Privacy Policy
Effective Date: May 10, 2024
Chariot values and prioritizes the privacy and security of its users. This Privacy Policy (“Policy”) is meant to help our users (“you” or the “user”) understand how we at Chariot (collectively, “Chariot”, “we”, “our”, and “us”) collect, use, and share your information to operate, improve, develop, and help protect our platform services, and as otherwise outlined in this Policy. Please read our full Policy carefully to better understand how we protect your privacy and security.
We exist to make it easier for nonprofits to receive donations from Donor Advised Funds (“DAF(s)”) over the web. This Policy covers our own data collection and use practices, but not those of the nonprofits we work with or the Donor Advised Fund administration platforms we integrate with. Please remember to consult the privacy policies of nonprofit’s websites you may choose to visit, and the privacy policies of any Donor Advised Fund administration platform you may choose to use, to understand those parties’ data handling practices.
About Our Platform
This Policy covers a few different technologies Chariot operates, as well as the underlying systems and administration:
-
Our Websites available at www.givechariot.com and dafpay.com
-
The DAFpay widget installed on a third party nonprofit website through which a DAF owner can donate to that nonprofit directly via DAF
-
A nonprofit account Dashboard showing donation history and details
-
Functionality that effects, tracks, and confirms your donation to a nonprofit
-
Services to operate these technologies and the underlying business to increase donations to nonprofits via DAF (the above list, collectively, our “Platform”)
Information We Collect and Categories of Sources
As explained in greater detail below, Chariot may collect the following:
-
Identifiers - such as your name, email address, phone number, and username;
-
Nonprofit Identifiers - such as an address and EIN number for a nonprofit;
-
Payment Information - such as an ACH or credit card number and business address to enable payment of Chariot transaction fees or subscription fees. This may be collected by Stripe;
-
Credentials - for end users donating by Donor Advised Fund, the DAF platform they use, plus the account login, password and verification codes we may use to access your DAF platform and effect the donations you direct us to make;
-
Dashboard Credentials - for nonprofit customers who use DAFpay on their websites, username and password information which enable access to Chariot’s Dashboard;
-
Professional information - information about your employer and role as a nonprofit user for operators of nonprofit customer accounts; and
-
Donation Tracking Information that we collect as a part of our services, such as date, amount, and donor name.
Information you provide.
Nonprofits can register to use Chariot’s Platform through our Website. When an individual end user representing a nonprofit (in compliance with our Terms Of Service) registers, they submit Identifiers and Professional Information about themselves and the nonprofit they represent through our Website and create Dashboard Credentials. This gives you access to the means to install DAFpay on your website(s), whether directly or through a donation management platform software we integrate with.
DAF owners are our end users when they use DAFpay to make a donation with their DAF on a nonprofit’s website. In doing so, you provide us with Credentials and Identifiers that we use to deliver Services.
DIRECT DATA COLLECTION
Personal data is only stored when voluntarily given by you for a determined purpose e.g. in context of a registration, a survey, a contest, or in performance of a contract. Your individual, identifiable, personal data will not be disclosed to third parties, without your consent.
PHONE NUMBERS
Any phone numbers collected through our site, whether through webform or other means, will be used exclusively to communicate with you regarding our services and will never be shared or sold to third parties for promotional or marketing purposes.
TELEPHONE COMMUNICATIONS WITH YOU
You agree that our company and its agents may call or text you at any phone number (landline or wireless) that you provide to us, using an automated dialing system and/or a prerecorded message, for marketing services and/or account-related purposes, such as appointment confirmations, service alerts, billing and collection issues or account recovery concerns. You can manage your contact preferences by emailing us, calling us, or replying to text messages with “HELP” for assistance or “STOP” to unsubscribe. Reply “START” to resubscribe. Message and data rates may apply.
Information we collect from your DAF account.
We collect information from your DAF account to effect donations and offer tracking information to nonprofits about your gift.
We use your account Credentials to access your DAF Account, confirm you have a sufficient balance to make the donation, and effect donations. We collect Donation Tracking Information in the process
All donations will pass the fund name by default. We collect information such as fund name, donor name, email, and address and present it to the donor. Information the donor elects to share on the modal is then shared with the nonprofit, which may include any of the following:
-
Donation Amount
-
Name
-
Fund Name
-
One time or recurring donation
-
Date
-
Donation Status
-
DAF Provider
Nonprofit Payment Information.
Your Payment Information is collected through Plaid, Stripe, or through another service. It is collected, stored, secured, and transmitted to process transactions on our behalf.
Our service uses Plaid Inc. ('Plaid') to securely connect your bank account. By using our service and linking your account through Plaid, you acknowledge and agree to Plaid’s Terms.
We also occasionally use the DAFpay Network (DPN) to disburse funds to end nonprofits. By using our service, you acknowledge and agree to DPN's Privacy Policy.
Information we receive from your devices. We use Wix on our Website to collect standard demographics about website visitors. We use Metabase, Mozart, and LogSnag to analyze our own internal data and transactions on the Platform. Metabase may have access to Identifiers as a part of this functionality. However, Chariot uses Metabase transactions, total volume and transaction amounts, how users interact with our Platform, and session events. We may collect and store the IP address of a DAF User in connection with a donation. When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout
Inferences we derive from the data we collect. We may use the information we collect about you to derive inferences, such as what types of DAF platforms have the most activity, or the amounts DAF owners generally donate, and at what frequency. We look for insights from our data that can help get nonprofits more support.
How We Use Your Information
We use your information to operate, maintain, secure, modify, and improve our products, new features for those products, and our related Services. This includes through the operation of DAFpay for nonprofit websites. You can read more details about DAFpay and how it functions, as well as what data it uses, here.
In addition to this general use, we specifically use:
-
Nonprofit Identifiers - to permit secure access to your Nonprofit Dashboard for authorized members of your organization;
-
Payment Information - to collect payment for our Services;
-
Credentials - to access your DAF Platform, initiate the donation you requested through DAFpay to track that donation and verify it, and to record it in the Nonprofit Dashboard;
-
Dashboard Credentials - for authorized nonprofit users to allow secure access to your Nonprofit Dashboard;
-
Professional information - to securely administer nonprofit accounts; and
-
Donation Tracking Information to populate the Nonprofit Dashboard with donation records.
In the course of operating our Services, we may also use end user information to:
-
Prevent Fraud or Protect Privacy: As we find necessary and appropriate to help protect you, developers, our partners, Chariot, and others from fraud, malicious activity, and other privacy and security-related concerns.
-
Provide Support: To provide customer support to you, including to help respond to your inquiries.
-
Investigate Misuse and Misconduct: To investigate any misuse of our service, criminal activity, or other unauthorized access to our services.
-
For Legal Purposes: To comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims.
-
With Your Consent: For other notified purposes with your consent or at your direction.
How We Share Your Information
We share your information for a number of business purposes:
-
With the developer of the application you are using and as directed by that developer (such as with another third party if directed by you);
-
To enforce any contract with you;
-
With our data processors and other infrastructure and service providers, partners, or contractors in connection with the services they perform for us;
-
With your connected DAF Provider to effect and track a donation you’ve chosen to make;
-
With a nonprofit you’ve donated to as a DAF owner, to the extent you gave consent for the sharing of personally-identifiable Donation Tracking Information;
-
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
-
In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
-
Between and among Chariot and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
-
As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our partners, Chariot, and others; or
-
For any other notified purpose with your consent or at your direction.
For Payment Information on subscription plans, you share it directly with Stripe to pay Chariot. Stripe uses it to pay us.
We may collect, use, and share your information in an aggregated, de-identified, or anonymized manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated, de-identified, or anonymized data based on the collected information to develop new services and conduct research to the extent permitted under applicable law.
We do not sell, rent, or license personal information that we collect.
Our Retention and Deletion Practices
We retain Nonprofit Identifiers, Professional Information and Dashboard Credentials (including for any new administrators on a nonprofit account) for as long as your account is operational, or otherwise required by law.
We retain Donation information for as long as the account of any nonprofit you donated to through Chariot is active, or otherwise required by law.
Stripe retains Payment Information for the duration of your account term with Stripe. Please see Stripe’s Terms of Service and Privacy Policy for details.
Access to and Control Over Your Information
Please email us at contact@givechariot.org if you would like to know what information we hold about you, or would like personally identifiable information about you deleted from our systems. We will use reasonable efforts to fulfill your request as soon as practicable. We may need you to provide identifying information and/or Credentials to verify your identity before executing on such a request for the security of all of our users.
Securing Your Information
Transmissions to our servers from our Website (for example, those which create new nonprofit accounts) are secured with industry standard or above encryption both in transit and at rest. We use industry standard encryption on the cloud datastores and systems where we store Credentials, non-Credential Identifiers, and Donation Information.
We maintain segmented storage of Credentials for an additional layer of security.
Please consult the Stripe or Plaid Privacy Policy for details about how Stripe or Plaid secures your Payment Information and complies with PCI-DSS standards with respect to that information.
Chariot implements control measures designed to limit access to this information to personnel who have a business reason to know it and prohibits its personnel from unlawfully disclosing this information.
Do Not Track
Our Website does not recognize Do Not Track signals. Nonetheless, we do not track Website visitors on any identifiable basis whatsoever.
California Privacy Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of personal information to third parties for such third parties’ direct marketing purposes; however, Chariot does not share your information with third parties for direct marketing purposes.
User Privacy Rights
We offer all of our users certain options to exercise control over their information, regardless of their residency:
-
Right to Know: You have the right to request that we disclose to you the personal information about you we collect, use, or disclose, and information about our data handling practices with respect to your information;
-
Right to Request Deletion: You have the right to request that we delete personal information that we have collected from you; and
-
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
If you would like to exercise any of these rights, please email us at contact@givechariot.com and we’ll be happy to assist you
How We Secure Your Information
Like most applications today, we use cloud server infrastructure to run our App and Website. We license server spaces that encrypt data sent to the App and displayed by the App, both while “at rest” in our database and “in transit” between the App and those databases.
Note that SSO information is controlled and accessed by the relevant SSO provider, such as Google or Facebook. Please refer to the privacy policies of these platforms for more information about how they operate their SSO.
While we take reasonable precautions against possible security breaches of the Website, DAFpay, and our customer databases and records, no website or Internet transmission is completely secure, and we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to use caution when choosing what information to share with us, just in case.
Chariot’s Platform is not for use by minors. No Chariot functionality is intended for, and none should be used by, children younger than 13. We do not intentionally collect any information from or about persons under 13. In the event that we learn that we have inadvertently gathered personal information from children under the age of 13, we will use our best efforts to promptly erase such information from our records. If you believe we have inadvertently collected information about a minor 13 years or younger, please contact us at contact@givechariot.com with a description of the potential issue.
Changes To This Policy
We may update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on Chariot’s website at givechariot.com and update the effective date at the top of this Policy.
Contacting Chariot
If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at contact@givechariot.com or by mail at:
Chariot Inc.
Attn: Chariot, Privacy
333 West 52nd St., Suite 1008
New York, NY 10019