Privacy Policy

Protestant Project Fund ("we," "our," or "us") is committed to protecting the privacy of donors, Protestant organizations, and all visitors to our platform. This Privacy Policy explains what personal information we collect, how we use it, and the choices you have regarding your data. By using our platform, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use our services, you may provide:

• Account details: Full name, email address, and password (stored as a one-way bcrypt hash — we never store your plain-text password).
• Organization profile: Organization name, biography, and avatar image.
• Donation information: Your name (or "Anonymous" if you prefer), email address, donation amount, currency, and any message you choose to attach to a gift.
• KYC verification data: For organizations seeking payouts, we collect legal name, EIN/tax identification number, registered address, the name, title, email, and phone number of your authorized representative, and banking details (routing and account numbers). Routing and account numbers are encrypted at rest before storage.
• Identity documents: Organization representatives may upload supporting documents (e.g., 501(c)(3) determination letters) as part of the KYC review process.
• Two-factor authentication: If you enable 2FA, we store a TOTP secret associated with your account. We never have access to the codes your authenticator app generates.
• Project content: Title, description, images, videos, files, funding goal, and updates you publish to the platform.
• Support communications: Any messages you send to us by email or through our platform.

1.2 Information Collected Automatically

When you visit or use our platform, we automatically collect:

• Authentication session data: A signed JSON Web Token (JWT) stored in an HTTP-only cookie to keep you securely logged in.
• Log data: IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is retained for security, fraud prevention, and debugging purposes.
• Usage events: Actions such as sharing a project (we record the source of the share event) and viewing donation progress, to power platform analytics.
• Device information: General device type and screen size to deliver a responsive experience.

1.3 Information from Third Parties

• Stripe: When you donate or connect a bank account for payouts, our payment processor Stripe collects and processes payment card and banking data directly. We receive a Stripe customer ID, payment intent ID, and transaction status in return. We do not store full card numbers.

2. How We Use Your Information

We use personal information only for purposes consistent with operating a Protestant fundraising platform in a way that honors the trust our community places in us:

• Account management: Creating, authenticating, and maintaining your account, including email verification and two-factor authentication.
• Processing donations: Routing your gift to the correct project, recording donation history in your account, and providing receipts by email.
• KYC and payout processing: Verifying the identity and legitimacy of Protestant organizations before enabling payout functionality via Stripe Connect.
• Platform communications: Sending account verification emails, password reset links, donation receipts, project update notifications, and important platform announcements. We do not send unsolicited marketing.
• Platform improvement: Analyzing aggregated, anonymized usage patterns to improve features, fix bugs, and enhance the experience for donors and organizations.
• Security and fraud prevention: Detecting and responding to unauthorized access, abuse, or fraudulent activity.
• Legal compliance: Meeting applicable legal and regulatory obligations, including responding to valid legal process.

3. Sharing and Disclosure

We do not sell your personal information. We share data only in the following circumstances:

• Stripe: Payment and banking data is processed directly by Stripe, Inc. under Stripe's Privacy Policy. Stripe is PCI DSS Level 1 certified.
• Email service provider: We use a transactional email provider to deliver account and donation emails. This provider receives only the recipient address and message content necessary for delivery.
• Cloud infrastructure: Our hosting provider processes data on our behalf under a data processing agreement.
• Donation transparency: Donor names and amounts may be visible to the organization running a project, as well as to other donors on the project page (unless you choose "Anonymous" at the time of giving).
• KYC reviewers: Submitted KYC information is reviewed by authorized Protestant Project Fund administrators for the purpose of verifying organizations. It is not shared publicly.
• Legal requirements: We may disclose information if required by law, court order, or to protect the rights, property, or safety of our users or the public.
• Business transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred. We will notify users and honor the commitments made in this policy.

4. Data Security

We take the security of your data seriously and implement multiple layers of protection:

• Passwords are hashed with bcrypt — plain-text passwords are never stored or transmitted.
• Sessions use signed, HTTP-only JWT cookies, which are inaccessible to client-side JavaScript.
• Sensitive banking fields (routing and account numbers) are encrypted at rest using server-side encryption before being stored in the database.
• All data transmission occurs over HTTPS/TLS.
• Authentication endpoints implement rate limiting to protect against brute-force attacks.
• HTTP security headers are enforced via Helmet.js.
• Two-factor authentication (TOTP) is available to all users and required for high-risk operations.

Despite these measures, no system is completely secure. If you believe your account has been compromised, please contact us immediately.

5. Data Retention

We retain personal information for as long as necessary to provide our services and comply with legal obligations:

• Active accounts: Data is retained while your account is active.
• Closed accounts: After account deletion, we retain anonymized transaction records for financial and legal compliance for up to seven (7) years. Personally identifiable fields are deleted or anonymized within 30 days of your deletion request, subject to legal holds.
• KYC documents: Retained for a minimum of five (5) years following the conclusion of the organization's relationship with us, as required for anti-money-laundering compliance.
• Log data: Server logs are retained for up to 90 days.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate or incomplete information via your account settings or by contacting us.
• Erasure ("right to be forgotten"): Request deletion of your account and associated personal data, subject to legal retention requirements.
• Portability: Receive your personal data in a structured, machine-readable format.
• Objection / Restriction: Object to or request restriction of certain processing activities.
• Withdraw consent: Where we process data based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email us at privacy@protestantprojectfund.org. We will respond within 30 days. We may ask you to verify your identity before fulfilling the request.

California residents (CCPA): You have the right to know what personal information is collected, sold, or disclosed; the right to opt out of the sale of personal information (we do not sell personal information); and the right to non-discrimination for exercising your privacy rights.

7. Cookies and Tracking

We use essential cookies to operate the platform (primarily for authentication). See our Cookie Policy for full details on what cookies we set and how to manage them.

8. Children's Privacy

Protestant Project Fund is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will delete it promptly. If you believe a child has provided personal information to us, please contact us at privacy@protestantprojectfund.org.

9. International Data Transfers

Our platform is operated in the United States. If you access our services from outside the United States, your information will be transferred to and processed in the United States, which may have data protection laws different from your country. By using our platform, you consent to this transfer. Where required by law (e.g., the European Economic Area), we ensure appropriate safeguards are in place for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) or by posting a prominent notice on the platform before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of Protestant Project Fund after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us: