Short, plain, and honest.

This policy applies to tratok.org — the Foundation's public information portal. It does not cover tratok.net (the booking platform), tratok.com (the corporate site), tratok.info (the documentation repository), or any Tratok product that requires an account. Those surfaces publish their own policies.

Browsing tratok.org does not trigger any data collection by the Foundation. Specifically, we do not:

• Set tracking or analytics cookies of any kind.
• Run Google Analytics, Facebook Pixel, or any third-party behavioural tracker.
• Fingerprint your device or build advertising profiles.
• Share, sell, or rent visitor information.

Your browser may make ordinary requests to our server (for example: HTML, CSS, images). Standard server logs — IP address, user agent, request path, timestamp — may be retained for a short window purely for security and debugging, and are not associated with you as an individual.

The site loads fonts from Google Fonts and icons that may reach their CDNs. These providers operate under their own privacy policies. If that matters to you, modern browsers allow blocking these requests; the site degrades gracefully to system fonts.

If the optional on-chain balance widget is active, your browser will make a read-only request to a public Ethereum RPC endpoint or block explorer to fetch the treasury balance. No authentication is involved; nothing about you is transmitted beyond what the RPC provider normally logs.

When you contact the Foundation by email — foundation@tratok.org, grants@tratok.org, csr@tratok.org, operators@tratok.org, audit@tratok.org — or submit a grant application, we receive and retain what you send us: name, organisation, content of your message, attachments, and any personal data you choose to include.

We use this information solely to respond to you and, where relevant, to assess your grant application, onboard your organisation as a partner, or engage you as an independent verifier. We do not add you to marketing lists. We do not share your submission with any party outside the Foundation's review committee and its contracted auditors, without your consent.

Grant-application files are retained for the duration of the relevant grant cycle plus seven years for audit purposes, after which they are deleted unless you have an active grant at that point. You can request earlier deletion at any time via foundation@tratok.org, subject to legitimate retention obligations.

Regardless of your jurisdiction, you can request:

• A copy of what we hold on you.
• Correction of inaccurate information.
• Deletion of your information, subject to retention obligations.
• Withdrawal of consent for ongoing communications.

These rights are stronger under specific regimes — GDPR (EU/EEA/UK), LGPD (Brazil), CCPA/CPRA (California), POPIA (South Africa), Australian Privacy Act, UAE Federal Decree-Law 45/2021, among others. If you live somewhere with stronger statutory protections, those apply.

Submit requests to privacy@tratok.org. We respond within 30 days. If you are unsatisfied with our response, you have the right to complain to your local data-protection authority.

Email is an imperfect channel. Use the secure submission options described in your grant agreement for sensitive material — financial documents, identity verification, audit-trail evidence. Do not send national IDs, passport scans, or signed contracts in plain email.

If this policy changes materially, we will update the "Last updated" date and announce the change in the Announcements section of the homepage. We will not silently broaden the scope of what we collect.