Privacy Policy

Last updated: February 16, 2026

Our Privacy Commitment

At GoFind.Help, we believe privacy is a fundamental right, especially for people in vulnerable situations. We've designed our service with privacy as a core principle, not an afterthought. We collect the absolute minimum information needed to help you find resources, and we never sell or share your data.

This policy explains what information we collect, why we collect it, how we use it, and how we protect it.

Information We Collect and How We Use It

1. Search Queries (Temporary)

What we collect: The text you enter when searching for resources (e.g., "food pantry" or "shelter").

Why we collect it: To find relevant resources that match what you're looking for.

How we use it:

  • Your query is sent to our server to search our database
  • We process it to find matching resources
  • We return the results to you
  • In production, search queries are NOT stored in our logs (they're redacted for your privacy)

How long we keep it: Only for the duration of your search request (seconds). We do not store search history.

2. Location Data (Optional)

What we collect: Your geographic coordinates (latitude/longitude) if you choose to share your location.

Why we collect it: To show you nearby resources and calculate distances.

How we use it:

  • Your browser requests your permission before sharing location
  • If granted, coordinates are sent with your search request
  • We use them to calculate distances to resources
  • Coordinates are temporarily sent to OSRM (Open Source Routing Machine) to calculate accurate walking distances
  • Your location is cached in your browser (not on our servers) for convenience during your session

How long we keep it: Never stored on our servers. Only cached in your browser until you clear it or close your browser.

3. IP Address (Temporary, for Security)

What we collect: Your IP address (a number that identifies your internet connection).

Why we collect it: To protect our service from abuse and ensure fair access for everyone.

How we use it:

  • Rate limiting: We temporarily track how many searches come from each IP address to prevent automated abuse (limit: 30 requests per minute)
  • Your IP is stored temporarily in server memory (RAM) only
  • In production logs, only the first 8 characters of your IP are recorded for security monitoring

How long we keep it: Stored in temporary memory for up to 5 minutes, then automatically deleted. Not stored in any database or permanent logs.

Legal basis (GDPR): Legitimate interest in protecting our service and ensuring availability for all users.

4. Technical Information (Automatic)

What we collect: Basic technical information that your browser automatically sends (browser type, operating system, referring website).

Why we collect it: For technical operation, debugging errors, and security monitoring.

How we use it:

  • Ensuring the website works properly on different devices
  • Identifying and fixing technical problems
  • Detecting suspicious activity or attacks

How long we keep it: Server logs are automatically rotated and deleted after 7 days by our hosting provider (Vercel).

5. Aggregated Usage Analytics

What we collect: Aggregated, anonymous usage statistics through Vercel Analytics (our hosting provider).

Why we collect it: To understand how many people use our service, identify technical issues, and improve the user experience.

How we use it:

  • Count total visitors and page views (no individual tracking)
  • Monitor which pages are most popular
  • Track basic geographic distribution (country/region level only)
  • Measure website performance and loading times
  • Identify technical problems or errors

What makes it privacy-friendly:

  • No cookies placed on your device
  • No personal identifiers collected
  • No tracking across websites
  • Data is aggregated and anonymized
  • Fully compliant with GDPR, CCPA, and PECR

How long we keep it: Aggregated statistics are retained indefinitely for historical trend analysis, but contain no personal information.

Legal basis (GDPR): Legitimate interest in understanding service usage and improving user experience.

Vercel Analytics Privacy Policy

Information We Don't Collect

We are committed to data minimization. We do not:

  • Create user accounts: No registration, login, or passwords required
  • Use tracking cookies: No cookies for tracking, advertising, or analytics
  • Store search history: Your searches are not saved or linked to you
  • Create user profiles: We don't build profiles of users or their behavior
  • Use third-party analytics: No Google Analytics, Facebook Pixel, or similar tracking (only privacy-friendly Vercel Analytics)
  • Collect personal details: No names, emails, phone numbers, or addresses (unless you contact us directly)
  • Track you across websites: No cross-site tracking or fingerprinting

Third-Party Services

We use minimal third-party services to operate our website:

Neon (Database Hosting)

Our resource directory data is stored in Neon Serverless Postgres. When you search, our server queries the database on your behalf. Neon may log our database connections for their operational purposes, but they don't have access to your location or personal information.

Neon Privacy Policy

OSRM (Routing Service)

To calculate accurate walking distances, we send your coordinates (if provided) and resource locations to OSRM's public routing API. This is an open-source service that does not track or store user data.

Learn more about OSRM

Google Maps (External)

When you click "Map It" on a resource, you'll be taken to Google Maps in a new tab. At that point, Google's privacy policy applies. We have no control over Google's data practices.

Google Privacy Policy

Vercel (Website Hosting & Analytics)

Our website is hosted on Vercel's infrastructure. Vercel collects aggregated, anonymous usage statistics (through Vercel Analytics) to help us understand how many people use our service and improve the user experience. This analytics data:

  • Does not use cookies or track individuals
  • Does not collect personal information
  • Is aggregated and anonymized
  • Is GDPR and CCPA compliant

Vercel Privacy Policy

Data Security

We implement industry-standard security measures:

  • HTTPS encryption: All connections to our website are encrypted
  • Security headers: Protection against common web attacks (XSS, clickjacking, etc.)
  • Content Security Policy: Restrictions on what code can run on our pages
  • Rate limiting: Protection against automated abuse
  • Input validation: All user input is validated and sanitized
  • No persistent data storage: We don't store user data, so there's nothing to breach

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Privacy Rights

Because we don't store your personal information, traditional data rights (access, deletion, portability) don't apply in most cases. However, you have the right to:

  • Use the service anonymously: No account required
  • Decline location sharing: You can search without sharing your location
  • Clear browser data: Remove any locally cached information anytime
  • Contact us: Ask questions about our privacy practices

For EU/UK residents: While our service is primarily focused on Houston, Texas, we respect GDPR principles. Since we practice data minimization and don't store personal data, most GDPR obligations don't apply. If you believe we're processing your personal data and want to exercise your rights, please contact us.

Children's Privacy

Our service is available to everyone, including minors who may be experiencing homelessness or seeking resources. We do not knowingly collect personal information from children or anyone else. Our privacy-first design means users of all ages can safely use our service.

Do Not Track Signals

Our website does not track users, so "Do Not Track" browser settings are unnecessary but respected. We don't respond to DNT signals because we already don't track anyone.

California Privacy Rights (CCPA)

California residents have specific privacy rights under the California Consumer Privacy Act (CCPA). However, because we:

  • Don't sell personal information (we have no personal information to sell)
  • Don't create user profiles
  • Don't store personal data beyond temporary operational needs

Most CCPA obligations don't apply. If you have questions, please contact us.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. When we make changes:

  • We'll update the "Last updated" date at the top
  • Significant changes will be posted on our homepage
  • Continued use of the service after changes constitutes acceptance

We encourage you to review this policy periodically.

Contact Us

If you have questions about this privacy policy or our privacy practices, please contact us.

We're committed to transparency and will respond to privacy inquiries as quickly as possible.

Summary (TL;DR)

We're serious about privacy:

  • ✅ No accounts, no tracking cookies
  • ✅ Search queries not stored or logged in production
  • ✅ Location never stored on our servers
  • ✅ IP addresses kept in memory for 5 minutes max (rate limiting)
  • ✅ Only privacy-friendly analytics (Vercel - no cookies, aggregated only)
  • ✅ No selling or sharing of any data
  • ✅ HTTPS encryption everywhere
  • ✅ We only collect what's necessary to help you find resources