CharityStack Privacy Policy
Effective Date: February 17, 2026
This Privacy Policy (“Policy”) describes how CharityStack, Inc. (“CharityStack,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you access or use our websites, web applications, mobile applications (including CharityStack Mobile POS), and related products and services (collectively, the “Services”).
By accessing or using the Services, you acknowledge the practices described in this Policy.
1. Scope and Applicability
1.1 Covered Individuals
This Policy applies to information collected from:
Nonprofit organizations using the Services (“Organizations”);
Representatives, employees, and administrators of Organizations;
Donors and other individuals interacting with donation forms, checkout workflows, or Mobile POS tools powered by CharityStack;
Visitors to charitystack.com and related resources.
1.2 Role of the Parties
In many cases, CharityStack acts as a service provider or data processor on behalf of Organizations. Organizations determine how donor data is collected and used in connection with their fundraising activities. CharityStack processes donor information in accordance with Organization instructions and applicable law.
2. Information We Collect
2.1 Information Provided by Organizations
When Organizations create or manage accounts, we may collect:
Organization name, EIN, and verification information;
Contact names, email addresses, and phone numbers;
Billing and payment information;
Account credentials and configuration settings.
2.2 Information Provided by Donors
When individuals make donations through CharityStack-powered web forms or Mobile POS tools, we may collect:
Name, email address, mailing address, and phone number;
Donation amount, frequency, fund designation, and related metadata;
Communication preferences;
Optional information provided in custom form fields;
Transaction identifiers and payment status details.
2.3 Payment Information
Payment transactions are processed through third-party payment processors, including Stripe and Stripe Terminal services. Payment card details are collected and processed directly by those providers in accordance with their own terms and privacy practices.
CharityStack does not store full card numbers or card security codes in its systems.
2.4 Automatically Collected Information (Web and App)
We and our service providers may automatically collect:
IP address and network metadata;
Browser type, operating system, and device model;
App version and technical identifiers;
Usage data, log files, and interaction data;
Crash reports, performance metrics, and diagnostics;
Event telemetry used for reliability, fraud prevention, and product improvement.
2.5 Location Data (Mobile POS)
If enabled by the Organization and permitted by the user, the Mobile POS app may request location access in connection with:
Tap to Pay setup and reader enablement;
Fraud prevention;
Payment compliance workflows;
Configuration of payment acceptance locations.
This may include precise location at the time of setup and derived address fields used for compliance and configuration.
2.6 Device Permissions and Capabilities
Depending on features used, the mobile application may request access to:
Location services;
NFC and Bluetooth functionality (for contactless payments);
Camera access (for card scanning or related payment features).
2.7 Cookies, SDKs, and Similar Technologies
We use cookies (on web properties) and SDKs or similar technologies (in mobile applications) to:
Maintain secure sessions;
Analyze usage trends;
Improve performance and reliability;
Support payment enablement and fraud detection;
Provide diagnostics and security monitoring.
Organizations may enable additional tools (such as analytics or marketing integrations). CharityStack does not control how Organizations configure third-party tools beyond the options provided within our Services.
3. How We Use Information
We use information to:
Provide, operate, and improve the Services;
Process donations and facilitate payment transactions;
Configure and support Tap to Pay and related payment features;
Verify organizational eligibility and manage accounts;
Communicate with Organizations and users;
Monitor, detect, and prevent fraud, abuse, or unlawful activity;
Debug service issues and improve reliability;
Comply with legal obligations;
Enforce our Terms of Service and related agreements.
We do not sell personal information.
We do not use app data for cross-app or cross-company targeted advertising tracking.
4. Legal Bases for Processing (Where Applicable)
Where required by law, we process personal data based on:
Performance of a contract;
Legitimate business interests;
Consent (where required);
Compliance with legal obligations.
Organizations are responsible for establishing an appropriate legal basis for collecting and using donor information in their fundraising activities.
5. Sharing and Disclosure of Information
We may share information:
With third-party payment processors to facilitate transactions;
With service providers that assist with hosting, security, analytics, diagnostics, customer support, and core operations;
When required by law, subpoena, or legal process;
To protect the rights, safety, or property of CharityStack, Organizations, donors, or the public;
In connection with a merger, acquisition, financing, or sale of assets.
We do not share donor information with other Organizations except as directed by the Organization collecting the donation.
6. Data Retention
We retain information for as long as necessary to:
Provide the Services;
Comply with legal, accounting, tax, and regulatory obligations;
Resolve disputes and enforce agreements.
Organizations may request deletion of account data, subject to applicable legal retention requirements.
7. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction.
No system is completely secure.
Organizations are responsible for:
Maintaining the confidentiality of account credentials;
Securing devices used to access the Services;
Managing internal access controls appropriately.
8. International Data Transfers
The Services are hosted in the United States. If you access the Services from outside the United States, you understand that information may be transferred to and processed in the United States.
9. Individual Rights
Depending on applicable law, individuals may have rights to:
Access personal information;
Correct inaccurate information;
Request deletion;
Object to or restrict processing;
Withdraw consent where processing is based on consent.
Donors should direct data-related requests to the Organization to which they donated. CharityStack will assist Organizations in responding where required by law.
Privacy requests may also be submitted to support@charitystack.com.
10. Children’s Privacy
The Services are not directed to children under 13. We do not knowingly collect personal information from children without appropriate consent.
11. App Store Privacy Disclosures
For mobile app distribution (including Apple App Store), CharityStack provides required app privacy disclosures describing:
Data categories collected;
Whether data is linked to users or devices;
Whether data is used for tracking;
Purposes of data collection.
These disclosures reflect current app behavior and may be updated if practices change. If material changes occur, this Policy and applicable app store disclosures will be updated accordingly.
12. Changes to This Policy
CharityStack may update this Privacy Policy from time to time. Updates will be posted with a revised effective date. Continued use of the Services after changes become effective constitutes acknowledgment of the updated Policy.
13. Contact Information
CharityStack, Inc.
1606 Headway Cir #9206
Austin, TX 78754
support@charitystack.com
By using CharityStack Services, including the web platform and Mobile POS application, you acknowledge that you have read and understood this Privacy Policy.
CharityStack Privacy Policy
Effective Date: February 17, 2026
This Privacy Policy (“Policy”) describes how CharityStack, Inc. (“CharityStack,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you access or use our websites, web applications, mobile applications (including CharityStack Mobile POS), and related products and services (collectively, the “Services”).
By accessing or using the Services, you acknowledge the practices described in this Policy.
1. Scope and Applicability
1.1 Covered Individuals
This Policy applies to information collected from:
Nonprofit organizations using the Services (“Organizations”);
Representatives, employees, and administrators of Organizations;
Donors and other individuals interacting with donation forms, checkout workflows, or Mobile POS tools powered by CharityStack;
Visitors to charitystack.com and related resources.
1.2 Role of the Parties
In many cases, CharityStack acts as a service provider or data processor on behalf of Organizations. Organizations determine how donor data is collected and used in connection with their fundraising activities. CharityStack processes donor information in accordance with Organization instructions and applicable law.
2. Information We Collect
2.1 Information Provided by Organizations
When Organizations create or manage accounts, we may collect:
Organization name, EIN, and verification information;
Contact names, email addresses, and phone numbers;
Billing and payment information;
Account credentials and configuration settings.
2.2 Information Provided by Donors
When individuals make donations through CharityStack-powered web forms or Mobile POS tools, we may collect:
Name, email address, mailing address, and phone number;
Donation amount, frequency, fund designation, and related metadata;
Communication preferences;
Optional information provided in custom form fields;
Transaction identifiers and payment status details.
2.3 Payment Information
Payment transactions are processed through third-party payment processors, including Stripe and Stripe Terminal services. Payment card details are collected and processed directly by those providers in accordance with their own terms and privacy practices.
CharityStack does not store full card numbers or card security codes in its systems.
2.4 Automatically Collected Information (Web and App)
We and our service providers may automatically collect:
IP address and network metadata;
Browser type, operating system, and device model;
App version and technical identifiers;
Usage data, log files, and interaction data;
Crash reports, performance metrics, and diagnostics;
Event telemetry used for reliability, fraud prevention, and product improvement.
2.5 Location Data (Mobile POS)
If enabled by the Organization and permitted by the user, the Mobile POS app may request location access in connection with:
Tap to Pay setup and reader enablement;
Fraud prevention;
Payment compliance workflows;
Configuration of payment acceptance locations.
This may include precise location at the time of setup and derived address fields used for compliance and configuration.
2.6 Device Permissions and Capabilities
Depending on features used, the mobile application may request access to:
Location services;
NFC and Bluetooth functionality (for contactless payments);
Camera access (for card scanning or related payment features).
2.7 Cookies, SDKs, and Similar Technologies
We use cookies (on web properties) and SDKs or similar technologies (in mobile applications) to:
Maintain secure sessions;
Analyze usage trends;
Improve performance and reliability;
Support payment enablement and fraud detection;
Provide diagnostics and security monitoring.
Organizations may enable additional tools (such as analytics or marketing integrations). CharityStack does not control how Organizations configure third-party tools beyond the options provided within our Services.
3. How We Use Information
We use information to:
Provide, operate, and improve the Services;
Process donations and facilitate payment transactions;
Configure and support Tap to Pay and related payment features;
Verify organizational eligibility and manage accounts;
Communicate with Organizations and users;
Monitor, detect, and prevent fraud, abuse, or unlawful activity;
Debug service issues and improve reliability;
Comply with legal obligations;
Enforce our Terms of Service and related agreements.
We do not sell personal information.
We do not use app data for cross-app or cross-company targeted advertising tracking.
4. Legal Bases for Processing (Where Applicable)
Where required by law, we process personal data based on:
Performance of a contract;
Legitimate business interests;
Consent (where required);
Compliance with legal obligations.
Organizations are responsible for establishing an appropriate legal basis for collecting and using donor information in their fundraising activities.
5. Sharing and Disclosure of Information
We may share information:
With third-party payment processors to facilitate transactions;
With service providers that assist with hosting, security, analytics, diagnostics, customer support, and core operations;
When required by law, subpoena, or legal process;
To protect the rights, safety, or property of CharityStack, Organizations, donors, or the public;
In connection with a merger, acquisition, financing, or sale of assets.
We do not share donor information with other Organizations except as directed by the Organization collecting the donation.
6. Data Retention
We retain information for as long as necessary to:
Provide the Services;
Comply with legal, accounting, tax, and regulatory obligations;
Resolve disputes and enforce agreements.
Organizations may request deletion of account data, subject to applicable legal retention requirements.
7. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction.
No system is completely secure.
Organizations are responsible for:
Maintaining the confidentiality of account credentials;
Securing devices used to access the Services;
Managing internal access controls appropriately.
8. International Data Transfers
The Services are hosted in the United States. If you access the Services from outside the United States, you understand that information may be transferred to and processed in the United States.
9. Individual Rights
Depending on applicable law, individuals may have rights to:
Access personal information;
Correct inaccurate information;
Request deletion;
Object to or restrict processing;
Withdraw consent where processing is based on consent.
Donors should direct data-related requests to the Organization to which they donated. CharityStack will assist Organizations in responding where required by law.
Privacy requests may also be submitted to support@charitystack.com.
10. Children’s Privacy
The Services are not directed to children under 13. We do not knowingly collect personal information from children without appropriate consent.
11. App Store Privacy Disclosures
For mobile app distribution (including Apple App Store), CharityStack provides required app privacy disclosures describing:
Data categories collected;
Whether data is linked to users or devices;
Whether data is used for tracking;
Purposes of data collection.
These disclosures reflect current app behavior and may be updated if practices change. If material changes occur, this Policy and applicable app store disclosures will be updated accordingly.
12. Changes to This Policy
CharityStack may update this Privacy Policy from time to time. Updates will be posted with a revised effective date. Continued use of the Services after changes become effective constitutes acknowledgment of the updated Policy.
13. Contact Information
CharityStack, Inc.
1606 Headway Cir #9206
Austin, TX 78754
support@charitystack.com
By using CharityStack Services, including the web platform and Mobile POS application, you acknowledge that you have read and understood this Privacy Policy.