act (FCRA) Notice
Certain CTRI volunteer, instructor, or security-related roles require background screening, credential verification, or similar vetting. Where applicable, CTRI may obtain consumer reports or investigative consumer reports from third-party screening providers in compliance with the Fair Credit Reporting Act (FCRA) and applicable state laws.
When such screening is required:
You will be provided with any legally required disclosures and authorizations prior to initiation of a background check
Screening will be conducted solely for permissible nonprofit, security, and volunteer-screening purposes
CTRI will not request or use background information except as allowed by law
If information obtained through a consumer report may result in an adverse decision, you will be provided with any required pre-adverse and adverse action notices, along with your rights under the FCRA
Background check information is handled with heightened confidentiality and access is strictly limited to authorized personnel.
3. Sharing and Disclosure of Information
CTRI does not sell, rent, or trade personal information.
We may share information only in the following limited circumstances:
a. Service Providers
We use trusted third‑party providers to support operations, such as:
Donation processing platforms
Form and data‑collection services
Email and communications tools
Background screening providers (where applicable)
These providers receive only the information necessary to perform their functions and are contractually required to safeguard it.
b. Legal and Regulatory Requirements
We may disclose information when required to comply with:
Applicable laws or regulations
Court orders, subpoenas, or lawful requests
Licensing, insurance, or regulatory authorities
c. Safety and Security
Information may be disclosed if reasonably necessary to:
Protect the safety of individuals or the public
Prevent fraud, abuse, or misuse of CTRI systems
Respond to credible threats or security incidents
Text Messaging (SMS) Privacy
CTRI may communicate with volunteers, donors, or other individuals via text message where consent has been provided.
All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Text messaging originator opt-in data and consent information will not be shared, sold, rented, or disclosed to any third parties, except as required by law or to facilitate message delivery through authorized service providers acting on CTRI’s behalf.
4. Data Security
CTRI takes data security seriously and implements administrative, technical, and organizational safeguards appropriate to the sensitivity of the information we collect, including:
Restricted access to sensitive data
Use of secure platforms and encrypted services where available
Role‑based access controls for volunteer and applicant data
Limiting internal access to personnel with a legitimate operational need
No system can be guaranteed 100% secure, but we continuously review and improve our security practices.
5. Data Retention
We retain personal information only as long as reasonably necessary for:
Operational and programmatic purposes
Legal, regulatory, licensing, or insurance obligations
Security and audit requirements
Volunteer and applicant data may be retained for a period necessary to support ongoing screening, compliance, and organizational integrity, even if an applicant is not accepted.
6. Your Choices and Rights
a. Rights Related to Background Screening
If CTRI conducts background screening under the FCRA, you have the right to:
Request information about the consumer reporting agency used
Dispute the accuracy or completeness of information in any consumer report
Receive a copy of the consumer report upon request, as required by law
These rights apply only where FCRA-governed screening is conducted and do not limit CTRI’s independent evaluation of volunteer suitability within the bounds of applicable law.
6. Your Choices and Rights
Depending on your relationship with CTRI and applicable law, you may:
Request access to or correction of your personal information
Request deletion of certain information, subject to legal and operational constraints
Opt out of non‑essential communications
Requests may be submitted using the contact information below. Identity verification may be required.
7. Children’s Privacy
CTRI does not knowingly collect personal information from children under 13 through its website. If you believe such information has been inadvertently collected, please contact us promptly.
8. External Links
Our website may contain links to third‑party sites. CTRI is not responsible for the privacy practices or content of external websites. We encourage users to review the privacy policies of any third‑party services they use.
9. Jurisdiction-Specific Notices (Virginia, Maryland, and District of Columbia)
CTRI operates programs and collects information in Virginia, Maryland, and the District of Columbia. Accordingly:
CTRI complies with applicable state nonprofit governance, charitable solicitation, and data-protection requirements in each jurisdiction
Where state law provides greater privacy or data-access rights than federal law, CTRI applies the higher standard
Volunteer and security-related data may be retained and reviewed as required by state licensing, insurance, or regulatory authorities governing security services and volunteer screening
Nothing in this policy is intended to limit rights provided under applicable state law.
9. Updates to This Policy
CTRI may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes. Updates will be posted on this page with a revised effective date.
Continued use of our website or submission of information after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact:
Collective Threat Response Initiative, Inc.
Email: privacy@ctresponse.org
Website: https://www.ctresponse.org
By using our website or submitting information to Collective Threat Response Initiativec, you acknowledge and agree to this Privacy Policy.