Donator.Org
Donator.Org
Privacy Policy
How we protect your information and respect your privacy
Information We Collect How We Use Information Information Sharing Your Rights Data Security Cookies & Tracking Data Retention Contact Us
Our Commitment to Your Privacy

At Donator.Org, we believe that charitable giving should be accompanied by the highest standards of privacy protection. This Privacy Policy explains how we collect, use, protect, and handle your personal information when you use our donation platform and handwritten greeting card services.

We are committed to transparency in our data practices and will never sell, rent, or share your personal information with third parties for marketing purposes. Your data is used solely to provide and improve our services, process your donations, and deliver your personalized greeting cards.

Key Privacy Principles:

  • • We never sell or rent your personal data
  • • We collect only what we need to provide our services
  • • We protect your data with bank-level security
  • • You have full control over your personal information
1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • • Name and email address
  • • Profile picture (if you choose to upload one)
  • • Account preferences and settings
  • • Authentication information (password hash, OAuth tokens)

1.2 Donation Information

To process your charitable donations, we collect:

  • • Payment information (credit card details, billing address)
  • • Donation amounts and selected charities
  • • Donation frequency preferences
  • • Tax receipt delivery preferences

1.3 Greeting Card and Shipping Information

For our handwritten greeting card service, we collect:

  • • Recipient names and U.S. mailing addresses
  • • Card personalization messages and handwriting preferences
  • • Font style and card design selections
  • • Delivery instructions, timing preferences, and tracking selections
  • • Phone numbers for delivery notifications (optional)

Physical Address Processing:

  • • Addresses are validated through postal services for deliverability
  • • Shared with our greeting card fulfillment partners for handwriting and mailing
  • • Shared with postal services for mail delivery and tracking
  • • Stored in your address book for future convenience (optional)
  • • Never sold or shared for marketing purposes

1.4 AI-Generated Content and Personalization

Our platform uses AI technology to enhance your greeting card experience. When you use our AI features, we collect:

  • • Message prompts and context you provide for card personalization
  • • Generated message content and your modifications
  • • Tone, style, and sentiment preferences for message generation
  • • Usage patterns to improve AI performance (anonymized after processing)
  • • Feedback on AI-generated suggestions
  • • Charity context used for mission-aligned messaging

AI Transparency Notice:

We use third-party AI language models to generate greeting card messages. Your prompts are processed through secure APIs, but we do not share your personal information with AI providers. Generated content is not used to train AI models unless you explicitly consent. You can opt out of AI features at any time in your account settings.

1.5 Technical Information

We automatically collect certain technical information:

  • • IP address and geographic location
  • • Browser type, version, and language settings
  • • Device type, operating system, and screen resolution
  • • Website usage patterns and navigation history
  • • Cookies and similar tracking technologies

1.6 Communication Information

When you contact us, we collect:

  • • Contact form submissions and support messages
  • • Email correspondence and phone call records
  • • Feedback and survey responses
  • • Customer service interaction history
2. How We Use Your Information

2.1 Core Service Delivery

  • • Processing and transmitting your charitable donations to selected organizations
  • • Creating and delivering personalized handwritten greeting cards
  • • Generating tax-deductible donation receipts
  • • Managing your account and providing customer support
  • • Facilitating communication between you and charitable organizations

2.2 AI and Personalization

We use AI technology to enhance your experience while protecting your privacy:

  • • Generating personalized message suggestions for greeting cards based on charity context
  • • Creating AI-enhanced charity mission statements for better donor engagement
  • • Providing intelligent message variations for different occasions and recipients
  • • Analyzing sentiment to ensure appropriate tone for charitable communications
  • • Customizing content recommendations based on your giving preferences
  • • Enhancing user experience through intelligent autocomplete and suggestions

AI Processing Safeguards:

  • • Your personal data is never included in AI prompts
  • • Generated content is ephemeral and deleted after delivery
  • • You maintain full control to edit or reject AI suggestions
  • • AI features can be disabled entirely in account settings

2.3 Security and Fraud Prevention

  • • Detecting and preventing fraudulent transactions
  • • Monitoring for security threats and unauthorized access
  • • Verifying identity and preventing account abuse
  • • Maintaining audit trails for regulatory compliance

2.4 Communication and Updates

  • • Sending transaction confirmations and service updates
  • • Providing customer support and responding to inquiries
  • • Notifying you of important account or service changes
  • • Sharing relevant charitable giving opportunities (with your consent)

2.5 Analytics and Improvement

  • • Analyzing usage patterns to improve our services
  • • Conducting research on charitable giving trends
  • • Optimizing website performance and user experience
  • • Developing new features and capabilities

2.6 Legal and Regulatory Compliance

  • • Complying with tax reporting and record-keeping requirements
  • • Meeting anti-money laundering and financial regulations
  • • Responding to legal requests and court orders
  • • Protecting our rights and enforcing our terms of service
3. How We Share Your Information

Our Data Sharing Promise:

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We only share your data when necessary to provide our services or as required by law.

3.1 Service Providers

We share information with carefully selected service providers who help us operate our platform. Each provider is bound by strict data processing agreements:

  • • Payment processing services for secure donation and greeting card transactions (PCI DSS Level 1 certified)
  • • Charity verification and donation processing platforms (securely process donor information)
  • • Greeting card fulfillment services for robotic handwriting and mailing (receive only necessary recipient data)
  • • AI language model providers for message generation (no personal data shared, only message context)
  • • Cloud hosting and infrastructure providers for secure data storage (SOC 2 Type II certified)
  • • Email delivery services for transactional messages and receipts
  • • Postal and courier services for physical mail delivery and tracking
  • • Address validation and geocoding services for delivery accuracy

Service Provider Standards:

All service providers must maintain appropriate security certifications, agree to our data processing terms, and limit data use to providing requested services only.

3.2 Charitable Organizations

  • • We share donor information (name, contact details, donation amount) with the charitable organizations you choose to support
  • • This sharing is necessary for donation processing, tax receipt generation, and donor recognition
  • • Charitable organizations may use this information to send thank-you messages and updates about their work
  • • You can opt out of direct communication from charities while still receiving tax receipts

3.3 Legal Requirements

  • • Government agencies for tax reporting and regulatory compliance
  • • Law enforcement when required by valid legal process
  • • Courts and legal authorities in response to subpoenas or court orders
  • • Regulatory bodies for financial services compliance

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections outlined in this policy.

3.5 Anonymous and Aggregated Data

We may share anonymous, aggregated statistical information about donation trends, platform usage, and charitable giving patterns for research and reporting purposes. This data cannot be used to identify individual users.

4. Your Privacy Rights

You have significant control over your personal information. Depending on your location, you may have the following rights under privacy laws such as CCPA, GDPR, and state privacy regulations:

4.1 Access and Portability

  • • Request a copy of all personal information we have about you
  • • Receive your data in a portable format that you can transfer to other services
  • • Access your donation history and card order records
  • • View all third parties we've shared your information with

4.2 Correction and Updates

  • • Correct inaccurate or outdated personal information
  • • Update your contact details and preferences
  • • Modify your recipient address book
  • • Change your communication preferences

4.3 Deletion Rights

  • • Request deletion of your personal information (subject to legal retention requirements)
  • • Close your account and remove associated data
  • • Delete specific pieces of information while maintaining your account
  • • Note: Some information must be retained for tax reporting and regulatory compliance

4.4 Opt-Out Rights

  • • Opt out of non-essential communications and marketing
  • • Disable AI message generation features
  • • Prevent sharing of your information for analytics purposes
  • • Stop processing of your data for certain purposes

4.5 Consent Management

  • • Withdraw consent for data processing activities
  • • Manage cookie and tracking preferences
  • • Control which service providers can access your data
  • • Set preferences for AI data usage

4.6 How to Exercise Your Rights

To exercise your privacy rights:

  • • Email us at privacy@donator.org
  • • Use our online privacy request form
  • • Access your account settings for many self-service options
  • • Contact our support team for assistance

We will respond to all requests within 30 days and verify your identity before processing any requests.

5. Data Security and Protection

We implement comprehensive security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security practices meet or exceed industry standards for financial services and donation platforms.

5.1 Technical Safeguards

  • • End-to-end encryption for all data transmission
  • • AES-256 encryption for data at rest
  • • PCI DSS Level 1 compliance for payment processing
  • • Multi-factor authentication for account access
  • • Regular security audits and penetration testing
  • • Automated threat detection and response systems

5.2 Access Controls

  • • Role-based access controls limiting staff access to necessary data
  • • Regular access reviews and permission audits
  • • Secure authentication for all system access
  • • Comprehensive audit logging of all data access
  • • Background checks for all employees with data access

5.3 Physical Security

  • • Data centers with 24/7 physical security monitoring
  • • Biometric access controls and security cameras
  • • Redundant power and network infrastructure
  • • Secure disposal of hardware containing sensitive data

5.4 Incident Response

  • • 24/7 security monitoring and incident response team
  • • Documented incident response procedures
  • • Breach notification procedures compliant with all applicable laws
  • • Regular security training for all staff members

5.5 Third-Party Security

  • • Due diligence reviews of all service providers
  • • Contractual security requirements for data processors
  • • Regular security assessments of third-party integrations
  • • Data processing agreements with all vendors
6. Data Breach Notification Procedures

While we implement robust security measures to prevent data breaches, we maintain comprehensive procedures to respond quickly and transparently if a security incident occurs.

6.1 Breach Detection and Assessment

  • • 24/7 automated monitoring for unauthorized access or data anomalies
  • • Immediate investigation of potential security incidents
  • • Risk assessment to determine the scope and impact of any breach
  • • Documentation of all incidents for regulatory compliance

6.2 Notification Timeline

Our Breach Notification Commitment:

  • • Within 72 hours: Notify affected users via email
  • • Within 72 hours: Report to relevant regulatory authorities
  • • Within 7 days: Post public notice on our website
  • • Ongoing: Provide updates as investigation progresses

6.3 Information Provided in Breach Notifications

  • • Date and time of the breach discovery
  • • Types of personal information potentially affected
  • • Steps we've taken to contain and remediate the breach
  • • Recommended actions for affected users
  • • Contact information for our dedicated breach response team
  • • Resources for identity protection and credit monitoring

6.4 User Support During Breaches

  • • Dedicated hotline for breach-related inquiries
  • • Free credit monitoring services when appropriate
  • • Identity theft protection resources
  • • Direct assistance with account security measures
  • • Regular updates via email and website announcements

6.5 Post-Breach Improvements

Following any security incident, we conduct thorough post-incident reviews to strengthen our security measures, update our procedures, and prevent similar incidents in the future. We are committed to transparency and will share relevant findings with our user community.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our platform, remember your preferences, and analyze usage patterns. You have control over these technologies through your browser settings and our cookie management tools.

7.1 Types of Cookies We Use

Essential Cookies (Required)

  • • Authentication and session management
  • • Shopping cart and donation tracking
  • • Security and fraud prevention
  • • Load balancing and performance optimization

Functional Cookies (Optional)

  • • Remember your preferences and settings
  • • Save your donation and card selections
  • • Customize your user experience
  • • Enable AI assistant features

Analytics Cookies (Optional)

  • • Understand how users interact with our platform
  • • Measure website performance and usage patterns
  • • Identify popular content and features
  • • Improve our services based on user behavior

7.2 Managing Your Cookie Preferences

  • • Use our cookie consent banner to set preferences
  • • Adjust settings in your browser to block or delete cookies
  • • Opt out of analytics tracking through your account settings
  • • Note: Disabling essential cookies may limit platform functionality

7.3 Third-Party Tracking

We do not use third-party advertising networks or social media tracking pixels. Any third-party cookies are limited to essential service providers like payment processors and security services, and we maintain strict contractual controls over their use of your data.

8. Data Retention

We retain your personal information only as long as necessary to provide our services, comply with legal obligations, and protect our legitimate interests. Different types of data have different retention periods based on legal requirements and business needs.

8.1 Account Information

  • • Active accounts: Retained while your account is active
  • • Closed accounts: 30 days after account closure (unless legal retention required)
  • • Login history: 2 years for security purposes
  • • Profile data: Deleted upon account closure or user request

8.2 Donation Records

IRS Compliance Notice:

Federal tax regulations require us to retain donation records for a minimum of 7 years. This includes donor information, donation amounts, dates, and charitable organization details necessary for Form 8283 and other tax documentation.

  • • Donation transactions: 7 years for IRS tax reporting compliance
  • • Donor information (name, address, email): 7 years for tax receipt purposes
  • • Payment information: Tokenized immediately, tokens retained for 7 years
  • • Tax receipts and acknowledgment letters: 7 years as required by IRS regulations
  • • Form 8283 data for non-cash donations over $5,000: 7 years
  • • Charitable organization EIN verification records: 7 years
  • • Recurring donation agreements: Duration of agreement plus 7 years

8.3 Greeting Card Data

  • • Card orders and delivery information: 2 years for customer service
  • • Recipient addresses: Until removed from your address book
  • • Personalized messages: Until card is delivered plus 30 days
  • • AI-generated content: Anonymized after 1 year for model improvement

8.4 Communication Records

  • • Customer support interactions: 3 years
  • • Email communications: 2 years
  • • Contact form submissions: 1 year
  • • Marketing preferences: Until you unsubscribe

8.5 Technical Data

  • • Website analytics: 26 months (Google Analytics standard)
  • • Server logs: 6 months
  • • Security logs: 2 years
  • • Cookies: As specified in individual cookie settings

8.6 Automated Deletion

We have implemented automated systems to delete data according to these retention schedules. You will receive notifications before any data deletion that might affect your access to historical records or tax documents.

9. International Data Transfers

Donator.Org is based in the United States, and your personal information is primarily processed and stored in the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

9.1 Safeguards for International Transfers

  • • EU-US Data Privacy Framework certification for transfers from the European Union
  • • Standard Contractual Clauses (SCCs) for countries without adequacy decisions
  • • Transfer Impact Assessments for each destination country
  • • Data processing agreements with all international service providers
  • • Regular assessments of transfer mechanisms and protections

9.2 EU-US Data Privacy Framework

For transfers from the European Union to the United States, we rely on the EU-US Data Privacy Framework, which provides adequate protection for personal data transfers. We maintain our certification and comply with the Data Privacy Framework Principles including notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.

9.3 Your Rights for International Transfers

If you are located in the European Union, United Kingdom, or other regions with specific data protection laws, you retain all rights under those laws regardless of where your data is processed. You can contact us for more information about the specific safeguards we use for international data transfers.

10. Children's Privacy

Donator.Org is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13. If we discover that we have collected personal information from a child under 13, we will promptly delete that information.

10.1 COPPA 2025 Compliance

We comply with the enhanced Children's Online Privacy Protection Act (COPPA) 2025 requirements, including:

  • • No collection of personal information from children under 13 without verifiable parental consent
  • • Enhanced protections for biometric identifiers and voice data
  • • Opt-in consent requirements for any third-party data sharing
  • • Age verification mechanisms to prevent underage access
  • • Immediate deletion of any inadvertently collected child data

10.2 Teen Users (13-17)

  • • Users aged 13-17 may use our platform with parental consent
  • • Parents can contact us to review, update, or delete their teen's information
  • • We apply additional privacy protections for teen users
  • • Donation capabilities may be limited for users under 18
  • • AI-generated content features require parental consent for users under 16

10.3 Parental Rights

Parents and guardians have the right to:

  • • Review personal information collected from their child
  • • Request deletion of their child's information
  • • Refuse further collection or use of their child's information
  • • Receive notice of our information practices

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@donator.org.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

11.1 California Consumer Rights

  • • Right to know what personal information is collected and how it's used
  • • Right to delete personal information (subject to exceptions)
  • • Right to correct inaccurate personal information
  • • Right to opt-out of the sale or sharing of personal information
  • • Right to limit the use of sensitive personal information
  • • Right to non-discrimination for exercising privacy rights

11.2 Categories of Information We Collect

  • • Identifiers (name, email, IP address)
  • • Financial information (payment details, donation amounts)
  • • Commercial information (donation history, preferences)
  • • Internet activity (website usage, interactions)
  • • Geolocation data (general location for service delivery)
  • • Sensitive personal information (precise geolocation, account credentials)

11.3 Sale and Sharing of Personal Information

Important Notice:

We do not sell or share your personal information for monetary consideration or cross-context behavioral advertising. We have not sold or shared personal information in the past 12 months.

11.4 Exercising Your California Rights

To exercise your California privacy rights, you can:

  • • Submit a request through our online form
  • • Email us at privacy@donator.org
  • • Call our privacy hotline at [phone number]
  • • Use an authorized agent (with proper verification)
12. State-Specific Privacy Rights

Several U.S. states have enacted comprehensive privacy laws that provide additional rights to their residents. If you are a resident of one of these states, you have the following rights:

12.1 Tennessee Information Protection Act (Effective July 1, 2025)

Tennessee residents have the right to:

  • • Access personal information we collect about you
  • • Delete personal information under certain circumstances
  • • Correct inaccurate personal information
  • • Opt out of targeted advertising and data sales
  • • Appeal our decisions regarding your privacy requests

12.2 Minnesota Consumer Data Privacy Act (Effective July 31, 2025)

Minnesota residents have the right to:

  • • Know what personal data we process and why
  • • Access and obtain a copy of your personal data
  • • Delete your personal data
  • • Correct inaccurate personal data
  • • Opt out of profiling and automated decision-making
  • • Data portability in a machine-readable format

12.3 Other State Privacy Rights

Residents of Virginia, Colorado, Connecticut, and Utah also have similar privacy rights under their respective state laws, including:

  • • Right to access and delete personal information
  • • Right to correct inaccurate information
  • • Right to opt out of targeted advertising and sales
  • • Right to appeal privacy request decisions

Exercising Your State Privacy Rights:

To exercise any of these rights, please contact us at privacy@donator.org or use our online privacy request form. We will verify your identity and state of residence before processing your request.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes through:

  • • Email notification to your registered email address
  • • Prominent notice on our website
  • • In-app notifications when you log in
  • • For significant changes, we may request your renewed consent

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. The "Last Updated" date at the top of this policy indicates when it was most recently revised.

Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree with any changes, you may close your account and stop using our services.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please don't hesitate to contact us:

Privacy Team

Email: privacy@donator.org

Response time: 48 hours

General Support

Email: support@donator.org

Response time: 24 hours

Mailing Address

Donator.Org Inc.

13504 NE 84th Street

Suite 103-420

Vancouver, WA 98682

United States

Thank you for trusting Donator.Org with your personal information. Together, we're making charitable giving more personal and impactful.
This Privacy Policy is effective as of July 2025
Patent Pending Revolutionary Ink Technology
Hand Selected Premium Quality Cardstock
AI Creates Perfect Card Messages
Revolutionary Robotic Handwriting Technology Available
Experience the Art of Luxury Giving
Elevate your charitable contributions with our premium handwritten cards. Each donation becomes a treasured keepsake, crafted with meticulous attention to detail using authentic Pilot G2 pens on luxury cardstock.
Start Giving Browse Cards Learn More
☀️ Summer Impact Special - Use code SUMMER20 for 20% off cards supporting education
© 2025 Donator.Org Inc.
Charities
Cards
About
Terms
Privacy