Legal

Data Policy

Last updated: March 2026

What donor data we collect

For each donation, we collect: full name, email address, mailing address, occupation and employer (for compliance), IP address and device information, legal attestation responses (e.g., citizenship, own funds, age verification), and payment information (processed and stored exclusively by Stripe).

Who can access donor data

Campaign and organization operators can access donor data for their own campaigns only. DonateTh.is staff may access data for platform operations, support, and compliance purposes. Stripe processes and stores payment card data — we never see or store card numbers.

Data retention

We retain donation records and donor data for a minimum of 5 years to comply with federal and state record-keeping requirements. After account deletion, we retain records as required by law and delete all other data within 90 days.

Data sharing

We never sell donor data. We share data only with: campaign operators (for their own donors), Stripe (for payment processing), service providers (SendGrid for email), and law enforcement (when legally required).

California Consumer Privacy Act (CCPA)

California residents have the right to know what personal information we collect, request deletion of their data (subject to legal retention), and opt out of data sales (we do not sell data). Contact privacy@donateth.is to exercise your rights.

International data transfers

Data is processed and stored in the United States. By using DonateTh.is, you consent to the transfer and processing of data in the U.S.