Chariot Privacy Policy
Effective Date: January 1, 2025
At Chariot we value and prioritize your privacy and security. This Privacy Policy (“Policy”) is meant to describe how Chariot Giving, Inc. (collectively, “Chariot”, “we”, “our”, and “us”) protects and manages the data of anyone we interact with (referred to as “you” or the “user”) across our “Services” (the combination of our Platform and Services as defined in our Terms of Service.)
In this Policy we’ll describe when and how we collect, use, and share your information to operate, improve, develop, and help protect our Services. Please read this Policy carefully to better understand how we protect your privacy and security. By continuing to use or access our Services, you are consenting to the practices described in this Policy.
While this Policy covers Chariot’s data collection and use practices, it does not govern the data privacy and security practices of the Nonprofits, Donor Advised Fund providers or other third-parties you may choose to use in conjunction with the use of our Services. Please remember to consult the privacy policies of those third-parties, including as posted on the nonprofit’s websites you may choose to visit, and by any Donor Advised Fund administration platform you may choose to use, to understand those parties’ data handling practices.
1. Information We Collect
As explained in greater detail below, Chariot may collect the following:
Personal Identifiers - such as your name, email address, phone number, birth date, government-issued identification number, social security number, employer, and job title, as well as other information you may be asked to provide when signing up for an Account or when engaging in certain transactions as part of our verification process, global anti-money laundering (AML) program and know your customer (KYC) obligations.
Nonprofit Identifiers - such as organization officers, articles of incorporation, official address, and EIN numbers for a nonprofit;
Payment Information - such as an ACH or credit card number and details on the owner of that Payment Method;
External Account information - such as the account and routing number, account owner, and account owner information for external bank accounts connected to your Chariot Account;
DAF Provider Donor Credentials - including DAF account username and password, only used as a one-time secure pass-through to allow a DAF Donor to access their DAF Provider portal via DAFpay and effect a donation to the Nonprofit of their choice in the moment they’re inspired to give;
Chariot Account Credentials - for Nonprofits who have a Chariot Account, username and password information which enables access to their Account;
Digital Banking Details - such as the account and routing number generated by our Bank Partner in conjunction with your creation of a Chariot Account;
Transaction Information - that we collect as a part of our Services, including via DAFpay, Linked Payers in connection with Chariot Processing, or Outbound Payments for Chariot Disbursements, such as date, amount, DAF provider used, donor name, email and address;
Database Information - such as details on donors or transactions as made available via CRM integrations in connection with advanced Chariot Processing features available with a Chariot Plus subscription;
Other Information - such as when you fill in a form on our website, respond to surveys, provide feedback, make a support inquiry, participate in promotions, or otherwise communicate with us.
Providing your personal information is optional, but it may be necessary for certain Services, such as opening a Chariot Account or initiating a gift via DAFpay. In such cases, if you do not provide your personal information, we may not be able to provide you with the requested Services.
We also check that you are using our Services legally and are eligible for the Services you want to use. We protect the Services from fraudsters who may put you, your data, or your money at risk. To do this, we may collect additional information about you from companies that help us verify your identity, prevent fraud or assess risk.
2. Sources Of Information We Collect
We collect information about you from the following categories of sources:
A. Directly
When you submit information to us or allow us to access information via manual input or via the devices you use and how you interact with our Services.
Information we receive from your devices. We use Wix on our Website to collect standard demographics about website visitors. We use Metabase, Mozart, and LogSnag to analyze our own internal data and transactions on the Platform. Metabase may have access to Identifiers as a part of this functionality. We may collect and store the IP address of a user in connection with a donation.
B. From DAF Providers
When you, as a Donor, use DAFpay to initiate a gift to a Nonprofit or as a Nonprofit User when you Link Payers to your Chariot Account as part of Chariot Processing so that we can help you aggregate your offline gift processing data and payments and streamline your workflows within your Chariot Account.
C. From Other Sources
We also collect information from other sources, including identity verification information from third-party identity verification services and publicly available sources, including Personal Identifiers and Nonprofit Identifiers. Other information we collect about you from third parties may be used for any investigation, eligibility, identity, or account verification process, fraud detection process, or collection procedure, or as may otherwise be required by applicable law or as needed to offer our Services.
Inferences we derive from the data we collect. We may use the information we collect about you to derive inferences, such as what types of DAF platforms have the most activity, or the amounts DAF owners generally donate, and at what frequency. We look for insights from our data that can help get nonprofits more support.
3. How We Use Your Personal Information
We use your information to operate, maintain, secure, modify, and improve our products, new features for those products, and our related Services. Chariot does not sell, rent, or license personal information that we collect. Our business model charges users directly for the value we provide, aligning our business incentives with our data privacy and security values. To learn more visit: https://www.givechariot.com/dafpay-security-standards
In general, we use your information to:
Operate, maintain, secure, modify, and improve our products, new features for those products, and our related Services;
Verify your identity;
Communicate with you about new and existing services;
Help protect us, you, our partners, the broader ecosystem of vendors and third party providers we work with, and others from fraud, malicious activity, and other privacy and security-related concerns;
Provide customer support to you, including to help respond to your inquiries;
Create aggregated de-identified datasets (by removing or masking information that could be used to identify you) and combining that with other information;
Investigate any misuse of our service, criminal activity, or other unauthorized access to our services;
Comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims;
For other notified purposes with your consent or at your direction.
It is likely we are using your personal information to provide our Services to you either in your capacity as a Nonprofit User or a DAFpay user.
A. For Nonprofit Users:
When an individual end user representing a nonprofit (in compliance with our Terms Of Service) registers to use Chariot’s Services through our Website, they submit Personal Identifiers and Nonprofit Identifiers about themselves and the nonprofit they represent. As part of this onboarding process, Nonprofits will be given Chariot Account Credentials in order to securely access their Chariot Account, and the related services made available therein.
Within your Chariot Account, we will display the Transaction Information for any gifts made to your organization, both for DAFpay gifts and for all gifts made from any of your Linked Payers. We also make available to authorized users details and the ability to edit your Payment Information as well as your External Account Information. If you are using Chariot Disbursements, we will also make the Transaction Information of any outbound payments you initiate visible to the appropriate users within your Chariot Account.
B. For DAFpay Users:
You are an end user of DAFpay when you use DAFpay to initiate a DAF donation to a nonprofit of your choice. In doing so, you may be asked to share your DAF Provider Donor Credentials to be used on a one-off basis so that we can let you access your funds and initiate a grant to a nonprofit of your choice immediately, right in the moment you are inspired to give. DAF Provider Donor Credentials are used to access your DAF Account, confirm you have a sufficient balance to make the donation, and affect your donation.
DAF Provider Donor Credentials are not stored by Chariot or any intermediary.
Chariot uses the DAF Provider Donor Credentials to establish a temporary session with the DAF Provider on behalf of the donor. We implement industry-standard encryption and secure session management with all session-based data records deleted after the single session use. In other words, DAFpay is simply acting as a one-time pass-through so that you can initiate gifts from your DAF account. Please visit Chariot’s security center at www.givechariot.com/security to learn more about Chariot’s best-in-class security practices.
When initiating a DAFpay gift, you are given the option to provide personal information such as your name, email address, and mailing address to the nonprofit you are donating to. Chariot shares this Transaction Information, as well as required gift specific information such as the donation amount, fund name, frequency of the donation (one-time or recurring), transaction date, donation status, and DAF provider with the nonprofit so that they can better track and identify your donation. DAFpay is sometimes presented as a payment option within a third party fundraising platform, often as embedded by a nonprofit on their website, in which case this Transaction Information will also be shared with the fundraising platform or payment processor for the nonprofit’s use.
In addition to this general use, we specifically use:
Personal Identifiers and Nonprofit Identifiers - to verify users and permit secure access to your Chariot Account for authorized members of your Nonprofit;
Payment Information - to collect payment for our Services including as collected through Stripe to process transactions on our behalf;
External Account Information - to facilitate withdrawals by you, or if you are using Chariot Disbursements, to fund your Chariot Account for payments out to Nonprofits;
DAF Provider Donor Credentials - to facilitate a one time secure pass through to allow you to access your DAF Provider and effect a donation to the Nonprofit of your choice at the moment you’re inspired to give;
Chariot Account Credentials - to allow authorized users of your nonprofit to securely access your Chariot Account;
Digital Banking Details - to update your digital bank address for Payers so that they can send you payments and data electronically as made available within your Chariot Account;
Transaction Information - to allow you to see the data related to the gifts you’ve received via DAFpay or any Linked Payers within your Nonprofit Chariot Account and to communicate with the DAFpay Network to disburse funds to end nonprofits when applicable (see DPNs Privacy Policy here);
Database Information - to enrich the Transaction Information displayed in your Chariot Account with automated tagging as requested by you.
C. Phone Number Collection and Use
Any phone numbers collected through our site, whether through webform or other means, will be used exclusively to communicate with you regarding our services and will not be shared or sold to third parties for promotional or marketing purposes.
You agree that our company and its agents may call or text you at any phone number (landline or wireless) that you provide to us, either directly or by using an automated dialing system and/or a prerecorded message, for marketing services and/or account-related purposes, such as appointment confirmations, service alerts, billing and collection issues or account recovery concerns. You can manage your contact preferences by emailing us, calling us, or replying to text messages with “HELP” for assistance or “STOP” to unsubscribe. Reply “START” to resubscribe. Message and data rates may apply.
4. How We Share Your Information
We share your information for a number of necessary business purposes:
With your connected DAF Provider to effect and track a donation you’ve chosen to make;
With your designated Nonprofit, to the extent you’ve specified what personally-identifiable Transaction Information you want to share;
With any third party platforms or developers, including fundraising platforms and CRMs, where you may be using our integrating our technology;
With our data processors and other vetted infrastructure and service providers, partners, or contractors in connection with the services they perform for us;
With payment processors, such as Stripe, so that they can facilitate payments from you to us for any Fees owed;
With identity verification and validation services as necessary to verify your personal and business identity and perform other compliance functions including transaction monitoring;
Financial institution partners to support their customer identification, risk and compliance programs, and so they can determine eligibility for, and provide, products and services to our Nonprofit customers through Chariot’s technology;
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
Between and among Chariot and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our partners, Chariot, and others; or
To enforce any contract with you;
For any other notified purpose with your consent or at your direction.
5. Our Retention and Deletion Practices
We retain Personal Identifiers and Nonprofit Identifiers as well as Chariot Account Credentials and Digital Banking Details for as long as your account is operational and for five years after your account is closed, or as otherwise required by a third party or by law.
We retain Transaction Information for as long as the account of any nonprofit you donated to through Chariot is active and for five years after account closing, or as otherwise required by law.
Stripe retains Payment Information for the duration of your account term with Stripe. Please see Stripe’s Terms of Service and Privacy Policy for details.
Please email us at compliance@givechariot.com if you would like to know what information we hold about you, or would like personally identifiable information about you deleted from our systems and we can provide a CSV or Excel file. We will use reasonable efforts to fulfill your request as soon as feasible. We may need you to provide identifying information and/or either DAF Provider Donor Credentials or Chariot Account Credentials to verify your identity before executing such a request for the security of all of our users.
6. How We Keep Your Information Secure
We design our systems with your security and data protection in mind. Please visit our security center at https://trust.givechariot.com/ to see more details on the wide variety of security controls we’ve implemented as part of our detailed trust and compliance programs.
Like most applications today, we use cloud server infrastructure to run our Services. We license server spaces that encrypt data sent to your Chariot Account and to DAFpay, both while “at rest” in our database and “in transit” between our Services and those databases.
We maintain segmented storage of all Credentials for an additional layer of security.
We’ve implemented control measures designed to limit access to any sensitive information to personnel who have a business reason to see it and prohibit our teammates from unlawfully disclosing any such information.
While we take meaningful precautions against possible security breaches for our Services and underlying data and records, no website or Internet transmission is completely secure, and we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur.
7. User Choices and Rights
We offer all of our users certain options to exercise control over their information, regardless of their residency:
Right to Know: You have the right to request that we disclose to you the personal information about you we collect, use, or disclose, and information about our data handling practices with respect to your information;
Right to Request Deletion: You have the right to request that we delete personal information that we have collected from you; and
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
If you would like to exercise any of these rights, please email us at compliance@givechariot.com and we’ll be happy to assist you.
Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to "Do Not Track" signals. When you visit our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of this tracking and of any related advertising by visiting https://app.retention.com/optout.
8. Children’s Personal Information
Chariot’s Platform is not for use by minors. No Chariot functionality is intended for, and none should be used by, children younger than 16. We do not intentionally collect any information from or about persons under 16. In the event that we learn that we have inadvertently gathered personal information from children under the age of 16, we will use our best efforts to promptly erase such information from our records. If you believe we have inadvertently collected information about a minor 16 years or younger, please contact us at contact@givechariot.com with a description of the potential issue.
9. California Privacy Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of personal information to third parties for such third parties’ direct marketing purposes; however, Chariot does not share your information with third parties for direct marketing purposes.
10. Changes To This Privacy Policy
We may update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on Chariot’s website at givechariot.com and update the effective date at the top of this Policy. When the changes impact how we use your data in important ways, we will provide you with notice within 30 days of a material change if we have an email on file for you. We will also send you this notice annually for your continued reference. If you keep using our Services, you consent to any amendment of this Policy.
11. Contacting Chariot
If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at contact@givechariot.com or by mail at:
Chariot Inc.
Attn: Chariot, Privacy
333 West 52nd St., Suite 1008
New York, NY 10019