Effective Date: July 20, 2022
We exist to make it easier for nonprofits to receive donations from Donor Advised Funds (“DAF(s)”) over the web. This Policy covers our own data collection and use practices, but not those of the nonprofits we work with or the Donor Advised Fund administration platforms we integrate with. Please remember to consult the privacy policies of nonprofit’s websites you may choose to visit, and the privacy policies of any Donor Advised Fund administration platform you may choose to use, to understand those parties’ data handling practices.
About Our Platform
This Policy covers a few different technologies Chariot operates, as well as the underlying systems and administration:
The Website available at www.givechariot.com
The Chariot Connect widget installed on a third party nonprofit website through which a DAF owner can donate to that nonprofit directly via DAF
A nonprofit account Dashboard showing donation history and details
Proprietary functionality that effects, tracks, and confirms your donation to a nonprofit
Services to operate these technologies and the underlying business to increase donations to nonprofits via DAF
Information We Collect and Categories of Sources
As explained in greater detail below, Chariot may collect the following:
Identifiers - such as your name, email address, phone number, and username;
Nonprofit Identifiers - such as an address and EIN number for a nonprofit;
Payment Information - such as an ACH or credit card number and business address to enable payment of Chariot transaction fees on your account is collected by Stripe to pay nonprofit fees;
Credentials - for end users donating by Donor Advised Fund, the DAF platform they use, plus the account login, password and verification codes we may use to access your DAF platform and effect the donations you direct us to make;
Dashboard Credentials - for nonprofit customers who use Chariot Connect on their websites, username and password information which enable access to Chariot’s Dashboard;
Professional information - information about your employer and role as a nonprofit user for operators of nonprofit customer accounts; and
Donation Tracking Information that we collect as a part of our services, such as date, amount, and donor name.
Information you provide. Nonprofits can register to use Chariot’s Platform through our Website. When an individual end user representing a nonprofit (in compliance with our Terms Of Service) registers, they submit Identifiers and Professional Information about themselves and the nonprofit they represent through our Website and create Dashboard Credentials. This gives you access to the means to install Chariot Connect on your website(s), whether directly or through a donation management platform software we integrate with.
DAF owners are our end users when they use Chariot Connect to make a donation with their DAF on a nonprofit’s website. In doing so, you provide us with Credentials and Identifiers that we use to deliver Services.
Information we collect from your DAF account. We collect information from your DAF account to effect donations and offer tracking information to nonprofits about your gift.
We use your account Credentials to access your DAF Account, confirm you have a sufficient balance to make the donation, and effect donations. We collect Donation Information in the process.
We’ll collect whichever of the following items of Donation Information that nonprofit has asked us to share in their Nonprofit Dashboard, which many include any of the following:
One time or recurring donation
Nonprofit Payment Information. Your Payment Information is collected through Stripe functionality as your payment method. It is collected, stored, secured, and transmitted by Stripe to process transactions on our behalf.
Information we receive from your devices. We use Google Analytics on our Website to collect standard demographics about website visitors. We use Google Studio to analyze our own internal data and transactions on the Platform. Google Studio may have access to Identifiers as a part of this functionality. However, Chariot uses Google Studio transactions, total volume and transaction amounts, how users interact with our Platform, and session events. We may collect and store the IP address of a DAF User in connection with a donation.
Inferences we derive from the data we collect. We may use the information we collect about you to derive inferences, such as what types of DAF platforms have the most activity, or the amounts DAF owners generally donate, and at what frequency. We look for insights from our data that can help get nonprofits more support.
How We Use Your Information
We use your information to operate, maintain, secure, modify, and improve our products, new features for those products, and our related Services. This includes through the operation of our Chariot Connect widget for nonprofit websites. You can read more detail about Chariot Connect and how it functions, as well as what data it uses, here.
In addition to this general use, we specifically use:
Nonprofit Identifiers - to permit secure access to your Nonprofit Dashboard for authorized members of your organization;
Payment Information - to collect payment for our Services;
Credentials - to access your DAF Platform, initiate the donation you requested through Chariot Connect, to track that donation and verify it, and to record it in the Nonprofit Dashboard;
Dashboard Credentials - for authorized nonprofit users to allow secure access to your Nonprofit Dashboard;
Professional information - to securely administer nonprofit accounts; and
Donation Tracking Information to populate the Nonprofit Dashboard with donation records.
In the course of operating our Services, we may also use end user information to:
Help Prevent Fraud or Protect Privacy: As we find necessary and appropriate to help protect you, developers, our partners, Chariot, and others from fraud, malicious activity, and other privacy and security-related concerns.
Provide Support: To provide customer support to you, including to help respond to your inquiries.
Investigate Misuse and Misconduct: To investigate any misuse of our service, criminal activity, or other unauthorized access to our services.
For Legal Purposes: To comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims.
With Your Consent: For other notified purposes with your consent or at your direction.
How We Share Your Information
We share your information for a number of business purposes:
With the developer of the application you are using and as directed by that developer (such as with another third party if directed by you);
To enforce any contract with you;
With our data processors and other infrastructure and service providers, partners, or contractors in connection with the services they perform for us;
With your connected DAF Provider to effect and track a donation you’ve chosen to make;
With a nonprofit you’ve donated to as a DAF owner, to the extent you gave consent for the sharing of personally-identifiable Donation Information;
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
Between and among Chariot and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our partners, Chariot, and others; or
For any other notified purpose with your consent or at your direction.
For Payment Information, you share it directly with Stripe to pay Chariot. Stripe uses it to pay us.
We may collect, use, and share your information in an aggregated, de-identified, or anonymized manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated, de-identified, or anonymized data based on the collected information to develop new services and conduct research to the extent permitted under applicable law.
We do not sell or rent personal information that we collect.
Our Retention and Deletion Practices
We may retain encrypted Credentials for up to five days in order to process, track, and verify your requested donation, then delete them.
We retain Nonprofit Identifiers, Professional Information and Dashboard Credentials (including for any new administrators on a nonprofit account) for as long as your account is operational.
We retain Donation information for as long as the account of any nonprofit you donated to through Chariot is active.
Access to and Control Over Your Information
Please email us at email@example.com if you would like to know what information we hold about you, or would like personally identifiable information about you deleted from our systems. We will use reasonable efforts to fulfill your request as soon as practicable. We may need you to provide identifying information and/or Credentials to verify your identity before executing on such a request for the security of all of our users.
Securing Your Information
Transmissions to our servers from our Website (for example, those which create new nonprofit accounts) are secured with industry standard or above encryption both in transit and at rest. We use industry standard encryption on the cloud datastores and systems where we store Credentials (while in the 5 day use period), non-Credential Identifiers, and Donation Information.
We maintain segmented storage of Credentials for an additional layer of security.
Chariot implements control measures designed to limit access to this information to personnel who have a business reason to know it and prohibits its personnel from unlawfully disclosing this information.
Do Not Track
Our Website does not recognize Do Not Track signals. Nonetheless, we do not track Website visitors on any identifiable basis whatsoever.
California Privacy Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of personal information to third parties for such third parties’ direct marketing purposes; however, Chariot does not share your information with third parties for direct marketing purposes.
We still offer all of our users certain options to exercise control over their information, regardless of their residency:
Right to Know: You have the right to request that we disclose to you the personal information about you we collect, use, or disclose, and information about our data handling practices with respect to your information;
Right to Request Deletion: You have the right to request that we delete personal information that we have collected from you; and
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
If you would like to exercise any of these rights, please email us at firstname.lastname@example.org and we’ll be happy to assist you.
How We Secure Your Information
Like most applications today, we use cloud server infrastructure to run our App and Website. We license server spaces that encrypt data sent to the App and displayed by the App, both while “at rest” in our database and “in transit” between the App and those databases. Only we can access the database(s) we created to operate the App, and we do so only through a single executive account - even the owner of the database does not have access to the data we store there.
When we generate QR codes or links to add members to a Circle, we share these only with the user and device that requested them. You choose who to share it with from there.
Note that SSO information is controlled and accessed by the relevant SSO provider, such as Google or Facebook. Please refer to the privacy policies of these platforms for more information about how they operate their SSO.
While we take reasonable precautions against possible security breaches of the Website, PhotoCircle and our customer databases and records, no website or Internet transmission is completely secure, and we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to use caution when choosing what information to share with us, just in case.
Chariot’s Platform is not for use by minors
No chariot functionality is intended for, and none should be used by, children younger than 13. We do not intentionally collect any information from or about persons under 13. In the event that we learn that we have inadvertently gathered personal information from children under the age of 13, we will use our best efforts to promptly erase such information from our records. If you believe we have inadvertently collected information about a minor 13 years or younger, please contact us at email@example.com with a description of the potential issue.
Changes To This Policy
We may update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on Chariot’s website at givechariot.com and update the effective date at the top of this Policy.
If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at firstname.lastname@example.org or by mail at:
If you reside outside the EEA or UK:
Attn: Serfati, Privacy
1 W. 85th St.
New York, NY 10024