VIRTUE FOUNDATION VFMATCH
Privacy Policy
Last Updated: June 14, 2026
Welcome to Virtue Foundation. This privacy policy (the “Privacy Policy”) explains how Virtue Foundation (referred to as “Virtue Foundation”, “we”, “us”, or “our”) collects, uses, discloses, and otherwise processes personal data in connection with your access or use of (a) the Virtue Foundation website at virtuefoundation.org, vfmatch.org and any other subdomains of virtuefoundation.org or vfmatch.org, worldcompendium.org (collectively, the “Website”), (b) any content, functionality, platform or service offered on or through the Website, (c) our proprietary software, VF Match, including any website, browser, online implementations or versions related to such software (such proprietary software, specifically, the “Software”), and/or any specific products or services that reference or link to this Privacy Policy (all of the foregoing (a) – (d), collectively, the “Services”).
The Software is a web-based platform that uses artificial intelligence (“AI”) and machine learning technology, including, without limitation, generative artificial intelligence, machine learning, deep learning, neural networks, natural language processing, computer vision, reinforcement learning, expert systems, robotic process automation, and other forms of AI or automated decision-making developed by Virtue Foundation and/or third-party providers, such as smart search, recommendations, conversational assistants, image and document analysis, predictive analytics, geospatial intelligence, anomaly detection, autonomous agents, contextual and other guidance (such features, the “AI Features”) to connect healthcare needs with healthcare resources worldwide. The Software collects publicly available data from the internet as well as data from other sources and uploads it to data processing platforms operated by Virtue Foundation and our partners, where it is processed and enhanced using generative AI technology. The Software does not make any healthcare decisions or offer healthcare advice; it identifies areas where healthcare is needed.
IMPORTANT: Users are expressly prohibited from uploading personal data to the Software. The Software is designed to process publicly available information only. Any personal data that may be incidentally collected is subject to this Privacy Policy.
This Privacy Policy does not address our privacy practices relating to Virtue Foundation job applicants, employees, and other personnel.
1. Identity and Contact Details of the Data Controller
Virtue Foundation is the data controller responsible for your personal data processed in connection with the Services. Our contact details are:
Virtue Foundation106 East 85th Street #NE1, New York, NY 10029
Email: [email protected]
2. Categories of Personal Data Processed
The categories of personal data we collect depend on how you interact with us and our Services. We collect personal data in the following ways:
Personal Data Provided by Individuals
We may collect the following categories of personal data that you provide to us:
- Account Information and Contact Information, including your name, email address, username, password, and other registration details that may be required in connection with your access to the Services (such information, your “Account Credentials”), mailing address and other contact information. We use this information to create and manage your account, authenticate your access to the Services, fulfill your requests or transactions and communicate with you about your account.
- Feedback, including the contents of customer support messages sent through our contact forms, email addresses, support tickets, usability feedback, feature requests, enhancements, ratings, content, performance feedback, operationality feedback, bug reports, validation or verification of responses and outputs, confidence measures, test results, suggestions, comments, ideas and suggestions for improvements to the Services that are communicated by you to Virtue Foundation with regards to the Services through any means, include orally, through email, through images and audio, through the Website or AI Features, or otherwise (“Feedback”). We use this information to investigate and respond to your inquiries, to communicate with you, and to improve our Services.
- Inputs and Usage Content. If you use the Software, we may collect the text prompts, documents, images, and other materials and inputs you submit to the AI features (“Inputs”), as well as usage information, know-how, images, designs, text, materials, metrics, patterns, trends, metadata, benchmarking, log, system, performance, diagnostic, telemetry, configuration, statistical, analytical, or usage data and any insights, analyses, models, algorithms, improvements, or derivative works derived, generated, extracted, created, compiled, processed, aggregated, inferred, learned, or otherwise obtained or produced from, through, or in connection with your use of, or access to, or interaction with, the Services, including the AI Features, and including any integrations, interfaces, or related systems (“Usage Content”). You are prohibited from submitting or uploading any personal data or sensitive information about yourself or others in your Inputs. Certain data that may constitute personal data may be collected incidentally by the Software, but the Software is designed not to use or store such data.
Personal Data Automatically Collected
We, and our third-party partners, automatically collect information when you access and use our Services. We typically collect this information through the use of cookies, web beacons, pixels, embedded scripts, and other automatic data collection technologies. Information we collect automatically may include:
- Device and Network Information, including device type, operating system, Internet Protocol (“IP”) address, browser type, Internet service provider, and unique identifiers associated with your device or network.
- Usage Information, including how you interact with our Services, pages you visit, features you use, links you click, the date and time of your access, duration of your visit, and referring/exit pages.
- Location Information, including general geographic location that we or our third-party providers may derive from your IP address.
Personal Data from Other Sources
We may receive personal data from other sources, including:
- Our Affiliates: Virtue Foundation affiliated entities may share personal data with us for purposes consistent with this Privacy Policy.
- Service Providers: Our service providers that perform services on our behalf may collect personal data and share some or all of this information with us.
- Publicly Available Data: The Software may collect and process publicly available data from the internet to identify healthcare needs and underserved areas. This may include, for example, general demographic information, healthcare resource availability data, and other publicly accessible information. This data is not intended to include personal data of identifiable individuals.
3. Purposes of Processing
We use the personal data we collect for the following purposes:
- To Provide and Maintain the Services: To operate, maintain, administer, and improve the Software and Services; to manage your account and provide you access to the Services; to process and respond to your requests; and to provide technical support and customer service.
- To Communicate with You: To send you service announcements, technical notices, updates, security alerts, administrative messages, and to respond to your inquiries and provide customer support.
- To Provide AI Features: To process your Inputs and generate or otherwise obtain or produce Usage Content, including AI-generated content; to share Inputs and Usage Content with third-party providers that support the AI Features; and to improve the AI Features and other Services.
- To Analyze and Improve Services: To conduct research and analytics; to better understand user needs; to improve and personalize the Services; and to create aggregated or de-identified data for analytical purposes.
- To Ensure Safety and Security: To detect, prevent, and address fraud, security threats, unauthorized activity, and other illegal or harmful activity; to protect the rights, privacy, safety, and property of Virtue Foundation and others; and to enforce our Terms of Service.
- To Comply with Law: To comply with applicable laws, legal obligations, and legal processes; to respond to requests from government authorities; and to establish, exercise, or defend legal claims.
- With Your Consent: For any other purpose for which you provide your personal data or for which you have otherwise consented.
4. Legal Bases for Processing
We process your personal data when we have a valid legal basis to do so under applicable data protection laws, including the General Data Protection Regulation (“GDPR”). The legal bases we rely on to process your personal data include:
- Legitimate Interests: Processing is necessary for our legitimate interests in fostering our mission and providing services or those of a third party, provided those interests are not overridden by your rights and interests. Our legitimate interests include: operating, improving, and marketing our Services; communicating with you; ensuring the security of our Services; and conducting analytics. We consider the potential impact on you before processing your personal data based on legitimate interests.
- Contract Performance: Processing is necessary to perform our contract with you (including our Terms of Service) or to take steps at your request prior to entering into a contract. This includes creating and managing your account, providing the Services, and responding to your inquiries.
- Consent: In certain cases, and where required by law, we will obtain your consent before collecting or processing your personal data. When we rely on your consent, you have the right to withdraw your consent at any time by contacting us at [email protected].
- Legal Obligation: Processing is necessary for compliance with certain legal obligations to which we are subject, such as responding to lawful requests from public authorities.
5. Disclosure of Personal Data
We may disclose or share your personal data with the following categories of recipients:
- Affiliates: We may disclose your personal data to Virtue Foundation affiliates and related entities for purposes consistent with this Privacy Policy.
- Service Providers and Data Processors: We engage third-party companies and individuals to perform services on our behalf, such as hosting, data processing, analytics, customer support, and other operational services.
- AI Technology Providers: As described in our Terms of Service, we may share Inputs and Usage Content with third-party providers that support the AI Features in order to provide and improve the Services.
- Data Processing Partners: The Software uploads publicly available data to data processing platforms operated by Virtue Foundation partners, where the data is structured and enhanced using generative AI technology.
- Legal and Regulatory Authorities: We may disclose personal data to third parties, such as legal advisors, courts, and law enforcement authorities to:
- detect, suppress, prevent and investigate fraud, security incidents, or other harmful or illegal activity;
- comply with applicable laws or respond to lawful requests and legal process; and
- protect our rights, property, and safety, and that of our users and the public.
- Business Transfers: If Virtue Foundation is involved in a merger, acquisition, reorganization, sale of assets, or other strategic transaction, your personal data may be transferred in relation to such transaction.
- With Your Consent: We may disclose your personal data to other third parties with your consent or at your direction.
6. International Data Transfers
Virtue Foundation is headquartered in the United States. The Software will be used internationally, and your personal data may be transferred to and processed in the United States or other countries outside your jurisdiction where data protection laws may differ from those in your jurisdiction.
Where we transfer personal data from the European Economic Area (“EEA”), the United Kingdom, or Switzerland to countries not deemed by the relevant authorities to provide an adequate level of data protection, we ensure that appropriate safeguards are in place. These safeguards may include:
- Standard Contractual Clauses: For transfers from the EEA, we may rely on the European Commission’s Standard Contractual Clauses (“SCCs”). For transfers from the United Kingdom, we may rely on the UK International Data Transfer Agreement (“IDTA”) or the UK Addendum to the EU SCCs, as applicable.
- Adequacy Decisions: We may transfer personal data to countries that have received an adequacy decision from the relevant authority recognizing that such country provides an adequate level of data protection.
- Other Mechanisms: For transfers from other jurisdictions, we employ transfer mechanisms recognized under applicable local data protection law.
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.
To determine appropriate retention periods, we consider: the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process the data and whether we can achieve those purposes through other means; and applicable legal requirements.
If your account is terminated or deactivated, we will delete or anonymize your personal data within a reasonable period, unless a longer retention period is required or permitted by law.
8. Security Measures
The security of your personal data is important to us. We seek to implement appropriate technical, physical, and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
As stated in our Terms of Service, you are responsible for implementing appropriate IT security safeguards (including anti-virus and other security checks) to protect your own devices and data.
9. Automated Decision-Making and Profiling
The Software utilizes artificial intelligence and machine learning technologies to identify healthcare needs and underserved areas based on publicly available data. The Software is not designed to provide healthcare for any particular person. We are committed to the responsible and transparent use of AI in our Services.
Important Disclaimer: As stated in our Terms of Service, AI Features may be a useful tool, but are not a substitute for human judgment. AI Features can be prone to “hallucinations,” false information, or stale data, and, therefore, Usage Content or other information or data generated by or through your use of the AI Features, including any responses and outputs, must always be carefully verified by a human. Outputs generated by the AI Features are not, and you agree not to use them as, valuations, guarantees, medical diagnoses, medical advice, legal advice, or assurances regarding the availability or quality of medical services. The AI Features are not a substitute for professional or medical advice.
We do not use your personal data to make decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects concerning you, unless we have obtained your explicit consent, the processing is necessary for performance of a contract, or it is authorized by applicable law. Where automated decision-making is employed, you have the right to obtain human intervention, express your point of view, and contest the decision.
10. Data Subject Rights
Under applicable data protection laws, including the GDPR, you may have certain rights regarding your personal data. These rights, described below, may be subject to limitations and exceptions under applicable law. To exercise any of these rights, please contact us at [email protected].
- Right of Access: You have the right to request access to your personal data and to receive a copy of the personal data we hold about you.
- Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
- Right to Erasure: You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent (the “right to be forgotten”).
- Right to Restriction: You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance from us, where technically feasible.
- Right to Object: You have the right to object to processing of your personal data based on our legitimate interests or for direct marketing purposes. Where you object to processing based on legitimate interests, we will cease processing unless we demonstrate compelling legitimate grounds that override your rights.
- Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Rights Regarding Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects concerning you, unless such processing is necessary for a contract, authorized by law, or based on your explicit consent.
- Shine the Light Law for California Residents: Individuals who are California residents may request (a) a list of categories of personal data disclosed to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes and (b) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please send us an email or a letter to the addresses in Section 16 (Contact Us) below and specify that you are making a “California Shine the Light” request. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
We will respond to your request within the timeframes required by applicable law. We may request specific information from you to help us confirm your identity and process your request.
13. Children’s Personal Data
Our Services are not directed to, and we do not intend to or knowingly collect or solicit personal data from, children under the age of 18. If you are under the age of 18, you should not use our Services or otherwise provide us with any personal data.
If we learn that we have collected personal data from a child under 18 without verification of parental consent where required, we will take steps to promptly delete that information. If you believe that a child under 18 has provided personal data to us, please contact us at [email protected].
14. Third-Party Websites and Services
Our Services may contain links to third-party websites, mobile apps, software, social media platforms, data, or other content maintained by third parties (“Third-Party Websites”). These links are provided merely as a convenience. This Privacy Policy does not apply to the personal data practices of such third parties. We encourage you to read the privacy policies of any Third-Party Websites that you visit. Your use of Third-Party Websites is at your own risk and will be governed by any applicable third-party terms and policies.
15. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the “Last Updated” date at the top of this Privacy Policy.
If we make material changes to this Privacy Policy, we will endeavor to notify you by email to your registered email address, by prominent posting on our website, or through other appropriate communication channels, prior to the change becoming effective. Where required by applicable data protection laws, we will obtain your consent to material changes that affect the processing of your personal data.
Your continued use of the Services after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Virtue Foundation106 East 85th Street #NE1, New York, NY 10029
Email: [email protected]
Complaints Procedure
If you have concerns or are otherwise dissatisfied with how we have handled your personal data or any privacy request, please contact us first at the address above so that we may attempt to resolve the matter. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority, as described in Section 11 (Supervisory Authority and Complaints) above.