The Jorgensen Foundation collects personal data only to the extent necessary to provide the platform and its associated services. We do not sell, rent, or share your personal data with third parties for marketing purposes.
Payment card details and billing information are collected and processed by Stripe, our payment processor. The Jorgensen Foundation does not store payment card numbers. We receive from Stripe only a tokenised payment reference, the last four digits of your card, card type, and billing status. Stripe's privacy policy governs the handling of your payment data.
If you apply for a student travel grant, we additionally collect your supervisor's name, the conference details provided in your application, and the research description you submit. This information is used solely for evaluating and administering grant applications.
If you contact us via the contact form or by email, we retain a record of that correspondence for the purpose of responding to your enquiry and for internal quality records.
We use the personal data we collect for the following purposes, each of which has a corresponding legal basis under applicable data protection law.
We use your name, email address, and institution to create and maintain your account, authenticate your identity when you sign in, and provide you with access to the platform. The legal basis is performance of a contract — this processing is necessary to provide the service you have subscribed to.
We use your email address and billing status information to process subscription payments, issue invoices, send payment confirmations and renewal reminders, and manage billing disputes. The legal basis is performance of a contract and, where applicable, compliance with legal obligations relating to financial record-keeping.
We use your email address to send you notifications that are necessary for the operation of the service, including account verification emails, password reset links, subscription renewal notices, and notifications of planned maintenance or outages. These communications are not optional — they are part of the service. The legal basis is performance of a contract and legitimate interests.
With your consent, we may send you newsletters, grant cycle announcements, and programme updates. You may unsubscribe from optional communications at any time using the link in any such email, or by contacting us directly. Unsubscribing from optional communications does not affect service-critical notifications.
We use anonymised and aggregated usage data — which cannot be linked to individual users — to monitor platform performance, diagnose technical issues, and inform decisions about future development. We do not use individually identifiable simulation data for this purpose without your consent.
Grant application data is used solely to evaluate applications, notify applicants of outcomes, and administer disbursements to successful recipients. Application data is not used for any other purpose.
We take the security of your personal data seriously and implement technical and organisational measures appropriate to the risk.
Your account data and simulation results are stored on servers operated by Railway, our cloud infrastructure provider, and Stripe, our payment processor. These providers operate data centres in the United States. If you are located in the European Economic Area, your data may be transferred to the United States. Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and, where required by law, the relevant supervisory authority within the timeframe required by applicable law. Notifications will be sent to the email address associated with your account.
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR). To exercise any of these rights, please contact us at info@jorgensenfoundation.org. We will respond to your request within 30 days.
Right of access — You may request a copy of the personal data we hold about you.
Right to rectification — You may ask us to correct inaccurate or incomplete personal data.
Right to erasure — You may ask us to delete your personal data where there is no compelling reason for us to continue processing it.
Right to restriction — You may ask us to restrict processing of your personal data in certain circumstances.
Right to data portability — You may request a machine-readable copy of the personal data you have provided to us.
Right to object — You may object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the data protection supervisory authority in your country of residence.
We process personal data on the following legal bases under Article 6 GDPR: performance of a contract (account management, billing), compliance with a legal obligation (financial records), legitimate interests (platform security and improvement), and consent (optional communications). Where we rely on legitimate interests, we have assessed that our interests do not override your data protection rights.
We use a minimal number of cookies to operate the platform. We do not use advertising cookies or sell cookie data to third parties.
We use session cookies to maintain your authenticated state while you are logged in to the platform. These cookies are strictly necessary for the service to function and cannot be disabled while you use the platform. They expire when you close your browser or sign out.
We use browser local storage to cache your session credentials temporarily between page loads, avoiding repeated authentication prompts during an active session. This data is cleared when you sign out and is not accessible to third parties.
Stripe, our payment processor, may set cookies in connection with payment processing. Google Fonts, used to load typefaces on the website, makes network requests to Google's servers but does not set persistent tracking cookies on our pages. We do not use Google Analytics, Facebook Pixel, or any other behavioural tracking service.
You can control and delete cookies through your browser settings. Disabling essential session cookies will prevent you from remaining signed in to the platform. Deleting local storage for this site will sign you out of any active session.
We retain personal data only for as long as necessary for the purpose it was collected and to comply with our legal obligations.
Account data is retained for the duration of your subscription and for as long as your account remains registered on the platform. You may request deletion of your account at any time by contacting us.
After cancellation or account deletion, we retain your simulation data, inputs, and results for 90 days to allow you to retrieve any work before it is permanently deleted. Account identifiers and billing records are retained for seven years from the last transaction as required by financial regulations. After that period, all personal data is permanently deleted or anonymised.
Records of support correspondence are retained for three years from the date of the last interaction and then permanently deleted.
Unsuccessful grant applications are retained for two years following the decision and then deleted. Records relating to successful grants are retained for seven years for financial and audit purposes.
Aggregated, anonymised usage statistics — from which no individual can be identified — may be retained indefinitely for platform improvement and research purposes.
All requests relating to your personal data — including access, rectification, erasure, portability, restriction, and objection — should be sent to:
Jorgensen Foundation
Department of Chemistry, Yale University
225 Prospect Street, New Haven, CT 06511
United States
We will acknowledge your request within five business days and respond in full within 30 days. If your request is complex or we receive a high volume of requests, we may extend this period by a further two months, in which case we will notify you. There is no charge for reasonable data requests.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated to subscribers by email. The current version of the policy is always available at this URL. Continued use of the platform following notification of a change constitutes acceptance of the revised policy.