Privacy Policy

Last Updated: December 10, 2025

1. Introduction

Welcome to Donation Transparency ("we," "our," or "us"). We operate a platform dedicated to radical financial transparency for charitable and political fundraising. By using our website (donationtransparency.org, app.donationtransparency.org) and services, you agree to the collection and use of information in accordance with this policy. This policy should be read in conjunction with our Terms of Service.

IMPORTANT NOTICE: PUBLIC NATURE OF YOUR DATA

Our service is unique. It is designed specifically to make financial data public. By connecting your bank account via Plaid, YOU EXPLICITLY AGREE AND ACKNOWLEDGE THAT YOUR TRANSACTION DATA WILL BE PUBLISHED PUBLICLY ON THE INTERNET.

This specifically includes:

  • Historical Data: Connecting a bank account immediately publishes up to 90 days of PAST transaction history.
  • Sensitive Transactions: Payments to medical providers, religious institutions, political groups, or adult services will be visible.
  • Transaction Memos: Bank memos often contain personal notes or names. These are published "as is."

If you do not wish for this level of transparency, DO NOT connect your accounts to our platform.

2. Information We Collect

A. Information You Provide Directly

  • Account Information: When you register, we collect your name, email address, password, and profile information.
  • Public Profile Generation: We use Artificial Intelligence (Gemini) to assist in generating your profile description based on publicly available information.
    • Disclaimer: You are solely responsible for reviewing AI-generated content.
    • AI Training: We utilize enterprise API agreements that explicitly prohibit your data from being used to train Google's public AI models.
  • Verification Data: We may collect information to verify your identity as required by our partners (Stripe/Plaid).

B. Financial Data (The "Transparency Engine")

We integrate with third-party financial services to provide our core transparency features:

  • Transactions (via Plaid): When you link a bank account via Plaid, we retrieve transaction details: Merchant Name (e.g., "Starbucks", "Delta Airlines"), Amount, Date, Category, and Memos. All of this information is displayed publicly on your profile.
  • Donations (via Stripe): We collect data on donations received, including amounts and timestamps.

C. Donor Information

If you donate to a user on our platform:

  • Payment Data: All payment processing is handled directly by Stripe. We do NOT store your full credit card number or CVV.
  • Identity: We receive donor details provided to Stripe (e.g., name, email).
  • Privacy: Unlike Receiver transaction data, Donor Names are NOT publicly displayed on our platform.

D. Cookie Policy (Essential Only)

We use a minimal number of cookies strictly necessary for the operation of our platform:

  • Authentication Cookies: To keep you logged in during your session.
  • Security Cookies: To prevent Cross-Site Request Forgery (CSRF).

We do NOT use non-essential cookies for advertising, tracking, or marketing analytics.

3. How We Use Your Information

We use your data for the following purposes:

  1. To Provide the Public Service: Displaying your transaction history to the world (as requested by you for transparency).
  2. Processing Donations: Facilitating payments via Stripe.
  3. Content Assistance: Using AI to help draft your public profile based on public data.
  4. Communication: Sending transaction summaries, security alerts, and platform updates.
  5. Security & Compliance: Detecting fraud and ensuring account integrity.

4. Information Sharing and Disclosure

A. The General Public

This is the core function of our service. The transaction data from connected "Receiver" accounts is accessible to anyone visiting your public profile page.

B. Service Providers

We share data with trusted third parties solely to operate our platform:

  • Stripe: Payment processing and identity verification.
  • Plaid: Connecting bank accounts and retrieving transaction data.
  • AWS (Amazon Web Services): Secure cloud hosting and database storage.

We do not sell your personal data to advertisers or data brokers.

C. Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

D. Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.

5. Data Retention, Disconnection, and "Internet Memory"

  • Disconnection (Stopping the Flow): You may disconnect a bank account at any time. This stops new transactions from appearing. However, existing imported transactions remain on your profile until you delete them or your account.
  • Platform Deletion (Wiping the Source): You may request the deletion of your account from our live servers at any time. We will remove your profile and wipe all data from our database.
  • Irrevocable Public Data ("Internet Memory"): Because our service publishes data to the open web, we cannot control or delete copies of your data that may have been scraped, archived (e.g., Internet Archive), or screenshotted by third parties while your profile was active. Once data is public, it may remain public elsewhere indefinitely.

6. Data Security

We employ rigorous security protocols and industry-standard measures to protect your data:

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
  • Partner Security: Sensitive financial credentials are never stored on our servers. They are handled directly by Plaid and Stripe, who maintain SOC 2 and PCI DSS compliance.
  • Access Controls: Access to personal data is restricted to authorized personnel who need it to operate the service.

Breach Notification: In the event of a data breach that compromises your personal information, we will notify you and relevant authorities within 72 hours of becoming aware of the breach, in accordance with applicable laws.

7. International Data Transfers

Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we share it. By using the Services, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules than those of your country.

8. Your Rights (GDPR & CCPA)

A. General Rights (US & International)

You have the right to access, correct, or delete your personal information held by our live systems.

B. GDPR (European Economic Area)

If you are located in the EEA, you have the following additional rights:

  • Legal Basis: We process your data based on your Consent (for public transparency), Contractual Necessity (to process donations), and Legitimate Interest (for fraud detection and security).
  • Right to Withdraw Consent: You may withdraw consent for data syncing at any time by disconnecting your accounts.
  • Data Portability: You have the right to request a copy of your data in a structured, machine-readable format.
  • Complaints: You have the right to lodge a complaint with a Data Protection Authority.

C. CCPA (California Residents)

If you are a California resident:

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., where retention is necessary for transaction records or public interest).
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Do Not Sell: We do not sell your personal data.

9. Children's Privacy

Our Service is strictly for individuals 18 years or older. We do not knowingly collect personally identifiable information from anyone under the age of 18.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: support@donationtransparency.org

We aim to respond to all inquiries within 5 business days.