Privacy Policy - NonprofitStream CRM

INTRODUCTION

At NonprofitStream (operated by Automaticlick Inc.), we are committed to protecting your privacy and handling your personal information with care and respect. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Service.

By using NonprofitStream, you consent to the collection and use of your information as described in this Privacy Policy.

This Privacy Policy applies to:

Our website at nonprofitstream.com
Our web application
Our mobile applications
All related services (collectively, the "Service")

Information We Collect
How We Use Your Information
How We Share Your Information
Data Security
Data Retention
Your Privacy Rights
Children's Privacy
International Data Transfers
Cookies and Tracking Technologies
Data Breach Notification
Regional Privacy Laws
Third-Party Links and Services
Changes to This Privacy Policy
Contact Us

1. INFORMATION WE COLLECT

We collect different types of information depending on how you interact with our Service.

1.1 INFORMATION YOU PROVIDE TO US

A) Account Information

When you create an account, we collect:

Organization name and type
Your name and email address
Password (encrypted)
Phone number (optional)
Organization address
Billing information
Tax/charitable registration number (if applicable)

B) Profile Information

As you use the Service, you may provide:

Additional contact information for your team members
Organization logo and branding
Communication preferences
Time zone and language preferences

C) Donor and Constituent Data

You enter information about your donors and constituents, including:

Names and contact information
Donation history and amounts
Communication preferences
Custom fields and notes
Event attendance
Demographic information you choose to track

Important: This data belongs to you. We process it on your behalf to provide the Service.

D) Payment Information

When you subscribe or accept donations:

Credit/debit card information (processed and stored by Stripe)
Billing address
Transaction history

We do NOT store complete credit card numbers on our servers

E) Communications

When you contact us:

Content of your emails, messages, or support tickets
Phone call recordings (with your consent, for training purposes)
Feedback, surveys, or reviews you submit

F) Content You Create

Information you generate using the Service:

Email campaign content
Newsletter text and images
Reports and documents
Notes and records

1.2 INFORMATION WE COLLECT AUTOMATICALLY

A) Usage Information

We automatically collect:

Pages and features you access
Time spent on pages
Actions you take within the Service
Search queries within the Service
Buttons and links you click
Frequency and duration of your use

B) Device Information

When you access the Service, we may collect:

IP address
Approximate geographic location (based on IP address)
Browser type and version
Operating system
Device type (desktop, mobile, tablet)
Screen resolution

C) Log Data

Our servers automatically record:

Date and time of access
URLs visited
HTTP status codes
Referring URLs
Error messages
Performance data

D) Cookies and Similar Technologies

We use:

Session cookies (essential for Service functionality)
Persistent cookies (for preferences and settings)
Analytics cookies (to understand Service usage)

See Section 9 for detailed information about cookies

1.3 INFORMATION FROM THIRD PARTIES

A) Payment Processor

Payment status and confirmation
Partial card information (last 4 digits)
Billing address verification
Fraud detection signals

B) Email Service Provider

Email delivery status
Open and click rates (aggregated)
Bounce and unsubscribe information

C) Integration Partners

If you connect third-party services (Gmail, QuickBooks, etc.):

Data you authorize us to access from those services
Synchronization status and error logs

2. HOW WE USE YOUR INFORMATION

2.1 TO PROVIDE AND IMPROVE THE SERVICE

We use your information to:

Create and maintain your account
Process your subscription payments
Provide customer support and respond to your inquiries
Send you service-related communications (confirmations, invoices, technical notices)
Deliver the core features of the Service (donor management, email campaigns, reporting, etc.)
Troubleshoot problems and fix bugs
Perform analytics to understand how the Service is used
Develop new features and improve existing ones
Conduct research and analysis to improve nonprofit fundraising best practices

2.2 TO COMMUNICATE WITH YOU

We use your information to:

Send you updates about the Service (new features, changes, improvements)
Send you newsletters and educational content about nonprofit management (if you opt in)
Notify you about your account activity (failed payments, security alerts)
Respond to your questions and requests
Request feedback through surveys
Send you marketing communications about our Service (you can opt out)

2.3 TO ENSURE SECURITY AND PREVENT FRAUD

We use your information to:

Verify your identity
Detect and prevent fraud, abuse, and security incidents
Monitor for suspicious or unauthorized activity
Enforce our Terms of Service
Comply with legal obligations
Protect our rights, property, and safety

2.4 TO COMPLY WITH LEGAL OBLIGATIONS

We use your information to:

Respond to legal requests (subpoenas, court orders, government demands)
Comply with applicable laws and regulations
Establish, exercise, or defend legal claims
Protect the rights, property, or safety of us, our users, or others

2.5 FOR ANALYTICS AND RESEARCH

We use aggregated, anonymized data to:

Understand industry trends in nonprofit fundraising
Create benchmarking reports
Improve our Service and develop new products
Conduct research to advance the nonprofit sector

Note: Aggregated data does not identify you or your donors individually.

2.6 WITH YOUR CONSENT

We may use your information for other purposes with your explicit consent.

3. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information to third parties. We only share your information in the following limited circumstances:

3.1 SERVICE PROVIDERS

We share information with third-party companies that help us operate the Service:

Payment Processing

Processes subscription
Information shared: Billing information, transaction details
Purpose: Payment processing and fraud prevention

Email Delivery

Delivers email campaigns and transactional emails
Information shared: Email addresses, email content, delivery metrics
Purpose: Email delivery and tracking

Cloud Hosting

Hosts our servers and databases
Information shared: All data stored in the Service
Purpose: Infrastructure and data storage
Security: Data encrypted at rest and in transit

Our Commitments to Service Providers:

We require all service providers to:

Protect your information with appropriate security measures
Use your information only for the purposes we specify
Not disclose your information to third parties without authorization
Comply with applicable privacy laws

3.2 YOUR INTEGRATIONS

If you connect third-party services to NonprofitStream:

You control what data is shared with those services
We share only the data necessary for the integration to function
The third party's privacy policy governs their use of your data
You can disconnect integrations at any time

Examples:

Google Calendar: We share only event data you choose to sync

3.3 BUSINESS TRANSFERS

If NonprofitStream is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction:

Your information may be transferred as part of that transaction
We will notify you (via email and/or prominent notice on our Service) before your information becomes subject to a different privacy policy
You will have the option to delete your account and data before the transfer

3.4 LEGAL REQUIREMENTS

We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to:

Comply with a subpoena, court order, or other legal process
Respond to lawful requests by public authorities (law enforcement, regulators)
Enforce our Terms of Service or other policies
Protect the rights, property, or safety of NonprofitStream, our users, or the public
Detect, prevent, or address fraud, security, or technical issues

Our Commitment:

We will notify you of legal requests for your information unless prohibited by law
We will challenge overbroad or inappropriate requests
We publish annual transparency reports disclosing government requests (if any)

3.5 AGGREGATED OR ANONYMIZED DATA

We may share aggregated or anonymized data that cannot identify you or your donors:

Industry benchmarking reports
Nonprofit sector research
Marketing materials
Public presentations and blog posts

Example: "Nonprofits using monthly giving programs see 25% higher donor retention" (no individual organization identified)

3.6 WITH YOUR CONSENT

We may share your information for other purposes with your explicit consent.

3.7 WHAT WE DON'T SHARE

We do NOT:

Sell your personal information to anyone
Share your donor information with other nonprofits
Rent or lease your data
Use your donor data for our own marketing purposes
Share your information with advertisers

4. DATA SECURITY

We take data security seriously and implement multiple layers of protection to safeguard your information.

4.1 TECHNICAL SAFEGUARDS

Encryption

In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2+ (HTTPS)
At Rest: Signatures are encrypted

Infrastructure Security

Servers hosted in secure, certified data centers
Firewall protection on all servers

4.2 YOUR SECURITY RESPONSIBILITIES

You play a critical role in securing your data:

Choose a strong, unique password
Enable multi-factor authentication
Do not share your login credentials
Log out when using shared devices
Keep your contact information current
Report suspicious activity immediately to security@nonprofitstream.com

4.3 LIMITATIONS

While we implement industry-leading security measures:

No method of transmission over the internet is 100% secure
No electronic storage system is completely impenetrable
We cannot guarantee absolute security
You use the Service at your own risk

We will never ask you for your password via email or phone. If you receive such a request, it is a phishing attempt - do not respond and report it to security@nonprofitstream.com.

5. DATA RETENTION

5.1 DURING ACTIVE SUBSCRIPTION

We retain your information for as long as your account is active and you continue to use the Service.

5.2 AFTER ACCOUNT CANCELLATION

When you cancel your subscription:

30-Day Retention Period: We retain your data for 30 days in case you wish to reactivate
During this period: You can log in (view-only mode) and export your data
Purpose: Allows you to change your mind or retrieve your data

5.3 AFTER 30-DAY PERIOD

After the 30-day retention period:

We permanently delete your account data
Deletion is irreversible - data cannot be recovered
Backups containing your data are also deleted according to our backup rotation schedule (typically within 60 days of account deletion)

5.4 WHAT WE RETAIN

Even after account deletion, we may retain:

Aggregated, anonymized data (for analytics and research)
Transaction records (for accounting and tax purposes, 7 years)
Communications with customer support (for quality assurance, 2 years)
Legal compliance records (as required by law)

5.5 LEGAL HOLDS

If your data is subject to a legal hold (litigation, investigation, audit):

We may be required to retain your data longer than stated above
We will notify you if legally permitted
Data will be deleted once the legal hold is released

5.6 YOUR RIGHT TO DELETION

You have the right to request deletion of your data at any time. See Section 6 for details on exercising this right.

6. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information.

6.1 ACCESS

Right to Know: You have the right to request access to the personal information we hold about you.

How to Exercise:

Log in to your account and view your profile
For additional information, email info@automaticlick.com
We will respond within 30 days

What We Provide:

Categories of personal information we collect
Specific pieces of personal information we hold
Sources from which we collected the information
Purposes for which we use the information
Categories of third parties with whom we share information

6.2 CORRECTION

Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information.

How to Exercise:

Log in to your account and update your profile information
For assistance, email support@nonprofitstream.com
We will correct inaccuracies within 30 days

6.3 DELETION

Right to Erasure: You have the right to request deletion of your personal information.

How to Exercise:

Email info@automaticlick.com with your request
We will delete your data within 30 days unless we have a legal obligation to retain it

Limitations: We may retain information if necessary to:

Complete a transaction you requested
Detect security incidents or protect against fraud
Comply with legal obligations
Exercise or defend legal claims

6.4 PORTABILITY

Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.

How to Exercise:

Use the data export feature
Request assistance via support.nonprofitstream@automaticlick.com
We provide data in CSV, JSON, or PDF formats

6.5 OBJECTION AND RESTRICTION

Right to Object: You have the right to object to certain processing of your personal information.

Right to Restriction: You have the right to request restriction of processing in certain circumstances.

How to Exercise:

Email info@automaticlick.com with your specific objection or restriction request
We will evaluate your request and respond within 30 days

6.6 WITHDRAW CONSENT

Right to Withdraw: Where we process your information based on your consent, you have the right to withdraw that consent at any time.

How to Exercise:

Log in to your account and adjust your communication preferences
Click "unsubscribe" in any marketing email
Email info@automaticlick.com

Effect: Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

6.7 AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

6.8 LODGE A COMPLAINT

If you believe we have violated your privacy rights, you have the right to lodge a complaint with a supervisory authority:

Canada: Office of the Privacy Commissioner of Canada (priv.gc.ca)
California: California Attorney General (oag.ca.gov)
European Union: Your local data protection authority

We encourage you to contact us first so we can address your concerns.

7. CHILDREN'S PRIVACY

7.1 AGE RESTRICTION

The Service is NOT intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

7.2 WHAT WE DO IF WE DISCOVER CHILD DATA

If we discover that we have inadvertently collected personal information from a child under 18:

We will delete that information as quickly as possible
We will terminate the associated account
We will not use the information for any purpose

7.3 PARENTAL RIGHTS

If you are a parent or guardian and believe your child under 18 has provided us with personal information:

Please contact us immediately at info@automaticlick.com
Provide your child's name and email address
We will promptly delete the information

7.4 DONOR INFORMATION

If you (the nonprofit) collect information about donors or constituents under 18:

You are responsible for obtaining parental consent as required by law
You must comply with COPPA (U.S.), PIPEDA (Canada), and other applicable laws
We process this data on your behalf as your service provider

8. INTERNATIONAL DATA TRANSFERS

8.1 WHERE YOUR DATA IS STORED

NonprofitStream hosting based in USA. If you access the Service from outside Canada:

Your information will be transferred to and stored in USA
Your information will be processed in USA
Data may be transferred to service providers located in the United States or other countries

8.2 LEGAL BASIS FOR TRANSFERS

We ensure adequate protection for international data transfers through:

Compliance with applicable data protection laws
Ensuring service providers provide adequate data protection
Encryption and security measures during transfer and storage

8.3 CANADIAN DATA RESIDENCY

Our primary data storage is located in USA

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 WHAT ARE COOKIES?

Cookies are small text files stored on your device that help us provide and improve the Service. We use both session cookies (deleted when you close your browser) and persistent cookies (remain on your device for a set period).

9.2 TYPES OF COOKIES WE USE

Essential Cookies (Required)

These cookies are necessary for the Service to function:

Session Authentication: Keeps you logged in as you navigate the Service
Security: Protects against cross-site request forgery (CSRF) attacks
Load Balancing (optional): Distributes traffic across our servers for optimal performance

You cannot opt out of essential cookies as they are required for core functionality.

Functional Cookies (Optional)

These cookies enhance your experience:

Preferences: Remembers your settings (language, time zone, display options)
Recently Viewed: Tracks items you recently accessed for quick navigation
Form Data: Saves form data to prevent loss if you leave a page

Analytics Cookies (Optional)

These cookies help us understand how you use the Service:

Google Analytics: Tracks page views, session duration, and user flows
Internal Analytics: Measures feature usage and performance
Aggregated data only - does not identify you personally

Marketing Cookies (Optional - Currently Not Used)

We do not currently use marketing cookies. If we begin using them in the future, we will:

Update this Privacy Policy
Provide opt-in or opt-out mechanisms
Allow you to control these cookies

9.3 HOW TO CONTROL COOKIES

Browser Settings

You can control cookies through your browser settings:

Chrome: Settings > Privacy and Security > Cookies
Firefox: Settings > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Edge: Settings > Privacy > Cookies

Cookie Preferences (Coming Soon)

We plan to implement a cookie preference center where you can:

View all cookies we use
Enable or disable optional cookies
Update your preferences at any time

Opt-Out of Analytics

To opt out of Google Analytics:

Install the Google Analytics Opt-out Browser Add-on: tools.google.com/dlpage/gaoptout

9.4 EFFECT OF DISABLING COOKIES

If you disable cookies:

Essential cookies: The Service may not function properly
Functional cookies: You may lose preference settings and convenience features
Analytics cookies: We cannot measure and improve the Service as effectively

9.5 OTHER TRACKING TECHNOLOGIES

Web Beacons (Pixel Tags)

We use web beacons in emails to track:

Whether emails were opened
Which links were clicked
Device and location information (aggregated)

You can disable email tracking by:

Blocking images in your email client
Using privacy-focused email services
Unsubscribing from marketing emails

Local Storage

We use browser local storage to:

Cache data for faster loading
Store temporary data between sessions

You can clear local storage through your browser settings

9.6 DO NOT TRACK

Some browsers have a "Do Not Track" (DNT) feature. Currently:

There is no industry standard for responding to DNT signals
We do not respond to DNT signals
We may update our practices if standards develop

10. DATA BREACH NOTIFICATION

10.1 OUR COMMITMENT

We take data security seriously and have implemented measures to prevent data breaches. However, if a breach occurs, we are committed to transparency and prompt action.

10.2 WHAT IS A DATA BREACH?

A data breach is an incident where:

Unauthorized access to your personal information occurs
Personal information is accidentally disclosed
Personal information is lost or stolen
Systems are compromised in a way that exposes personal information

10.3 OUR RESPONSE PROCEDURE

If we discover a data breach:

Within 24 Hours:

Contain the breach and secure systems
Begin investigation to determine scope and impact
Assemble incident response team

Within 72 Hours:

Notify affected users via email
Notify relevant regulatory authorities (as required by law)
Post a notice on our website/Service

Ongoing:

Continue investigation and remediation
Provide regular updates to affected users
Implement additional safeguards to prevent future breaches
Conduct post-incident review

10.4 YOUR ACTIONS AFTER A BREACH

If your data is involved in a breach, we recommend:

Change your password immediately
Monitor your accounts for suspicious activity
Be alert for phishing attempts
Review your credit report (if financial data was compromised)
Consider identity theft protection services (if appropriate)

10.5 REGULATORY OBLIGATIONS

We comply with breach notification laws, including:

PIPEDA (Canada): Notify Privacy Commissioner and affected individuals if breach creates "real risk of significant harm"
CCPA (California): Notify California Attorney General and affected individuals

11. REGIONAL PRIVACY LAWS

We comply with privacy laws in the jurisdictions where we operate and where our users are located.

11.1 CANADIAN PRIVACY LAW (PIPEDA)

Applicability: We are subject to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

Our PIPEDA Commitments:

Accountability
- We are responsible for personal information in our possession or control
- We use contracts to ensure third-party service providers protect your information
Identifying Purposes
- We identify the purposes for collecting personal information before or at the time of collection
- We limit collection to what is necessary for identified purposes
- Purposes are described in this Privacy Policy
Consent
- We obtain your consent for collection, use, and disclosure of personal information
- Consent may be express or implied depending on sensitivity and context
- You can withdraw consent at any time (subject to legal or contractual restrictions)
Limiting Collection
- We collect only information necessary for identified purposes
- We collect information by fair and lawful means
Limiting Use, Disclosure, and Retention
- We use or disclose personal information only for purposes for which it was collected (unless you consent otherwise or as required by law)
- We retain personal information only as long as necessary for identified purposes
Accuracy
- We keep personal information as accurate, complete, and up-to-date as necessary
- You can request correction of inaccurate information
Safeguards
- We protect personal information with security safeguards appropriate to sensitivity
- Security measures described in Section 4
Openness
- We make information about our privacy policies and practices readily available
- This Privacy Policy describes our practices
Individual Access
- You have the right to access your personal information
- You can challenge the accuracy and completeness of information
- See Section 6 for access procedures
Challenging Compliance
- You may challenge our compliance with PIPEDA
- Contact our Privacy Officer: info@automaticlick.com
- You may file a complaint with the Privacy Commissioner of Canada

PIPEDA Resources:

Office of the Privacy Commissioner of Canada: priv.gc.ca
File a complaint: priv.gc.ca/en/report-a-concern

11.2 CALIFORNIA PRIVACY LAW (CCPA/CPRA)

Applicability: If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights.

Information We Collect (Last 12 Months):

Category	Collected	Sources	Business Purpose	Shared With
Identifiers (name, email, IP address)	Yes	You, automatically	Provide Service, security	Service providers
Commercial information (donations)	Yes	You	Provide Service, analytics	Service providers
Internet activity (browsing, usage)	Yes	Automatically	Analytics, improve Service	Service providers
Geolocation (approximate)	Yes	Automatically	Fraud prevention	Service providers
Professional information (job title, organization)	Yes	You	Provide Service	Service providers
Inferences (preferences, behavior)	Yes	Derived from above	Personalization, analytics	Service providers

Your California Rights:

Right to Know
- Request disclosure of personal information we collected, used, disclosed, or sold
- Request specific pieces of personal information we hold
- See Section 6.1
Right to Delete
- Request deletion of your personal information (subject to exceptions)
- See Section 6.3
Right to Correct
- Request correction of inaccurate personal information
- See Section 6.2
Right to Opt-Out of Sale or Sharing
- We do NOT sell your personal information
- We do NOT share your personal information for cross-context behavioral advertising
- No opt-out necessary
Right to Limit Use of Sensitive Personal Information
- We do not use or disclose sensitive personal information for purposes other than providing the Service
- No limitation request necessary
Right to Non-Discrimination
- We will not discriminate against you for exercising your CCPA rights
- Same price and service for all users

How to Exercise California Rights:

Email: info@automaticlick.com
Verification:
- We will verify your identity before responding to requests
- Verification may require:
  - Matching information you provide with information we have on file
  - Additional documentation for sensitive requests
Response Time:
- We will respond within 45 days
- We may extend by an additional 45 days if necessary (with notice)
Authorized Agents:
- You may designate an authorized agent to make requests on your behalf
- Agent must provide:
  - Written authorization signed by you
  - Proof of their identity
- We may also require you to verify your identity directly

California Privacy Notice: For California residents, this Privacy Policy serves as our notice at collection as required by CCPA.

12. THIRD-PARTY LINKS AND SERVICES

12.1 LINKS TO OTHER WEBSITES

Our Service may contain links to third-party websites, including:

Integration partners
Industry resources
Customer websites
Social media platforms

Important: We are not responsible for:

The privacy practices of third-party websites
The content of third-party websites
Your interactions with third-party websites

Recommendation: Review the privacy policy of any website you visit.

12.2 SOCIAL MEDIA WIDGETS

We may include social media features on our Service, such as:

Facebook "Like" button
Twitter "Tweet" button
LinkedIn "Share" button

These features:

Are hosted by the social media companies
May collect your IP address and browsing data
May set cookies
Are governed by the social media company's privacy policy

12.3 SINGLE SIGN-ON (SSO)

We may offer SSO through third-party services (Google, Microsoft):

Allows you to log in using existing accounts
We receive limited profile information from the SSO provider
Governed by the provider's privacy policy and your privacy settings with them

13. CHANGES TO THIS PRIVACY POLICY

13.1 RIGHT TO MODIFY

We reserve the right to modify this Privacy Policy at any time to reflect:

Changes in our practices
Changes in applicable laws
New features or services
Feedback from users

13.2 NOTICE OF CHANGES

When we make material changes:

We will update the "Last Updated" date at the top of this Privacy Policy
We will send an email notification to the address associated with your account
We will display a prominent notice in the Service
We will provide at least 30 days' notice before changes take effect

13.3 REVIEW UPDATED POLICY

We encourage you to:

Review this Privacy Policy periodically
Check the "Last Updated" date
Read any change notifications we send

13.4 ACCEPTANCE

Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated Privacy Policy.

13.5 REJECTION

If you do not agree to the updated Privacy Policy:

You must stop using the Service before the effective date
You may request deletion of your account and data
Contact info@automaticlick.com with concerns

14. CONTACT US

14.1 PRIVACY QUESTIONS

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact:

Privacy Officer
Automaticlick Inc. (NonprofitStream)
Email: info@automaticlick.com
Support: support.nonprofitstream@automaticlick.com
Website: nonprofitstream.com/privacy

14.2 DATA PROTECTION CONTACTS

For specific privacy law inquiries:

PIPEDA (Canada): Email: info@automaticlick.com
CCPA (California): Email: info@automaticlick.com

14.3 SECURITY INCIDENTS

To report a security incident:

Email: info@automaticlick.com (Available 24/7)

14.4 RESPONSE TIME

We aim to respond to all privacy inquiries within:

General questions: 5 business days
Access/deletion requests: 30 days
Security incidents: 24 hours
CCPA/GDPR requests: 30-45 days (as required by law)

14.5 COMPLAINTS

If you believe we have violated your privacy rights:

Step 1: Contact us at info@automaticlick.com

We will investigate and respond within 30 days

Step 2: If not satisfied, contact the appropriate authority:

Canada: Office of the Privacy Commissioner (priv.gc.ca)
California: California Attorney General (oag.ca.gov)

We are committed to working with you and authorities to resolve any privacy concerns.

ACKNOWLEDGMENT

By using NonprofitStream, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Last Updated: November 25, 2025
Effective Date: November 25, 2025

This Privacy Policy was designed to be comprehensive, transparent, and compliant with major privacy laws including PIPEDA (Canada), And CCPA/CPRA (California). We are committed to protecting your privacy and handling your data responsibly.

NONPROFITSTREAM PRIVACY POLICY

INTRODUCTION

TABLE OF CONTENTS

1. INFORMATION WE COLLECT

1.1 INFORMATION YOU PROVIDE TO US

A) Account Information

B) Profile Information

C) Donor and Constituent Data

D) Payment Information

E) Communications

F) Content You Create

1.2 INFORMATION WE COLLECT AUTOMATICALLY

A) Usage Information

B) Device Information

C) Log Data

D) Cookies and Similar Technologies

1.3 INFORMATION FROM THIRD PARTIES

A) Payment Processor

B) Email Service Provider

C) Integration Partners

2. HOW WE USE YOUR INFORMATION

2.1 TO PROVIDE AND IMPROVE THE SERVICE

2.2 TO COMMUNICATE WITH YOU

2.3 TO ENSURE SECURITY AND PREVENT FRAUD

2.4 TO COMPLY WITH LEGAL OBLIGATIONS

2.5 FOR ANALYTICS AND RESEARCH

2.6 WITH YOUR CONSENT

3. HOW WE SHARE YOUR INFORMATION

3.1 SERVICE PROVIDERS

Payment Processing

Email Delivery

Cloud Hosting

Our Commitments to Service Providers:

3.2 YOUR INTEGRATIONS

3.3 BUSINESS TRANSFERS

3.4 LEGAL REQUIREMENTS

3.5 AGGREGATED OR ANONYMIZED DATA

3.6 WITH YOUR CONSENT

3.7 WHAT WE DON'T SHARE

4. DATA SECURITY

4.1 TECHNICAL SAFEGUARDS

Encryption

Infrastructure Security

4.2 YOUR SECURITY RESPONSIBILITIES

4.3 LIMITATIONS

5. DATA RETENTION

5.1 DURING ACTIVE SUBSCRIPTION

5.2 AFTER ACCOUNT CANCELLATION

5.3 AFTER 30-DAY PERIOD

5.4 WHAT WE RETAIN

5.5 LEGAL HOLDS

5.6 YOUR RIGHT TO DELETION

6. YOUR PRIVACY RIGHTS

6.1 ACCESS

6.2 CORRECTION

6.3 DELETION

6.4 PORTABILITY

6.5 OBJECTION AND RESTRICTION

6.6 WITHDRAW CONSENT

6.7 AUTOMATED DECISION-MAKING

6.8 LODGE A COMPLAINT

7. CHILDREN'S PRIVACY

7.1 AGE RESTRICTION

7.2 WHAT WE DO IF WE DISCOVER CHILD DATA

7.3 PARENTAL RIGHTS

7.4 DONOR INFORMATION

8. INTERNATIONAL DATA TRANSFERS

8.1 WHERE YOUR DATA IS STORED

8.2 LEGAL BASIS FOR TRANSFERS

8.3 CANADIAN DATA RESIDENCY

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 WHAT ARE COOKIES?

9.2 TYPES OF COOKIES WE USE

Essential Cookies (Required)

Functional Cookies (Optional)

Analytics Cookies (Optional)

Marketing Cookies (Optional - Currently Not Used)

9.3 HOW TO CONTROL COOKIES

Browser Settings

Cookie Preferences (Coming Soon)