Effective Date: July 20, 2022
We exist to make it easier for nonprofits to receive donations from Donor Advised Funds (“DAF(s)”) over the web. This Policy covers our data collection and use practices, but not those of the nonprofits we support or the Donor Advised Fund administration platforms we integrate with. If you visit any external websites, including websites for nonprofits or DAF administration platforms, please consult the privacy policies of the external website to understand those parties’ data handling practices.
About Our Platform
This Policy covers a few different technologies Chariot operates, as well as the underlying systems and administration:
Our Website available at www.givechariot.com
The Chariot Connect widget installed on a third-party nonprofit website
A nonprofit account Dashboard showing donation history and details
Functionality that effects, tracks, and confirms your donation to a nonprofit
Services to operate these technologies and the underlying business to increase donations to nonprofits via DAF (the above list, collectively, our “Platform”)
Information We Collect and Categories of Sources
As explained in greater detail below, Chariot may collect the following:
Personal Identifiers such as your name, email address, phone number, and username;
Indirect Identifiers such as your IP address, geolocation, or device information;
Nonprofit Identifiers such as address and EIN number;
Payment Information - such as an ACH or credit card number and business address to enable payment of Chariot transaction fees on your account is collected by Stripe to pay nonprofit fees;
Credentials - for end users donating by Donor Advised Fund, the DAF platform they use, plus the account login, password and verification codes we may use to access your DAF platform and effect the donations you direct us to make;
Dashboard Credentials - for nonprofit customers who use Chariot Connect on their websites, username and password information which enable access to Chariot’s Dashboard;
Professional information - information about your employer and role as a nonprofit user for operators of nonprofit customer accounts; and
Donation Tracking Information such as date, amount, and donor name.
Information you provide.
Nonprofits can register to use Chariot’s Platform through our Website. When an individual user representing a nonprofit registers (in compliance with our Terms Of Service), they submit Personal Identifiers, Nonprofit Identifiers and Professional Information through our Website and create Dashboard Credentials. Dashboard Credentials allow you to install Chariot Connect on your non-profit’s website(s), whether directly or through a donation management platform software we integrate with.
DAF owners are our end users when they use Chariot Connect to make a donation with their DAF on a nonprofit’s website. In doing so, you provide us with Credentials and Identifiers that we use to deliver the Platform.
Information we collect from your DAF account.
We collect information from your DAF account to effect donations and offer tracking information to nonprofits about your gift. We use your account Credentials to access your DAF Account, confirm you have a sufficient balance to make the donation, and effect donations. We collect Donation Tracking Information in the process
All donations will be default anonymous. We’ll collect whichever of the following items of Donation Information that nonprofit has asked us to share in their Nonprofit Dashboard, which may include any of the following:
One-time or recurring donation
Nonprofit Payment Information. Your Payment Information is collected through Stripe functionality as your payment method. It is collected, stored, secured, and transmitted by Stripe to process transactions on our behalf.
Information we receive from your devices. We use Google Analytics on our Website to collect standard demographics about website visitors. We use Google Studio to analyze our own internal data and transactions on the Platform. Google Studio may have access to Identifiers as a part of this functionality. However, Chariot uses Google Studio transactions, total volume and transaction amounts, how users interact with our Platform, and session events. We may collect and store the IP address of a DAF User in connection with a donation.
Inferences we derive from the data we collect. We may use the information we collect about you to derive inferences, such as what types of DAF platforms have the most activity, or the amounts DAF owners generally donate, and at what frequency. We look for insights from our data that can help get nonprofits more support.
How We Use Your Information
We use your information to operate, maintain, secure, modify, and improve our products, new features for those products, and our related Services. This includes through the operation of our Chariot Connect widget for nonprofit websites. You can read more detail about Chariot Connect and how it functions, as well as what data it uses, here.
In addition to this general use, we specifically use:
Nonprofit Identifiers - to permit secure access to your Nonprofit Dashboard for authorized members of your organization.
Payment Information - to collect payment for our Services;
Credentials - to access your DAF Platform, initiate the donation you requested through Chariot Connect, to track that donation and verify it, and to record it in the Nonprofit Dashboard;
Dashboard Credentials - to allow secure access to your Nonprofit Dashboard;
Professional information - to securely administer nonprofit accounts; and
Donation Tracking Information to populate the Nonprofit Dashboard with donation records.
In the course of operating our Services, we may also use end user information to:
Prevent Fraud or Protect Privacy: As we find necessary and appropriate to help protect you, developers, our partners, Chariot, and others from fraud, malicious activity, and other privacy and security-related concerns.
Provide Support: To provide customer support to you, including to help respond to your inquiries.
Investigate Misuse and Misconduct: To investigate any misuse of our service, criminal activity, or other unauthorized access to our services.
For Legal Purposes: To comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims.
With Your Consent: For other notified purposes with your consent or at your direction.
How We Share Your Information
We share your information for a number of business purposes:
With the developer of the application you are using and as directed by that developer (such as with another third party if directed by you);
To enforce any contract with you;
With our data processors and other infrastructure and service providers, partners, or contractors in connection with the services they perform for us;
With your connected DAF Provider to effect and track a donation you’ve chosen to make;
With a nonprofit you’ve donated to as a DAF owner, to the extent you gave consent for the sharing of personally-identifiable Donation Tracking Information;
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
Between and among Chariot and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our partners, Chariot, and others; or
For any other notified purpose with your consent or at your direction.
Payment Information is shared by you directly with Stripe. Stripe uses your payment information to pay us and although we receive information from Stripe that allows us to determine which payments have been made by you, we do not receive your actual payment method details (like credit card number).
We may collect, use, and share your information in an aggregated, de-identified, or anonymized manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated, de-identified, or anonymized data based on the collected information to develop new services and conduct research to the extent permitted under applicable law.
We do not sell or rent personal information that we collect.
Our Retention and Deletion Practices
We may retain encrypted Credentials to process, track, and verify your requested donation.
We retain Nonprofit Identifiers, Professional Information and Dashboard Credentials (including for any new administrators on a nonprofit account) for as long as your account is operational.
We retain Donation Tracking Information for as long as the account of any nonprofit you donated to through Chariot is active.
Access to and Control Over Your Information
Please email us at firstname.lastname@example.org if you would like to know what information we hold about you, or would like personally identifiable information about you deleted from our systems. We will use reasonable efforts to fulfill your request as soon as practicable. We may need you to provide identifying information and/or Credentials to verify your identity before executing on such a request for the security of all of our users.
Securing Your Information
Transmissions to our servers from our Website (for example, those which create new nonprofit accounts) are secured with industry standard or above encryption both in transit and at rest. We use industry standard encryption on the cloud datastores and systems where we store Credentials non-Credential Identifiers, and Donation Tracking Information.
We maintain segmented storage of Credentials for an additional layer of security.
Chariot implements control measures designed to limit access to this information to personnel who have a business reason to know it and prohibits its personnel from unlawfully disclosing this information.
California Privacy Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of personal information to third parties for such third parties’ direct marketing purposes; however, Chariot does not share your information with third parties for direct marketing purposes.
User Privacy Rights
We offer all of our users certain options to exercise control over their information, regardless of their residency:
Right to Know: You have the right to request that we disclose to you the personal information about you we collect, use, or disclose, and information about our data handling practices with respect to your information;
Right to Request Deletion: You have the right to request that we delete personal information that we have collected from you; and
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
If you would like to exercise any of these rights, please email us at email@example.com and we’ll be happy to assist you
How We Secure Your Information
Like most applications today, we use cloud server infrastructure to run our App and Website. We license server spaces that encrypt data sent to the App and displayed by the App, both while “at rest” in our database and “in transit” between the App and those databases. Only we can access the database(s) we created to operate the App, and we do so only through a single executive account - even the owner of the database does not have access to the data we store there.
When we generate QR codes or links, we share these only with the user and device that requested them. You choose who to share it with from there.
Note that SSO information is controlled and accessed by the relevant SSO provider, such as Google or Facebook. Please refer to the privacy policies of these platforms for more information about how they operate their SSO.
While we take reasonable precautions against possible security breaches of the Website and our customer databases and records, no website or Internet transmission is completely secure, and we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to use caution when choosing what information to share with us, just in case.
Chariot’s Platform is not for use by minors. No Chariot functionality is intended for, and none should be used by, children younger than 13. We do not intentionally collect any information from or about persons under 13. In the event that we learn that we have inadvertently gathered personal information from children under the age of 13, we will use our best efforts to promptly erase such information from our records. If you believe we have inadvertently collected information about a minor 13 years or younger, please contact us at firstname.lastname@example.org with a description of the potential issue.
Changes To This Policy
We may update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on Chariot’s website at givechariot.com and update the effective date at the top of this Policy.
If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at email@example.com or by mail at:
Attn: Serfati, Privacy
850 7th Ave Suite 600
New York, NY 10024