Why nonprofit governance matters for personal data
Privacy settings help. Good intentions matter. But neither one protects you when the incentives of the organization holding your data point another direction.
Most conversations about data privacy focus on control: what you can see, what you can delete, which settings you can toggle. These things matter. But they address the symptom, not the cause.
The deeper question isn't “what can I turn off?” It's “who is holding this data, and what do they actually have an incentive to do with it?”
That question is answered by governance — not by settings.
The usual model — and why it falls short
When a company collects your data, it typically does so under a privacy policy — a document that describes what the company commits to doing (or not doing) with what it collects. That policy is written by the company, enforced by the company, and can be updated by the company with a few weeks' notice.
This isn't a hypothetical problem. Companies that start with strong privacy commitments regularly loosen them over time — not because they set out to deceive anyone, but because they're under pressure to grow. Advertising revenue looks appealing when growth slows. Data licensing becomes attractive when costs rise. An acquisition brings new owners with different priorities.
Each of those pressures is predictable. The question is whether the structure of the organization holding your data is designed to resist them — or whether it's designed for a different purpose entirely.
Incentives shape behavior more reliably than promises do.
A company with shareholders has a structural incentive to maximize the value it extracts from the assets it holds — including your data. A nonprofit foundation with no shareholders and a legally restricted mission has a structural incentive to do its job, which is protecting participant data. That difference matters more than any privacy policy.
How LLIF's structure changes the situation
LLIF is a 501(c)(3) nonprofit foundation. That means it has no shareholders, no exit strategy, and no acquisition path. But more importantly for the question of data protection, it means that participant data held by LLIF is legally classified as a donor-restricted asset — a specific designation under IRS nonprofit governance rules that makes the data itself permanently protected.
Under this classification, the data cannot be sold. It cannot be licensed for advertising. It cannot be transferred to a buyer in an acquisition. It cannot be repurposed for commercial ends by a future CEO who decides the foundation needs new revenue streams. These aren't policy commitments that can be walked back with updated terms. They are legal constraints that survive leadership changes, financial pressure, and organizational circumstance.
The board of directors — which is independent of LLIF's founding team — holds exclusive authority over any change to how participant data is governed. No single person can override these protections. Changing them would require a full board vote and formal IRS notification. That's not a soft safeguard. That's law.
What this means in practice
For a person using an app built on LLIF's foundation, it means a few concrete things:
Your data won't follow a company through a sale.
When companies get acquired, user data typically transfers to the new owner — sometimes to entities you'd never have shared with voluntarily. LLIF's nonprofit structure means this can't happen to data it governs. A nonprofit can't be acquired. Its assets can't be redirected to commercial use.
You won't slowly lose protections you were promised.
Incentive drift is real, and it's gradual. Policies change. Features get added that erode earlier commitments. Under LLIF's structure, the core protections — no data sale, no commercial exploitation, consent-based participation — are embedded in governing documents that require a board vote and legal process to change. They can't erode quietly.
The organization holding your data isn't trying to monetize it.
LLIF's operating costs are funded through grants and program fees, not data monetization. There is no financial model here that depends on extracting value from what it knows about participants. The foundation's success isn't measured in data revenue.
Governance applies to everyone who touches your data.
Every developer or researcher who accesses participant data through LLIF must execute the LLIF Data Partner Agreement — which binds them to the same standards LLIF holds itself to. The protections don't stop at LLIF's edge.
Trust needs structure
The point isn't that companies are bad or that people at commercial companies don't care about privacy. Many of them care a great deal. The point is that caring isn't enough — because caring doesn't bind future decisions the way structure does.
When you share something personal, you're implicitly extending trust over time. Not just for today's version of the organization, with today's leadership and today's intentions. Trust over time requires a structure that outlasts people — one that doesn't depend on whoever happens to be in charge remaining good.
That's what LLIF is built to be. Not a promise. A structure.