Here's how we handle your data:

  • We don't store or track you with cookies.
  • When you contribute, we retain your name, email address and phone number, date and time, four trailing credit card digits, contribution amount and a hash of our system's generated password that is securely emailed to you following your contribution.
  • We pass your personal and financial information to our merchant account management agencies to process your contributions. We do not retain your credit card information or your billing address on any of our systems. We also do not share it with anyone else besides our merchant account payment processing agencies.
  • When we receive a response from our merchant account agency that includes a transaction identifier, we retain that identifier along with your contribution amount in our systems.
  • We do not share your personal information with any third parties, except our counsel, contribution-processing associates, bookkeepers, accountants, auditors, banks, government agencies, and other partners upon whom we rely to facilitate our services.
  • When we do share your data, we do so securely and with utmost confidentiality. See our Security Policy below.
  • We may post your contributions in a manner whereby you alone will know that they are yours, and may include your initials, the date and time, the contribution amount and confirmation code. This enables us to discreetly confirm to you that your contribution was processed and recorded along with everyone else's.

How we secure your data:

  • As indicated above in our privacy policy, we do not retain your credit card numbers, card expiration dates or CVV numbers.
  • We do retain your name, surname, email address, phone number, system-assigned password hash when present, and contribution information including date and time, contribution amount, BIN, four trailing credit card digits, and transaction confirmation code.
  • All communication is secured by at least standard TLS 1.2 256-bit encryption protocols using a standard 2048-bit eliptic curve cryptology certificate. Our web server has been hardened by removing support for compromized ciphers, and validated secure as indicated here.
  • Email transmissions from our web server are similarly secured, and are further secured by SPIF and DKIM. Incoming email is handled for us by Zoho, also similarly secured.