Privacy Policy

Fundrly (“we,” “us”) is a giving platform built for nonprofits. Nonprofit organizations (“Organizations”) use Fundrly to accept donations on their websites, understand their giving funnel, and communicate with their donors. This policy explains what information we handle and how — both for Organizations that create Fundrly accounts and for donors who give through a Fundrly-powered form.

For Organization accounts, Fundrly is the data controller: we collect your name, email address, organization name, and sign-in credentials (a securely hashed password, or your Google account identity if you sign in with Google).

For donor information, Fundrly acts as a service provider (processor) on behalf of the Organization you give to. The Organization controls that data; we store and process it to provide them the service.

When you interact with a Fundrly giving form, we process:

Information you provide: your name, email address, optional phone number, and gift details (amount, frequency).

Giving-form activity:the steps of the form you complete, when you visit, the page the form was embedded on, and your device type. This lets the Organization understand where donors need help — including following up if you started a gift but didn't finish.

A donor identifierstored in your browser's local storage, so the Organization can recognize you as a returning supporter instead of treating every visit as a stranger's.

Payment information goes directly to Stripe, our payment processor — card numbers, Apple Pay, and Google Pay details never touch Fundrly's servers. Stripe is PCI-DSS Level 1 certified; see the Stripe Privacy Policy. Donations are processed through the Organization's own Stripe account.

To run the service: processing donations, sending donation receipts and tax summaries on the Organization's behalf, gift-reminder emails when a donation was started but not finished (with one-click opt-out), showing Organizations their giving analytics, and protecting the platform against fraud and abuse (for example, rate limiting by IP address).

If an Organization connects Google Analytics, we forward donation completion events (amount and an anonymous identifier — never your name or email) to the Organization's own Google Analytics property.

We never sell personal information, and we never use donor information to market unrelated products.

Fundrly uses a small number of strictly functional cookies: a session cookie to keep Organization users signed in, and short-lived cookies that secure sign-in flows (such as Google sign-in). We do not use advertising cookies or cross-site trackers. Donor recognition uses local storage scoped to Fundrly's own domain, as described above.

We share information only with the services that make Fundrly work:

Stripe (payment processing), Resend (email delivery), Neon (database hosting), Vercel (application hosting), and Google (only if you sign in with Google, or if an Organization connects Google Analytics). Each processes data only as needed to provide their service.

Donor information is, of course, shared with the Organization you donate to — it's their donor relationship. Organizations may sync donor and donation data to tools they connect (such as their email marketing platform or accounting software).

We may disclose information if required by law, or as part of a merger or acquisition (in which case this policy continues to apply to previously collected data).

Donors:every reminder email contains a one-click unsubscribe that stops reminder emails permanently (donation receipts still send when you give, since they're transactional). For access, correction, or deletion of your donor data, contact the Organization you gave to, or email us and we'll coordinate with them.

Organizations:you may export your donor data or delete your account by contacting us. Deleting your account deletes your organization's data from our systems, subject to legal retention requirements for financial records.

All traffic is encrypted in transit (TLS). Passwords are stored only as salted scrypt hashes. Sign-in links and reset tokens are single-use and stored hashed. We retain information for as long as the related Organization account is active, plus any period required for tax and financial-record compliance.

Fundrly is not directed at children under 13, and we do not knowingly collect their personal information. If you believe a child has provided us personal information, contact us and we will delete it.

We'll post any changes to this policy here and update the date above; material changes will be communicated to Organizations by email. Questions or requests: chase@fiveandtwo.co.