Negative donations Wish to Donate Q&A

PRIVACY POLICY

Last updated: 30 June 2025

  • INTRODUCTION

    Thank you for participating in the closed demonstration of the DonateOpen Co. service. ("Company", "we", "us", or "our"). We are a Delaware-incorporated company with our registered office at 16192 Coastal Hwy, Lewes, Sussex, Delaware 19958, United States. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you access our platform at https://donateopen.com or any related online property (collectively, the "Service") during this private, invitation-only testing phase. By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Service.

  • THE DATA WE COLLECT

    2.1. Account Data (Creators and Supporters)

    Email address (required for all accounts). Password hash (we never store plaintext passwords). Stripe Account ID (for Creators only). Social-login attributes from Google, Apple, or other identity providers you authorize: first name, last name, email address, profile picture URL.

    2.2. Payment Data

    All payments are processed by Stripe, Inc. We do not store or see your full card number, CVC, or bank account details. Stripe provides us with: a payment token and, optionally, the last four (4) digits of your card number and card brand for reconciliation purposes.

    2.3. Automatically Collected Data

    At present, we do not run analytics, marketing pixels, or device fingerprinting scripts. Our web servers and CDN (Cloudflare) may log your IP address, request date/time, browser language, and user-agent string. We use a single, anonymous, HTTP-only session cookie as described in Section 6.

  • HOW WE USE YOUR DATA

    We process your personal data for the following purposes: To create and maintain your account. To test and validate the functionality of the Service, including facilitating donations and payouts through our integration with Stripe. To authenticate your sessions and secure the Service. To communicate with you about your account or important service changes. To detect, investigate, and prevent fraud or abuse.

  • LEGAL BASES FOR PROCESSING (EEA/UK USERS)

    The Service is currently in a private, closed beta, available only to invited participants (company employees and designated testers). We do not actively market or direct the Service to the general public in the European Economic Area ("EEA") or the United Kingdom ("UK"). Nevertheless, if we incidentally process personal data of individuals located in the EEA or UK, we rely on the following legal bases: Performance of a contract: to provide the Service you have agreed to test. Legitimate interests: to secure our platform, prevent fraud, test functionality, and improve our Service. Compliance with legal obligations, such as financial record-keeping.

  • DISCLOSURES TO SERVICE PROVIDERS (PROCESSORS)

    We share data with vetted third-party processors under strict data-processing terms. The following providers are active for this demo: Provider: Stripe, Inc. Purpose: Payment processing & payouts Location: USA Provider: DigitalOcean, LLC Purpose: Cloud hosting Location: USA Provider: Cloudflare, Inc. Purpose: CDN & DDoS protection Location: USA Provider: Brevo (Sendinblue SAS) Purpose: Transactional email Location: France / USA Note on future processors: We plan to use PostHog, Inc. (USA) for product analytics after the public launch, but it is not active during this closed demo phase. We do not sell your personal information or share it with any other third parties for marketing or advertising purposes.

  • INTERNATIONAL DATA TRANSFERS

    Your data is stored on servers located in the United States. Where EU/UK personal data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses ("SCCs") and industry-standard safeguards, including TLS 1.2+ encryption in transit and AES-256 encryption at rest. We are evaluating self-certification under the EU-US Data Privacy Framework (DPF).

  • COOKIES & SIMILAR TECHNOLOGIES

    We use only one cookie, which is essential for the Service to function: Cookie: donateopen_session Type: Strictly necessary (HTTP-only) Purpose: Authenticates the current logged-in session Lifespan: Session (expires when browser is closed) Because we use only a strictly-necessary cookie, an EEA consent banner is not required. No analytics, marketing, or tracking cookies are used.

  • DATA RETENTION

    Active accounts: Data is retained until you delete your account or request erasure. Payment records: Retained for the period required to comply with US tax and accounting laws (typically 7-10 years). Server Backups: Kept for up to seven (7) days and then automatically purged.

  • SECURITY MEASURES

    We implement robust security measures, including: Encryption at rest and in transit (TLS 1.2+). OWASP-recommended secure-coding practices. Least-privilege access controls.

  • YOUR PRIVACY RIGHTS

    Depending on your location, you may have rights to access, correct, delete, or port your personal data. To exercise any of these rights, please contact the project lead or email us at [email protected].

  • CHILDREN'S PRIVACY

    The Service is not directed to anyone under the age of 16. We do not knowingly collect personal data from children.

  • CHANGES TO THIS POLICY

    We may update this Privacy Policy. The "Last updated" date at the top of this page indicates the latest revision. As a participant in this closed demo, you will be notified directly of any material changes.

  • CONTACT US

    If you have questions about this Privacy Policy, please email us at [email protected] or write to: DonateOpen Co., 16192 Coastal Hwy, Lewes, DE 19958, USA