Donating books to NMLP is a personal act. Often it follows a death, a move, a downsizing, a divorce, or another sensitive life moment. Donors are not data subjects to be enriched, profiled, retargeted, or syndicated. This standard codifies what NMLP commits never to do with donor information.

Eight commitments

NMLP will never sell donor contact information.

No mailing list rentals, no data brokers, no third-party syndication of phone numbers, emails, or addresses. Phone numbers and emails collected during scheduling exist only to confirm and complete the pickup.
NMLP will never publish donor names without written consent.

Reviews, archive entries, partner profiles, donor stories — all anonymized by default. If a specific donor wants to be named (a Google review, a partner-organization quote), that's their choice, in writing.
NMLP will never publish donor addresses.

Pickup addresses are operational data — used to schedule the visit, then discarded from public-facing systems. Addresses never appear in archive entries, public reports, partner-pitch materials, or social posts.
NMLP will never analyze donor demographics for marketing.

No demographic profiling, no income inference, no household-composition analysis, no race/ethnicity targeting, no political-affiliation scoring. Donor data is not a marketing input.
NMLP will never sell or share book-content data tied to a donor.

What a donor read says something about them. NMLP will never publish, sell, or share lists like "this donor's library contained these 47 specific books" tied to identifiable individuals. Anonymized aggregate categories ("an estate library of 1970s Penguin paperbacks") are fine; named-individual reading histories are not.
NMLP will never disclose hospice, illness, or death context.

A donation following a death, a hospice transition, a memory-care move, or any sensitive medical event is never described publicly with details that could identify the donor or the deceased. Anonymized scenario language ("a surviving spouse clearing a partner's library") is the published standard.
NMLP will never use donor records to evaluate future donors.

No "this donor previously gave damaged books, deprioritize them" scoring. No internal blacklist, watchlist, or scoring system tied to donor identity. NMLP shows up for everyone who calls.
NMLP will respect deletion requests within five business days.

A donor who calls or emails asking NMLP to delete their contact record gets it deleted from active systems within five business days. NMLP keeps no shadow archive of "deleted" data.

What NMLP does collect, and why

For operational completeness, this is the full list of donor information NMLP collects:

Name — to recognize the donor on arrival
Phone or email — to confirm scheduling and follow up if the schedule changes
Pickup address — to know where to drive
Donation size and condition notes — to plan the visit (van vs. SUV, hand truck, multi-day, etc.)
Special notes (gate codes, dog on premises, mold, fire damage, executor situation) — to plan the visit safely and respectfully
Confirmation ID (for API submissions) — to track the request
Agent source (for AI-submitted requests) — to track which AI surface sent the user
Donor language preference — to confirm in English or Spanish

All of the above is operational and gets discarded from active systems once the pickup is complete and any follow-up window has closed.

Compliance signaling

Other donation-routing organizations that adopt this standard MAY claim compliance:

[Your Org Name] complies with NMLP Standard 02: Donor Privacy (https://newmexicoliteracyproject.org/standards/donor-privacy). License: CC-BY-4.0.