1. Introduction

GivingFountain ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our donation platform and related services.

2. Information We Collect

Personal Information

We may collect personally identifiable information that you voluntarily provide, including:

• Name and contact information (email address, phone number)
• Account credentials
• Payment information (processed securely through Stripe)
• Organization details for corporate donors
• Donation history and preferences

Automatically Collected Information

With your consent, we use Vercel Analytics to collect usage data such as page views, referral sources, browser type, and device information. This data is anonymized and used solely to improve our services. No analytics data is collected unless you accept our cookie consent banner. You may also collect certain information automatically through essential cookies required for the platform to function (e.g., authentication sessions).

Location Information

When you use the "Near Me" feature to find nearby nonprofits, we request access to your device's location through your browser. This is entirely optional and requires your explicit consent.

When enabled, your coordinates are sent to our servers to find nonprofits within your selected radius. We match your location against U.S. Census Bureau ZIP code centroid data (publicly available geographic reference points) to identify nearby organizations. Your coordinates are used only for the duration of the search request and are not stored in our database.

To preserve your search settings while browsing, your location coordinates are temporarily saved in your browser's session storage. This data is automatically cleared when you close your browser tab and is never transmitted to third parties.

IP Addresses

We automatically collect your IP address when you interact with our platform. IP addresses are used for:

• Rate limiting to prevent abuse of our services
• Security monitoring and threat detection
• IP blocklist enforcement to protect against malicious actors
• Audit logging of administrative actions for accountability
• Error tracking context to help diagnose and resolve issues

IP addresses are stored in security event logs and administrative audit logs. These logs are retained as necessary for security and compliance purposes.

3. How We Use Your Information

We use the information we collect to:

• Process and manage your donations
• Provide tax receipts and donation documentation
• Send donation confirmations and impact reports
• Improve and personalize our platform
• Show nearby nonprofits when you enable location services
• Communicate with you about your account and our services
• Power AI-assisted features such as the Giving Concierge chatbot (when you choose to use them)
• Send transactional emails including donation confirmations, receipts, and notifications
• Monitor and diagnose errors to maintain platform reliability
• Enforce security measures including rate limiting and bot detection
• Comply with legal obligations
• Detect and prevent fraud

4. Information Sharing

We may share your information in the following circumstances:

• With Nonprofits: We share relevant donor information with nonprofits you donate to, enabling them to acknowledge your contribution and provide impact updates.
• Service Providers: We work with trusted third-party service providers who assist in operating our platform, as described in the "Third-Party Service Providers" section below.
• Legal Requirements: We may disclose information when required by law or to protect our rights.

We do not sell your personal information to third parties.

5. Third-Party Service Providers

We use the following third-party services to operate, secure, and improve our platform. Each provider processes data only as necessary for its designated purpose and in accordance with their respective privacy policies.

Supabase (Database & Authentication)

Supabase serves as our database and authentication provider. All user data, donation records, and nonprofit information are stored in Supabase-hosted infrastructure in the United States. Supabase acts as a data processor on our behalf and processes data according to our instructions.

Stripe (Payment Processing)

Stripe handles all payment processing on our platform. Payment card information is collected and processed directly by Stripe and is never stored on our servers. Stripe is a PCI-DSS compliant payment processor. For more information, see Stripe's Privacy Policy.

Sentry (Error Tracking & Performance Monitoring)

We use Sentry to monitor errors and platform performance. When an error occurs, Sentry may collect error stack traces, browser information, device information, IP addresses (for error context), and the page URLs where errors occur. This data is processed in the United States and is used solely to diagnose and fix technical issues. For more information, see Sentry's Privacy Policy.

Anthropic / Claude AI (AI Giving Concierge)

Our AI Giving Concierge chatbot and nonprofit information extraction features are powered by Anthropic's Claude AI. When you explicitly engage the AI feature, your messages are sent to Anthropic's API for processing. Anthropic does not store conversation data beyond what is needed to process your request. The AI feature is entirely opt-in and no data is sent to Anthropic unless you choose to use it. For more information, see Anthropic's Privacy Policy.

OpenAI / DALL-E (Blog Image Generation)

We use OpenAI's DALL-E service to generate cover images for blog posts within our administrative panel. This feature is used exclusively by platform administrators and does not involve any user data. No personal information is sent to OpenAI.

Cloudflare Turnstile (Bot Protection)

We use Cloudflare Turnstile as a CAPTCHA verification service on login, registration, and nonprofit claim forms. Turnstile collects browser fingerprint data and interaction patterns to distinguish legitimate users from bots. This data is processed by Cloudflare in accordance with Cloudflare's Privacy Policy.

Resend (Transactional Email)

We use Resend to deliver transactional emails such as donation confirmations, receipts, and account notifications. Your email address and email content are processed through Resend's API for the sole purpose of delivering these messages. For more information, see Resend's Privacy Policy.

Charity Navigator (Nonprofit Ratings)

We use Charity Navigator's API to display nonprofit ratings, scores, and accountability information on nonprofit profile pages. When you view a nonprofit's profile, we may send that nonprofit's EIN (Employer Identification Number) to Charity Navigator to retrieve their publicly available rating data. No personal user information is shared with Charity Navigator. For more information, see Charity Navigator's Privacy Policy.

ProPublica (Nonprofit Financial Data)

We use ProPublica's Nonprofit Explorer API to retrieve IRS Form 990 financial data for nonprofits in our directory. When you view a nonprofit's profile, we may send that nonprofit's EIN to ProPublica to retrieve their publicly available tax filings. No personal user information is shared with ProPublica.

Vercel (Hosting & Analytics)

Our platform is hosted on Vercel. With your consent, we also use Vercel Analytics to collect anonymized usage data as described in the "Automatically Collected Information" and "Cookies and Tracking" sections above and below.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information. All payment processing is handled by Stripe, a PCI-DSS compliant payment processor. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access and receive a copy of your data
• Correct inaccurate information
• Request deletion of your data
• Opt-out of marketing communications
• Data portability

To exercise these rights, please contact us at the information provided below.

8. Cookies and Tracking

We use cookies and similar technologies in two categories:

• Essential cookies: Required for authentication, security, and core platform functionality. These cannot be disabled.
• Analytics cookies: Used by Vercel Analytics to understand how visitors interact with our platform. These are only activated after you provide consent through our cookie banner.

When you first visit our platform, a consent banner will appear. You may accept or decline analytics cookies. Your preference is stored locally in your browser and respected on all subsequent visits. You can reset your preference at any time by clearing your browser's local storage.

9. Third-Party Links

Our platform may contain links to third-party websites, including nonprofit websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: