Givonit
Sign inGet started

Privacy Policy

Last updated: May 23, 2026

Givonit ("we," "us," or "our") operates the Givonit donation marketplace. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the choices you have.

1. Information We Collect

Information you provide directly

  • Account registration: your name, email address, and password when you create an account.
  • Nonprofit onboarding: organization name, EIN (Employer Identification Number), contact name, phone number, and shipping address(es). EINs, phone numbers, and address fields are encrypted at rest.
  • Payment details: we do not store card numbers. Payment information is processed directly by Stripe; we receive only a tokenized reference and transaction metadata (amount, timestamp, last-four digits).
  • Communications: messages you send to nonprofits or to our support team.
  • Self-reported confirmations: when you report that a purchase was made or an item was received.

Information collected automatically

  • Click history: when you follow an outbound link to a retailer we log a click record that includes the need you funded, the retailer, the timestamp, and a hashed device identifier. This enables affiliate-commission attribution.
  • Log data: IP address, browser type, pages visited, referrer URL, and session identifiers, collected through our server logs and Sentry error-monitoring service.
  • Cookies and similar technologies: session cookies (required for authentication) and analytics cookies (you may opt out via browser settings).

2. How We Use Your Information

  • Operate the platform and facilitate funding flows between donors and nonprofits.
  • Process tips and cash donations, generate IRS-compliant tax receipts, and issue refunds.
  • Attribute affiliate commissions from Amazon, Walmart, and Target to the correct click records.
  • Send transactional emails: account confirmation, receipt delivery, need-status updates, and security alerts.
  • Send SMS notifications if you have opted in (notifications only; no marketing).
  • Detect fraud, enforce our Terms of Service, and maintain security.
  • Improve the platform through aggregated, de-identified analytics.
  • Comply with legal obligations, including IRS record-keeping requirements for charitable receipts.

3. Information Sharing

We do not sell your personal information. We share it only as described below.

  • Stripe — payment processing for tips and cash donations. Stripe's privacy policy governs their handling of card data.
  • Resend — transactional email delivery (receipts, account emails).
  • Twilio — SMS notification delivery for opted-in users.
  • Sentry — error and performance monitoring. Sentry receives anonymized stack traces and may receive IP addresses in error payloads; we configure it to scrub PII from logs.
  • Cloudflare — CDN, DDoS protection, and R2 object storage for uploaded files (e.g., org logos). Cloudflare sees traffic metadata but not decrypted PII fields.
  • Amazon, Walmart, and Target (affiliate programs) — when you follow a funded-need link, the retailer receives standard web-referral data (referrer URL, affiliate tag). The retailer's own privacy policy governs what they collect after you arrive on their site.
  • Law enforcement or legal process — we may disclose information when required by law, subpoena, or court order.
  • Business transfers — if Givonit is acquired or merges, personal data may transfer to the successor entity; we will notify you before that occurs.

4. Data Retention

We retain account data for as long as your account is active. Financial records (transactions, receipts, commission ledger entries) are retained for seven years to comply with IRS and accounting requirements. Click records are retained for 18 months for affiliate-commission dispute resolution. Server logs are retained for 90 days.

Anonymized, aggregated analytics data (not linked to any individual) may be retained indefinitely.

5. Your Rights

  • Access and portability: you may request a copy of the personal data we hold about you.
  • Correction: you may update your name and email in account settings at any time.
  • Deletion: you may request account deletion by emailing support@givonit.com. We will delete your account and associated PII within 30 days, subject to retention obligations for financial records described above.
  • Opt-out of SMS: reply STOP to any text message or update your notification preferences in account settings.
  • California residents (CCPA): you have the right to know, delete, and opt out of sale of personal information. We do not sell personal information.

6. Security

We use AES-256-GCM encryption for sensitive fields stored in our database (EINs, phone numbers, addresses). All data in transit is protected by TLS 1.2+. We enforce multi-factor authentication for all organization administrators and platform staff. Despite these measures, no system is completely secure; please use a strong, unique password and enable MFA on your account.

7. Children

Givonit is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date above and, for material changes, notify you by email or prominent in-app notice.

9. Contact Us

Questions or requests regarding this policy: support@givonit.com