For a limited time, get a discount on a 2026 engagement with CEP. 

Learn More

Contact Us

Search

Search
Search
START TYPING AND PRESS ENTER TO SEARCH

Privacy Policy

Overview

The Center for Effective Philanthropy (“CEP”) is committed to upholding the privacy of individuals. As such, this Privacy Policy describes how CEP collects, uses, and safeguards Personal Data gathered through our surveys, interviews, and research activities which are designed to enhance the effectiveness of philanthropy and, with our YouthTruth initiative, to harness student perceptions to help school system leaders and education funders accelerate improvement.

Scope of Coverage

This privacy policy applies to all CEP-administered survey, interview, advisory, and research activities.

CEP provides three primary types of Services through which it collects data: (1) Assessment & Advisory Services, including the Grantee Perception Report (“GPR”), Applicant Perception Report (“APR”), Donor Perception Report (“DPR”), Staff Perception Report (“SPR”) and advisory services, (2) YouthTruth, which conducts student, family, and staff surveys, and student and adult workshops within school systems, and (3) Research, which uses quantitative and qualitative data to aid individual and institutional donors in enhancing their philanthropic impact.

This Policy outlines how personal data is handled across these service areas. By participating in our Services, respondents acknowledge and accept the practices described in this Policy. Certain provisions (e.g., General Data Protection Regulation (“GDPR”)) may not apply to specific surveys, including those conducted through YouthTruth.

Definitions

For the purposes of this Privacy Policy:

  • Client shall mean any organization that commissions Services, including but not limited to schools, school systems, local education agencies, foundations, and non-profit organizations.
  • Personal Data shall mean any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, through identifier such as identification number, location data, an online identifier, or other factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity even if that identifier alone would not be sufficient to identify an individual but when reviewed along other information would allow a reasonable person to identify the individual. Sensitive Personal Data shall mean identifiable information, such as respondent’s name and student ID.
  • Respondent shall mean the individual invited to complete a survey or participate in an interview.
  • Roster shall mean information provided by school or school system containing student ID and demographic characteristics.
  • Report shall mean the output of a survey, interview, advisory or research activity.
  • Services shall mean any survey, interview, research or related activity commissioned by a Client or conducted by CEP or YouthTruth.

Personal Data

CEP does not share Respondents’ Personal Data without a contractual or legal basis to do so.

  • For Assessment & Advisory Services, CEP receives personal data from commissioning Clients, often including full name, email address, and, where applicable, phone number and mailing address. The Client confirms they have the right to provide such information to CEP for the purposes of administrating the Services and producing the corresponding report.
  • For YouthTruth, CEP may receive student IDs and demographic data from school districts. Students may also voluntarily self-report certain demographic information through survey questions. CEP does not collect names, contact information, or other direct identifiers from students. CEP accesses, collects, and processes Personal Data, pursuant to the Family Educational Rights and Privacy Act (FERPA). YouthTruth does not retain student data containing personally identifiable information (PII) beyond the term of the data agreement, unless the data has been fully de-identified. School districts are responsible for providing parents with advance notice—at least annually—of any voluntary surveys that include topics protected under federal law, such as those outlined in the Protection of Pupil Rights Amendment (PPRA).
  • For Research, CEP does not collect personally identifiable information (PII) without explicit notice and consent.

Respondents are not requested to provide additional Personal Data in completion of the Services. CEP asks that no identifiable details be shared in open-ended responses.

Use of Third-Party Processors

Except as stated in this Policy, CEP does not intentionally share personal data with third parties or sub-contract the processing of personal data to any third party. The following processers which CEP uses are subject to, and handle data consistent with, the GDPR. Please note that not all tools listed below are used across all CEP—for example, Claude.AI is not currently used for YouthTruth survey.

  • Qualtrics: CEP online surveys are administered via Qualtrics, a ISO 27001-certified, FedRAMP-authorized, and SOC2-certified third-party survey platform. Respondents’ names and email addresses are entered into Qualtrics for survey administration. Qualtrics collects IP addresses from survey Respondents, which are permanently deleted by CEP after the survey period has closed. Qualtrics general information on GDPR can be found here.
  • Dropbox: YouthTruth uses CEP’s Dropbox Business to store Roster and Respondent related files. Dropbox is GDPR-compliant, and ISO 27001, ISO 27017, and ISO 27018-certified. Privacy statement: https://www.dropbox.com/privacy
  • Anthropic’s Claude.AI: CEP uses Claude.AI, an AI-driven platform, to process and analyze qualitative data from Services. Names, email addresses, and any other personal data are not entered into Anthropic’s system; only the textual data from survey responses is processed. Privacy statement: https://www.anthropic.com/legal/privacy. Anthropic is ISO 27001 certified.
  • Third-Party Translations: CEP uses third-party translators to translate into English any open-ended survey comments provided in another language. CEP does not intentionally share personal data with translators. Nonetheless, the translators with whom CEP contracts are certified in the following: ISO 9001 (Quality Management System), ISO 17001 (Translation Quality Management System), and ISO 27001 (Information Security Management System).
  • External Research Consultant: CEP may engage an external consultant to support data analysis and research activities related to Services. This consultant is contractually bound to maintain confidentiality and follow data protection practices consistent with applicable legal and organizational standards. CEP does not permit the sharing or retention of Personal Data outside the scope of the consultant’s assigned work.

CEP will not exchange or sell email addresses or phone numbers to third parties unless proper consent is received. Additionally, CEP will not disclose student Personal Data except as required to perform the Services or as permitted by law unless proper consent is received. However, CEP reserves the right to disclose Personal Data as required by law; to protect CEP’s rights in a manner compliant with legal obligations; to comply with judicial proceedings, court orders, or legal processes; or in connection with a corporate transaction or insolvency proceeding.

Lawful Basis for Processing

CEP collects and processes personal data on the lawful basis of our legitimate interests.

Information Security and Quality

CEP follows generally accepted industry standards and legal requirements to protect the Personal Data submitted to us, both during transmission and upon receipt. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Data, CEP cannot guarantee its absolute security.

CEP will make a timely effort to address requests to correct, remove, or explain the use of personal data.

Information Gathered through Services

The information collected in our Services is that which Respondents voluntarily choose to provide. Participation in the Services is optional, and Respondents are not required to answer any specific question within the Services.

CEP Services reports all quantitative survey data in aggregate form – such as averages, or proportions – and does not include any Personal Data in the results shared with Client. At the time of data collection, Respondents are informed of how open-ended responses may be used, typically falling into the following categories:

  • Shared without redaction or de-identification with the Client, or
  • As a quote, redacted to protect confidentiality, shared in Research, other publications, or presentations.

General Data Protection Regulation (GDPR)

The GDPR is a European Regulation concerning the use and processing of Personal Data. CEP has data handling practices which are compliant with applicable law. These practices are consistent with the requirements of non-US privacy laws, like the EU GDPR.

Respondents to Assessment & Advisory Services surveys (GPR, APR, DPR, and SPR) have the right to access or request deletion of their personal data. Requests may be submitted to: righttobeforgotten@cep.org

The Website is published in the United States and is subject to laws of the United States. If you are located in a country outside the United States and voluntarily submit Personal Data to us, you thereby consent to the processing of your personal data in the United States.

Changes to our Privacy Policy

This Policy may be revised at any time. Updates will be posted on our website. Continued participation in our Services constitutes acceptance of any changes.

Contact Us

For Assessment & Advisory Services inquiries: Carly Marchioni

For YouthTruth specific inquiries: Whitney Ivie

For overall policy questions: Rihab Babiker