Privacy Policy

Privacy Policy

Effective Date: May 29, 2024

1. Introduction

This Privacy Policy describes how the Robert Lehman Foundation, Inc. (the “Foundation,” “we,” “our,” or “us”) collects, uses, and discloses information about you as well as your choices regarding such information. For purposes of this Privacy Policy, unless otherwise stated, “information” or “personal information” means information relating to an identified or identifiable individual, and does not include aggregate information or information that does not identify you. 

This Privacy Policy applies to information we collect where we control the purposes and means of processing. Specifically, it applies to information we collect through any of our websites, emails, and other online services that link to this Privacy Policy (the “Service”). It does not apply to information collected by third parties or information collected in the context of your employment with us. 

Please note that your use of the Service is subject to our Terms of Use.

Some regions, such as Colorado, provide additional rights by law, as described below.

For our contact details, see the Contact Us section below.

2. How We Collect Information

We collect information about you in a variety of contexts, as described below.

Information You Provide through the Service.

When you use the Service, you may be asked to provide information to us, such as when you contact us or submit a grant proposal. The categories of information we collect include:

Organizational Identifiers, including your organization name, email address, postal address, and phone number.

Financial information, including your organization’s financial statements, budgets, and 501(c)3 IRS ruling, as necessary to process your grant proposal. 

User-generated content, including content within any messages you send to us (such as feedback, questions, or information included in your grant proposal.

Please do not provide any information that we do not request. 

Information from Your Browser or Device.

When you use the Service, we and third parties we work with automatically collect information from your browser or device. The categories of information we automatically collect include:

Device identifier, including your device’s IP address.

Device information, including your device’s operating software and browser (e.g., type, version, and configuration), internet service provider, and regional and language settings.

Internet activity, including information about your browsing history and interactions, such as the features you use, pages you visit, content you view, time of day you browse, and referring and exiting pages.

Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level. 

This information is automatically collected through cookies and other tracking technologies incorporated into our Service, as described below:

Cookies. Cookies are small text files which are placed on your browser when you visit a website, or open or click on an email. Our Service uses session cookies (which expire when you close your browser) and persistent cookies (which expire at a set expiration date or when you manually delete them). We incorporate both first party cookies (which are cookies served directly by us) and third party cookies (which are cookies served by third parties we work with). We use cookies for a variety of purposes, including to help make our website work, personalize your browsing experience, prevent fraud and assist with security, and perform measurement and analytics.

Pixels. Pixels (also known as web beacons) are code embedded within a service. There are various types of pixels, including image pixels (which are one-pixel transparent images) and JavaScript pixels (which contain JavaScript code). Pixels are often associated with cookies and are used for similar purposes. When you access a service that contains a pixel, the pixel may permit us or a third party to drop or read cookies on your browser, or collect other information about your browser or device. 

For details on your choices around cookies and other tracking technologies, see the Your Privacy Choices section below.

Information from Other Sources

We also collect information from other sources. The categories of sources from which we collect information include: 

Third party vendors and related parties we work with in connection with receiving analytics, security, and fraud prevention services.

Sensitive Information.

To the extent any of the categories of information we collect are sensitive categories of information under applicable law, we process such information only for the limited purposes permitted by applicable law. We do not sell or use sensitive categories of information for purposes of targeted advertising or to make inferences.

3. How We Use Information.

We collect and use information in accordance with the practices described in this Privacy Policy. Our purposes for collecting and using information include:

Providing services. We use information to provide services to you, including to operate the Service, and provide support. 

Personalizing your experience. We use information to personalize your experience and show you content we believe you will find interesting. 

Communications. We use information to communicate with you about updates, security alerts, changes to policies, and other transactional messages. We also use information to personalize and deliver marketing communications to you. Communications may be by email. 

Analytics. We use information to understand trends, usage, and activities, for example through surveys you respond to and tracking technologies that we incorporate into the Service (such as Google Analytics). We also use information for research and development purposes, including to improve our services and make operational decisions. 

Security and enforcement. We use information to prevent, detect, investigate, and address fraud, breach of policies or terms, or threats or harm. 

At your direction or with your consent. We use information for additional purposes where you direct us to use it in a certain way or with notice to you and your consent. 

Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may use non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around use of your information, see the Your Privacy Choices section below.

4. How We Disclose Information.

We disclose the information we collect in accordance with the practices described in this Privacy Policy. The categories of persons to whom we disclose information include: 

Service providers. Many of the third parties we work are service providers that collect and process information on our behalf. Service providers perform services for us such as payment processing, data analytics, marketing, website hosting, and technical support. To the extent required by law, we contractually prohibit our service providers from processing information they collect on our behalf for purposes other than performing services for us, although we may permit them to use non-personal information for any purpose to the extent permitted by applicable law.

Affiliates. We disclose information to our affiliates and related entities, including where they act as our service providers subject to this Privacy Policy or use the information in accordance with their own privacy policies.

Recipients in a merger or acquisition. We disclose information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or combination. 

Recipients for security and enforcement. We disclose information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also disclose information to protect the rights, property, life, health, security and safety of us, the Service or anyone else. 

Recipients at your direction or with your consent. We disclose information where you direct us to or with notice to you and your consent. 

Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may disclose non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around disclosure of your information, see the Your Privacy Choices section below.

5. Third Parties.

We may link to or offer parts of our Service through websites and services controlled by third parties. In addition, we may integrate technologies, including those disclosed in the How We Collect Information section above, controlled by third parties. Except where third parties act as our service providers, they, and not us, control the purposes and means of processing any information they collect from you, and you should contact them directly to address any concerns you have about their processing. Third party data practices are subject to their own policies and disclosures, including what information they collect, your choices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

6. Your Privacy Choices.

We provide a variety of ways for you to exercise choice, as described below. 

Region-Specific Rights.

Some regions provide additional rights by law, as described in our region-specific terms. This subsection details how you may exercise some of those rights to the extent they apply to you.

Data subject requests. To access, correct, delete, or exercise similar rights available to you in your region with respect to your information, please submit a request through our form here or call our toll-free number at 212-661-1967.


You can opt-out of receiving emails from us by following the unsubscribe instructions near the bottom of such emails, or by emailing us at as set out in the Contact Us section below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt out of transactional messages. Your opt-out is limited to the email address used and will not affect subsequent subscriptions.  

Browser and Device Controls.

Cookies and pixels. You may be able to manage cookies through your browser settings. When you manage cookies, pixels associated with such cookies may also be impacted. Please note that cookie management only applies to our website. If you use multiple browsers, you will need to instruct each browser separately. If you delete or reset your cookies, you will need to reconfigure your settings. Your ability to limit cookies is subject to your browser settings and limitations.

Preference signals. Your browser or extension may allow you to automatically transmit Do Not Track and other preference signals. Except as required by law, we do not respond to preference signals.

Third party opt-out tools. Some third parties we work with offer their own opt-out tools related to information collected through cookies and pixels. To opt out of your information being used by Google Analytics, please visit are not responsible for the effectiveness of any third party opt-out tools.

7. Children.

The Service is not directed toward children under 13 years old, and we do not knowingly collect personal information (as that term is defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected personal information from children, please contact us as set out in the Contact Us section below. We will delete the personal information in accordance with COPPA. 

8. Data Security.

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.

9. Retention.

We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

10. International Transfer.

We are based in the U.S. If you are located outside the U.S., please be aware that your information may be transferred to and processed in the U.S. or another country where we operate. 

11. Changes to this Privacy Policy.

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide additional notice to you, such as through email or prominent notice on the Service. 

12. Contact Us.

If you have any questions about or trouble accessing this Privacy Policy, please contact us:

By email:

By mail:

The Robert Lehman Foundation
116 East 73rd Street, Suite 1
New York, NY 10021

To exercise choice, use the methods described in the Your Privacy Choices section above or your region-specific terms below. 

13. Colorado

These additional rights and disclosures apply only to residents of Colorado. Terms have the meaning ascribed to them in the Colorado Privacy Act (“CPA”).

Data Subject Requests.

You may have the following rights under applicable law:

– To confirm whether or not we are processing your personal data

– To access your personal data

– To correct inaccuracies in your personal data

– To delete your personal data

– To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format

To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. Please note these rights are subject to exceptions. We will respond to your request within 45 days. We may require specific information from you to help us confirm your identity and process your request. If we are unable to verify your identity, we may deny your request. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning users. 

Authorized Agent.

You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.


If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at [INSERT EMAIL] and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Colorado AG at