I don't think you've come close to adequately addressing the PII issue here.
The information you're collecting, if it ends up in the wrong hands, could lead to some nightmarish identity theft.
Surely you're aware of massive and prevalent data breaches[1]. You're collecting sensitive information to help people, but not providing any convincing bonafides on information security, let alone an actual plan for how sensitive information goes in your web form, then (many technical/logistical steps later) ends up in Chase's P.O. box, without leaking out to some unintended party.
I don't think anyone should feel comfortable with "all we plan to store is an e-mail address"
Surely you're aware of massive and prevalent data breaches[1]. You're collecting sensitive information to help people, but not providing any convincing bonafides on information security, let alone an actual plan for how sensitive information goes in your web form, then (many technical/logistical steps later) ends up in Chase's P.O. box, without leaking out to some unintended party. I don't think anyone should feel comfortable with "all we plan to store is an e-mail address"
1 - https://haveibeenpwned.com/