Rising Tides
Member Login Join RTA
Legal

Privacy Policy

Last updated June 2026.

This Privacy Policy describes how Rising Tides Alliance Business Group, Inc. ("RTA," "we," "us," or "our") collects, uses, and shares information when you visit risingtidesalliance.com (the "Site"), apply for or hold a membership, register for events, or otherwise use our services (the "Services"). By using the Site or Services, you agree to the collection and use of information as described below.

1. Who we are

The Site and Services are operated by Rising Tides Alliance Business Group, Inc., a business networking organization registered in New York, United States, serving the Westchester County business community.

2. Information we collect

2.1 Information collected automatically

When you visit the Site, the following is collected automatically by our web server and hosting infrastructure for operational and security purposes:

  • Your IP address
  • Browser type, version, and user-agent string
  • Operating system and device type
  • Referring URL and pages visited
  • Date and time of your visit

This information is logged by our web server and by the web application firewall (WAF) that sits in front of the Site to filter malicious traffic. We also use privacy-respecting analytics and (with your consent) application-performance monitoring, described in Section 3. We do not use advertising trackers or share this data with data brokers.

2.2 Information you provide directly

Membership applications. When you apply for membership, we collect your name, business name, profession/industry, email address, phone numbers, business address, website, a professional headshot (if you upload one), and your responses to application questions. You may optionally provide additional personal details (such as a home address, birthday, marital status, hobbies, and family information).

Event registrations. When you register for an event, we collect your name, email address, and — for guests — company, industry, phone, and how you heard about us.

Contact and inquiries. If you use our contact form, we collect your name, email address, business name, and the contents of your message.

Member account. When you hold a membership, you can sign in to the member portal to maintain your profile, contact details, public-profile privacy settings, and payment method.

2.3 Payment information

Membership dues and event fees are processed by our payment processor, CardPointe (CardConnect, a Fiserv company). Card details are entered directly into CardPointe's secure hosted fields and are tokenized — your full card number is never transmitted to or stored on our servers. For members who enable automatic renewal, we store only a payment token/profile identifier (not the card number) so dues can be charged each year. We retain billing records (amounts, dates, and a masked card reference) as required for accounting and tax purposes.

2.4 Public member directory

Membership includes a public profile in our online member directory. Your name, profession/industry, business, headshot, biography, and any contact fields you choose to display are shown publicly on the Site. You control which fields are visible through the privacy settings in your member portal, and you can ask us to unpublish your profile at any time.

3. Third-party services

We rely on the following service providers to operate the Site and deliver the Services. Each processes only the data necessary for its function.

3.1 Payment processing — CardPointe / Fiserv

Payments are processed by CardPointe (CardConnect). Card data is captured directly by CardPointe and is subject to its privacy practices and PCI DSS compliance. We do not store full card numbers.

3.2 Email — Mailchimp

We use Mailchimp to send newsletters and member communications. If you are a member or have opted in, your name, email address, and membership status are synced to our Mailchimp audience. Every email includes an unsubscribe link, and you can opt out at any time.

3.3 Hosting, logging & security — Amazon Web Services

The Site and its data (including uploaded headshots) are hosted on Amazon Web Services (AWS) infrastructure in the United States. AWS processes data on our behalf under its data-processing terms. Our web server and a web application firewall (WAF) in front of the Site automatically log standard request information (IP address, URL, timestamp, HTTP status, and user-agent) to operate, debug, and secure the Site and to detect and block malicious traffic. These operational and security logs are used only for those purposes — never for marketing or profiling — and are retained for 90 days, after which they are deleted.

3.4 Matomo Analytics (runs by default)

We use Matomo, a web-analytics platform we self-host on infrastructure under our control, to understand in aggregate how visitors use the Site. Matomo runs for all visitors without requiring consent because it is configured for minimal privacy impact:

  • Cookieless. Matomo stores no identifiers on your device.
  • IP anonymization. Visitor IP addresses are masked before logging, so we cannot use Matomo to identify you individually.
  • Self-hosted. Matomo data stays on infrastructure we operate and is not shared with any third party.
  • Do Not Track honored. If your browser sends a Do Not Track signal, Matomo will not collect data about your visit.

You can opt out of Matomo at any time by enabling Do Not Track in your browser.

3.5 Google Analytics (consent required)

If you accept through our cookie banner, we also use Google Analytics (GA4), provided by Google LLC, to collect aggregate usage statistics. Google Analytics sets cookies and may transfer data to servers in the United States. It does not load unless you accept it — if you decline or ignore the banner, Google Analytics does not run on your visit. You can withdraw consent at any time using the “Cookie Preferences” link in the Site footer, which clears your stored choice and shows the banner again. Google's privacy practices are described at policies.google.com/privacy.

3.6 Application & performance monitoring — Grafana Faro (consent required)

If you accept through our cookie banner, we use Grafana Faro, a self-hosted front-end monitoring tool, to understand real-browser performance and reliability. When enabled, Faro may collect technical information such as page-load timing, Web Vitals, JavaScript errors, basic device and browser information, the page being viewed, and a randomly generated session identifier stored in your browser's web storage. Faro does not use cookies, is stored on observability infrastructure we operate, and is not shared with any advertising network. Faro does not load unless you accept it — if you decline or ignore the cookie banner, it does not run on your visit.

3.7 Address validation — Google

When you enter an address in a form, we may send it to the Google Address Validation API to verify and standardize it. Google processes the submitted address under its own privacy policy.

4. Cookies & tracking technologies

The Site may use cookies, local storage, session storage, and similar browser-based technologies. The cookies and technologies used fall into the following categories:

  • Strictly necessary. Session and security (CSRF) cookies that keep you signed in to the member portal, and a small preference stored to remember your cookie choice. These cannot be disabled.
  • Anonymous analytics (Matomo). Our self-hosted Matomo runs in cookieless mode and stores no identifiers on your device. It runs by default and requires no consent.
  • Google Analytics cookies. Set only after you accept through our cookie banner, to measure Site usage in aggregate.
  • Performance monitoring (Grafana Faro). Runs only after you accept through our cookie banner. Uses browser web storage (not cookies) to group performance signals from a single visit.

You can change or withdraw your cookie choice at any time using the “Cookie Preferences” link in the Site footer. You can also control cookies and some browser-storage technologies through your browser settings, although disabling them may affect Site features or your saved preferences.

5. How information is used

We use the information we collect to:

  • Review membership applications and administer memberships
  • Process dues, event fees, and automatic renewals
  • Maintain the member directory and your public profile
  • Register you for events and manage attendance
  • Send newsletters and member communications (which you can opt out of)
  • Respond to inquiries and provide support
  • Operate, maintain, secure, and monitor the performance of the Site
  • Comply with legal and regulatory obligations

We do not sell your personal information, use it for third-party advertising, or share it with data brokers.

6. Information sharing

We share information only as follows:

  • With the service providers listed above (CardPointe, Mailchimp, AWS, Google), under their agreements with us
  • Publicly, to the extent you choose to display profile information in the member directory
  • For legal compliance when required by law, court order, or government request
  • To protect the rights and safety of RTA, our members, or the public
  • In connection with a business transaction such as a merger, in which case the successor will be bound by this Policy

7. Your rights and choices

7.1 All members and visitors

You may request a copy of the personal information we hold about you, request correction of inaccurate information, or request deletion of information we are not legally required to retain. Members can update most of their information and public-profile visibility directly in the member portal. To make a request, reach us through our contact page.

Cookie and consent choices. Use the “Cookie Preferences” link in the footer to update your choice for Google Analytics and Grafana Faro at any time. You can also control cookies and some browser-storage technologies through your browser settings.

7.2 California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, and share; to request deletion or correction; and to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law.

7.3 International visitors

The Site is operated from the United States, and our infrastructure and service providers process information in the United States. If you visit from outside the United States, your information may be transferred to and processed in the United States, where privacy laws may differ from those in your location.

8. Data retention

We keep personal information only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law:

  • Member account & billing records. Retained while your membership is active and for up to seven years afterward, as required for tax and accounting purposes.
  • Application & contact correspondence. Retained as needed to respond, maintain records, and comply with legal obligations.
  • Server & web-application-firewall logs. Retained for approximately 90 days, then deleted or rotated.
  • Matomo analytics. Stored in anonymized, aggregate form; individual-level records are retained up to 24 months and then purged.
  • Google Analytics. Collected only with consent and retained per the configured GA4 retention setting (up to 26 months) and Google's policies.
  • Grafana Faro. Collected only with consent and retained for up to 90 days for performance and reliability analysis (with any associated traces retained for a shorter period, about 14 days).
  • Audit & security logs. We keep an internal record of significant actions taken in our admin and member systems (for example, account, membership, and payment changes) to protect against fraud and unauthorized access and to meet our record-keeping obligations. These records are retained for up to seven years.

You may request earlier deletion of information we are not legally required to keep.

9. Security

We implement reasonable technical and organizational measures to protect the information we hold, including payment tokenization through CardPointe so that card numbers never reach our systems, and internal audit logging of significant account, membership, and payment actions to detect and investigate unauthorized access. No method of transmission or storage is completely secure; in the event of a breach affecting your personal information, we will notify you as required by applicable law.

10. Children's privacy

The Site and Services are intended for business professionals and are not directed to children. We do not knowingly collect personal information from children under 13.

The Site links to websites we do not control — including member business websites and social-media profiles listed in the member directory, and the websites of the charities we support. We are not responsible for the content, availability, terms, or privacy practices of those third parties. Review their policies before providing information to them.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date above reflects the most recent change. Your continued use of the Site or Services after changes are posted constitutes acceptance of the updated policy.

13. Contact

For questions about this Privacy Policy or to exercise your rights, reach us through our contact page, or write to:

Rising Tides Alliance Business Group, Inc.
25 Studio Hill Rd
Briarcliff Manor, NY 10510