Playbook: The BD4D Standard

We make the following commitments to “You,” all of the individuals or organizations that we serve and whose data we touch. We make these commitments to You about “Your Data,” nonpublic information related to You which we collect, analyze, store, and/or share.

In adopting the BD4D Standard, an organization makes and upholds a set of promises to all the people and communities it serves, and specifically to those whose data it collects, uses, and shares.

• “We” is defined as the organization that has adopted Better Deal for Data (the “BD4D Adopter”). This may be an organization that collects data directly, an organization that stores data, an organization that analyzes or processes data, or an organization that uses data to create additional products such as datasets, reports, or AI models based on the data. A single organization may engage in one or more of these activities, and several organizations might touch the same raw or processed data. Data is often processed in sequence by multiple entities, and the BD4D Adopter may be touching data considerably downstream from the original data collector.
• “You” is defined as the people and organizations served by the BD4D Adopter organization, and whose data is being collected, analyzed, stored, and/or shared. These people and organizations have a right to be concerned about how data about them is used. Multiple levels of people and organizations might be considered “You” with respect to the same data.
  • For example, imagine a BD4D Adopter that offers a software tool for community-based organizations to collect data about individuals in their communities. In this case, the “You” includes both the community-based organizations and the individuals in those communities.
• “Your Data” is defined as data and information where “You” would have an expectation that the data would not be made public. This includes data which is collected from, and about, individuals. In short, any nonpublic information that could be reasonably linked to an individual or their household is part of “Your Data.”
  • Examples include personal and sensitive data such as name and address, employment, financial, or medical information, identifiers such as a driver’s license or passport, geographic location, property records, physical characteristics, biometrics, behavioral data, the content of communications, and more.

In addition, the data of organizations, such as information about their internal operations, or their employees, customers, beneficiaries, or users, would also be part of “Your Data,” unless it was collected or shared with the expectation that the data would be made public.

In making these Commitments, an organization must ensure that its operations and data practices fulfill the requirements of the BD4D Standard, particularly with respect to its handling of the data of individuals, groups of individuals, and organizations, referred to in the Commitments as “You.” 

• It must ensure that its consultants, subcontractors, and vendors meet applicable requirements of the Standard.
• It must respect any additional commitments made to data subjects and stakeholders regarding further restrictions on data access, publication, or sharing.

This Declaration applies to all data-related activities of a BD4D Adopter for nonpublic data which meets the definition of “Your Data” above. This includes data collected, stored, or shared in analog or digital forms. The Commitments apply equally to paper and printed data, locally saved documents and spreadsheets, and large datasets stored with a cloud service. This Declaration also applies to human and machine data processing that is not specific to collection, analysis, storage, and/or sharing.

“Your Data” does not include:
 

• Processed or downstream data which is no longer linked to an individual or community.
• Datasets or reports that effectively anonymize the data, such as a nonprofit impact statement (“we served more than one million hot meals in 2025”), or a research report (“a transition to no-till farming practices resulted in an average fertilizer expense reduction of 22%”).
• Data collected with the expectation that it would not be kept as confidential, such as information being gathered for a public directory, as long as that expectation was explicitly communicated and agreed to by the data stakeholders who meet the definition of “You.”
• Data which was collected with the explicit intent of making it open, as long as that intent was fully communicated to data stakeholders who meet the definition of “You.”
• Responsibly sourced data which has been made open or publicly available through the deliberate action of the associated data subjects, including public government data or records.
• Collections of de-identified data which are only made available to third parties who agree to not re-identify the underlying data.
• AI models (including weights) built on top of, or trained on, data, as long as the original data cannot be extracted from such a model.
• Data about third parties who are not providing data directly to, nor are served directly by, the BD4D Adopter or its partners, where the purpose of this data collection would be to support the interests of the communities served, and not the third parties. For example, a human rights organization that serves victims and witnesses, and collects information from them about human rights abusers, does not need to make the BD4D Commitments to the abusers about their data provided by the affected communities.