Skip to main content

National Fundraising Platform

Privacy Policy

This policy explains what personal data NFP collects, how it is used, and the rights available to users and organizations.

TermsPrivacyCookie PolicyAcceptable Use

Effective date: June 14, 2026

1. What we collect and why

  • Account data: names, email addresses, organization roles, MFA status, and authentication metadata to operate accounts and secure access.
  • Fundraising and volunteer data: donor records, volunteer applications, communications, and operational notes so organizations can manage programs and compliance.
  • Usage and device data: IP addresses, audit records, cookie identifiers, and security telemetry to prevent abuse and maintain service integrity.

2. How we use personal data

We use personal data to provide the service, authenticate users, support fundraising workflows, process privacy requests, investigate security events, improve reliability, and comply with legal obligations.

3. Who we share data with

We share data only as needed with service providers and subprocessors, including:

  • Stripe: payment tokenization, Stripe Connect onboarding, and settlement reporting.
  • Supabase: authentication, database, and secure managed infrastructure.
  • Firebase: optional hosting and application delivery infrastructure.

4. GDPR rights

Subject to applicable law, data subjects may request access, rectification, erasure, portability, restriction of processing, and objection to processing. NFP provides export and deletion workflows to support those rights.

5. CCPA rights

California residents may request to know, access, delete, and correct their personal information, opt out of any sale or sharing if applicable, and receive equal service without discrimination for exercising privacy rights. NFP does not sell personal information in the ordinary course of business.

6. Consent and cookies

We track the following consent categories where applicable:

  • Marketing emails
  • Analytics tracking
  • Data sharing with integrated processors
  • Cookie usage

See our Cookie Policy for more details on essential, analytics, and preference cookies.

7. Retention periods

Data typeClassificationRetention
public program contentPUBLICRetained while published and archived for historical reporting as needed.
org configurationINTERNALRetained for the duration of the customer relationship plus 7 years.
donor contact dataCONFIDENTIALRetained for 7 years to support tax, finance, and donor stewardship obligations unless deleted earlier.
volunteer applicationsRESTRICTEDRetained for 3 years after inactivity or sooner if deletion is required by law or policy.
audit logsRESTRICTEDRetained for 7 years with personal identifiers anonymized when erasure requests are fulfilled.
authentication dataRESTRICTEDRetained only for active accounts and removed or anonymized during account deletion workflows.

8. International transfers

If personal data is transferred across borders, we rely on contractual and technical safeguards such as standard contractual clauses and processor commitments where required.

9. Children's privacy

NFP is not directed to children under 13 and should not be used to knowingly collect personal information from children under 13 without legally sufficient authorization.

10. Complaints and contact

To exercise rights or contact our data protection point of contact, email privacy@nationalfundraisingplatform.com. If you believe your rights have been violated, you may file a complaint with your local supervisory authority or attorney general.