"CSF" refers to CSF staff, board members, cooperating attorneys, interns, volunteers, and consultants in this policy. All of them are bound by law or contract to keep confidential information they receive as part of their assistance to CSF.
CSF does not sell or rent member, donor, or website visitor information under any circumstances. We do not share member, donor, or visitor information without prior consent except as compelled by law. This restriction applies to members and donors who join or donate online and offline. (See discussion below.)
Information Gathered by CSF's Site
Logging: We generally log requests to our website through and do internal analytical logging for visitors to our website.
Circumstances in which CSF may need to log and retain technical information for longer than seven days include when we believe it is reasonably necessary for CSF's mission and functionality, including situations such as:
- site testing,
- diagnosis of technical problems,
- defending against attacks to the site,
- handling a spike in traffic or other abnormal, short-term circumstances, or
- research projects (anonymized form) that serve our overall mission to defend freedom online.
In those and similar situations, we will delete the information as soon as it is apparent that the data is no longer needed for the purpose for which it was retained.
How CSF Internal Analytics Works: CSF endeavors to gather sufficient information for analyzing our website and how visitors move within it without compromising the privacy of our visitors.
CSF's internal analytical logging.
Cookies: We do not use persistent ID cookies on this site except where you click "remember me" or are logged in, as you can be for the Member Center. We use session cookies on certain portions of the website. Session cookies expire when you close your browser. You can use Tor if you wish to keep your connection information anonymous, but please note that you can still be identified to CSF if you log in.
Voluntarily Submitted Information: CSF also collects and retains the information you voluntarily submit to us. It is up to you to submit information to us and how much information to provide. Suppose you choose to become a CSF member, use the CSF Shop, otherwise donate to CSF or use our Member Center. In that case, we may ask for identifying information such as your name, email address, mailing address, and phone number and retain that information. We also ask for your credit card number or other payment information for online donors and shoppers. We maintain aggregate information about participation in the action campaigns for the Member Center. If you agree, we will also maintain account-specific records of your use of the Member Center. If you use the CSF Shop, you are asked to provide personal information, such as the shipping address necessary to complete your transaction.
From time to time, we may ask for personal information on other portions of the site, such as asking you to sign a petition, participate in a contest, or provide prior art for a patent-busting project.
FreeSpeechUpdate and other Mailing Lists: If you choose to subscribe to FreeSpeechUpdate, our free electronic newsletter, or any of our other mailing lists, we collect your email address and, if you choose to provide it, a postal code.
CSF's Use of Information
In general, CSF uses the information provided by you to further its mission, including protecting your free speech rights in the digital world.
Member and Donor Information: We use member and donor information for our legitimate interest in processing and managing your membership or contribution, including fundraising reminders and renewals. If you agree, we will use your email address to send you updates and alerts on protecting your free speech rights in the digital world, so you may take action, such as contacting your representative in Parliament or attending an event. If you choose to complete the "Please tell us why you became a member of CSF" field when donating, this information may be shared with the entire CSF staff and board, and select unattributed quotes may be used to promote our mission, such as including a relevant quote in a grant proposal.
Member Center: We use the information you supply in our Member Center to help you take action in support of digital civil liberties, such as contacting decision-makers (e.g., a representative in Parliament) and their staff, signing a petition, or sharing a message on social media. We may use Member Center information to assess the success of action campaigns, improve our site's functionality, and allow you to see records of your activities. We, and our coalition partners, may publicize and share aggregate information about action campaigns, such as the number of people who participated in a particular location or region or through a type of action, as well as sharing or publicizing activity trends.
Publication by CSF: If you provide information for publication, we may use your name and contact information you have provided to us to provide you with attribution.
Other activities: We may run surveys, contests, or similar activities through this site. Such information will be used for the purposes for which it was collected. We use the information provided through our online shop to fulfill your order and address any problems that might arise. We also look at technical information to diagnose problems with or consider improvements to our servers or related technologies and other websites we host or provide.
Third-Party Service Providers to CSF
Portions of our website, including some of our action alert webpages, are operated by third parties. When necessary and appropriate, CSF uses the following categories of third-party services:
- content delivery networks and cloud hosting providers (for example, hosting and handling traffic to our site).
- Financial services and payment processors (for example, your credit card and online payments)
- cloud email providers (for example, sending you email, like the FreeSpeechUpdate newsletter)
- shipping and fulfillment services (for example, shipping you our physical products.)
Where possible, we take steps to limit the ability of third parties to retain data about our users. These service providers may place session cookies on your computer. CSF's service providers may also log standard technical information, such as the numerical Internet Protocol (IP) address of the computer you are using; the browser software you use and your operating system; the date and time you access our site; and the Internet address of the website from which you linked directly to our site. Our service providers may also store and organize the personal information collected through this site on our behalf. CSF's third-party providers primarily process information in Canada but may process data in other jurisdictions. Where applicable, we have entered into General Data Protection Regulation (GDPR) compliant Data Protection Addendums with third-parties who process data on our behalf.
In addition, for all of CSF's service providers, hosting providers and credit card processors, and any other providers we may use in the future, the information collected from CSF users remains protected by the terms of our agreements with those providers. We will ensure that the data is kept confidential and disclosed only to employees who require such access in their assigned duties. CSF also requires all of our third-party service providers to notify CSF if they receive a legal process seeking information about visitors to CSF's website.
CSF may change the specific third-party providers from time to time and transfer stored information to any new provider subject to similar restrictions and agreements. From time to time, CSF may work with third-party consultants or other service providers who may access personally identifiable information. In such cases, we will restrict their use of personally identifiable information under their assigned tasks.
Third-Party Services and APIs
CSF's site also provides links to or interacts with a wide variety of third-party websites, including interactive links to sites like social media, telephone calling services, mapping services, or video hosting websites, often via application programming interfaces (APIs). CSF is not responsible for and does not have any control over the privacy practices or the content of such third parties.
We encourage users to read the privacy policies of any website visited via links from or interactions with the CSF website. Where appropriate, we will provide specific notice of these third-party services at the point of interaction. Our policy is not to include third-party resources when users initially load our web pages. Still, we may dynamically have them later after giving the user a chance to choose to interact with them. If you believe a third-party resource is automatically loading, please let us know to address it.
Disclosure of Your Information
While CSF endeavors to provide the highest level of protection for your information, we may disclose personally identifiable information about you to third parties in limited circumstances, including: (1) with your consent; or (2) when we have a good faith belief it is required by law, such as under a subpoena or other judicial or administrative order.
Suppose we are required by law to disclose the information you have submitted. In that case, we will attempt to provide you with prior notice (unless we are prohibited or it would be futile) that a request for your information has been made to allow you to object to the disclosure. We will attempt to provide this notice by email if you have given us an email address or by postal mail if you have entered a postal address. If you do not challenge the disclosure request, we may be legally required to turn over your information.
In addition, we will independently object to requests for access to information about users of our site that we believe to be improper, and we have done so.
Updating or Removing Your Information
You may choose to correct, update, access, or delete the membership information you have submitted to us by logging into the Member Center, where you may correct, update, access, or delete the information provided on the account management page.
Your consent to our use of your information is very important to us. Suppose you would like to withdraw your consent to receive the FreeSpeechUpdate newsletter, Action Alerts, and other bulk emails. In that case, you may use the subscriptions preferences link at the bottom of any email newsletter to unsubscribe. If you would like to withdraw your consent otherwise, restrict or object to CSF's processing of your data, please email
Data Storage and Retention
CSF's server logs are stored and retained, as explained above in the section on logging.
Information submitted through our Member Center, including records of the actions you take, is retained until you choose to delete your account. Email subscriptions information is kept until you unsubscribe from the mailing list(s).
If you communicate with CSF, such as through
According to our document retention policy, financial records of donations and other transactions are retained indefinitely. Paper records of donations, such as event donation forms and signup sheets, are typically destroyed soon after entry. Check copies and payment distribution details generally are kept up to seven years. Accompanying donor information is kept indefinitely unless the individual requests it is removed.
Our document retention policy provides that CSF generally retains documents for the period of their immediate or current use unless longer retention is necessary to comply with contractual or legal requirements. However, data storage periods are based on CSF's assessment of its needs. They might include retaining some documents for historical reference and retaining some records because CSF has insufficient organizational resources to dedicate to their review and destruction and/or other pertinent factors.
If we inadvertently collect more personal information than intended, we endeavor to delete the extraneous information. When we no longer need to retain information or delete request information, we attempt to remove all copies. However, please understand that deleted information may persist on backup media.
If you have any questions about our privacy and data protection practices, you can reach CSF at:
CSF employs industry-standard security measures to protect the loss, misuse, and alteration of the information under our control, including appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such as the pseudonymization and encryption of personal data, data backup systems, and engaging security professionals to evaluate the effectiveness of our systems. CSF has turned on HTTPS by default.
Although we make good faith CSForts to store information collected by CSF in a secure operating environment, we cannot guarantee complete security.
Changes to Our Policies