Privacy Policy

Givable Privacy Policy
Effective Date: 10/26/2025

This Privacy Policy describes how Givable LLC (“Givable,” “we,” “us,” or “our”) collects, uses, stores, and protects information in connection with the use of our fundraising platform, websites, and related services (collectively, the “Services”). This Policy applies to nonprofit organizations, their staff and administrators, donors, and visitors who interact with the Services.

1. Roles Under Data Protection Laws

For purposes of applicable data protection laws, nonprofit organizations using Givable are the “data controllers” (or “businesses” under the CCPA) responsible for determining the purposes and means of processing donor data. Givable acts as a “data processor” (or “service provider” under the CCPA), processing personal data on behalf of organizations. Donors who wish to exercise their rights may do so through the organization they donated to, though Givable will assist organizations in fulfilling such requests.

2. Information We Collect

We may collect the following categories of personal data:

– Donors: name, email address, phone number, mailing address, payment details, donation history, communication preferences, profile photos, and responses to custom form questions created by organizations.

– Organization administrators and staff: name, email, login credentials (encrypted and stored using secure industry-standard algorithms), account activity logs, and login history.

 

– Technical information: IP addresses, geolocation data, time and date of access, device/browser information, and cookies or similar tracking technologies.

3. How We Use Information

We use personal data only as necessary to provide and improve the Services. This includes:

– Processing donations and delivering fundraising tools.
– Sending receipts, confirmations, and communications on behalf of organizations.

– Providing donors with access to donation histories and account preferences.
– Supporting fraud prevention and security monitoring.
– Improving platform performance and features (using anonymized and aggregated data).
– Sending marketing and product updates to organization administrators, with the ability to opt out.

4. Sharing Information with Third Parties

We share data with trusted third-party service providers who assist in delivering the Services. These providers may include payment processors, email and SMS delivery services, hosting and infrastructure providers, analytics tools, CRM and donor management integrations, and customer support platforms. We do not sell personal information. Any sharing of personal data is limited to what is necessary to provide the Services, and all providers are contractually obligated to protect the confidentiality and security of the data.

5. Data Retention

We retain personal data for as long as an organization’s account is active and as necessary to provide the Services. Upon account closure, Givable may retain personal and transaction data for as long as necessary to comply with legal, regulatory, and tax obligations (generally up to seven years for financial records). Organizations may request deletion of donor personal data, subject to applicable law and donor confirmation. Anonymized and aggregated data may be retained indefinitely for analytics and product improvement.

6. International Data Transfers

Givable operates in the United States. If you are located outside of the United States or Canada and interact with the Services, your data may be transferred to and processed in the United States. Where required, we implement safeguards such as Standard Contractual Clauses (SCCs) to ensure appropriate protection for cross-border transfers.

7. Security

We take reasonable and appropriate measures to protect personal data from unauthorized access, use, or disclosure. This includes encryption of data at rest and in transit (AES-256, TLS/SSL), secure password hashing (e.g., bcrypt or argon2), and continuous monitoring of systems. We comply with PCI-DSS standards for payment data security. While we are pursuing SOC 2 and ISO 27001 certifications, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have rights under GDPR, CCPA, or other applicable laws, including:

– Right to access, correct, or update your personal information.
– Right to request deletion of your personal information.

– Right to restrict or object to the processing of your data.
– Right to data portability.
– Right to opt out of marketing communications.

Donors should direct requests to the organization they donated to. Givable will support organizations in fulfilling such requests. You may also contact Givable directly at privacy@givable.com.

9. Children’s Privacy

The Services are not intended for children under 13 years of age, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 13 without appropriate consent, we will delete it promptly.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on our website with an updated effective date. We encourage you to review this Policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@givable.com