Privacy Policy

Last Updated: October 12, 2025

1. Introduction

Help Local ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our donation campaign management platform.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this Privacy Policy, please do not use our Service.

2. Information We Collect

2.1 Personal Information You Provide

When you register for an account or use our Service, we collect:

  • Account Information: Name, email address, password
  • Profile Information: Organization name, profile photo (if uploaded), team information
  • Campaign Information: Campaign titles, descriptions, images, and other content you create
  • Payment Information: Payment card details are collected and processed by Stripe (we do not store full card numbers)
  • Communication Data: Messages, support requests, and feedback you send to us

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Usage Data: Pages viewed, features accessed, time spent on pages, click data
  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Location Data: General location inferred from IP address
  • Cookies and Tracking Technologies: See Section 5 for details

2.3 Information from Third Parties

We may receive information from:

  • Stripe: Payment processing information, transaction status, customer IDs
  • MailerSend: Email delivery status, open rates, click rates
  • Nonprofit API: Organization verification data and nonprofit information

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

  • Create and manage your account
  • Process donations and recurring payments
  • Enable campaign creation and management
  • Send transactional emails (receipts, confirmations, notifications)
  • Provide customer support

3.2 Service Improvement

  • Analyze usage patterns to improve features and functionality
  • Monitor and analyze trends and user behavior
  • Detect and prevent fraud and abuse
  • Debug and fix technical issues

3.3 Communication

  • Send important account and security notifications
  • Notify you of service updates and changes
  • Respond to your inquiries and support requests
  • Send administrative information about your campaigns

3.4 Legal Compliance

  • Comply with legal obligations and regulations
  • Enforce our Terms of Service
  • Protect our rights and the rights of our users
  • Respond to legal requests and prevent harm

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on:

  • Contractual Necessity: Processing is necessary to perform our contract with you (providing the Service)
  • Legitimate Interests: We have legitimate business interests in improving our Service, preventing fraud, and ensuring security
  • Consent: You have given explicit consent for specific processing activities (e.g., marketing communications)
  • Legal Obligations: Processing is necessary to comply with legal requirements

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function (authentication, security, session management)
  • Analytics Cookies: Help us understand how you use the Service
  • Preference Cookies: Remember your settings and preferences

5.2 Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality.

We use cookies for:

  • Maintaining your logged-in session
  • Remembering your preferences
  • Analyzing Service usage and performance
  • Ensuring security and preventing fraud

6. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

6.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

  • Stripe: Payment processing and subscription management
  • MailerSend: Transactional email delivery
  • Hosting Providers: Secure data storage and application hosting
  • Analytics Services: Usage analytics and Service improvement

All service providers are contractually obligated to protect your data and use it only for specified purposes.

6.2 Campaign Information

When you create a public campaign:

  • Campaign content (title, description, images) is publicly visible
  • Donor names may be displayed if donors choose to be publicly acknowledged
  • Donation amounts may be visible depending on campaign settings

6.3 Legal Requirements

We may disclose information if required by law or in response to:

  • Legal processes (subpoenas, court orders)
  • Government or regulatory requests
  • Protecting our rights, property, or safety
  • Preventing fraud or illegal activities

6.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

7. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and fulfill the purposes described in this policy
  • Comply with legal obligations (tax, accounting, regulatory requirements)
  • Resolve disputes and enforce our agreements

When you delete your account:

  • We permanently delete or anonymize your personal information within 30 days
  • Some information may be retained for legal compliance (e.g., transaction records for tax purposes)
  • Backup copies may persist for up to 90 days before permanent deletion

8. Your Privacy Rights

8.1 Rights for All Users

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and personal data
  • Export: Download your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications

8.2 Additional Rights for EEA/UK Users (GDPR)

If you are located in the EEA, UK, or Switzerland, you also have:

  • Right to Restriction: Limit how we process your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

8.3 Exercising Your Rights

To exercise any of these rights:

  • Email us at [Your Privacy Contact Email]
  • Use the account settings in the Service
  • Contact support through the platform

We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: Data in transit is encrypted using SSL/TLS
  • Access Controls: Strict employee access controls and authentication requirements
  • Secure Storage: Data stored in secure, access-controlled environments
  • Regular Audits: Security assessments and vulnerability testing
  • Payment Security: PCI-DSS compliant payment processing through Stripe

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence. When we transfer data from the EEA to other countries, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses: EU-approved contract terms with service providers
  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Your Consent: Explicit consent for specific transfers when required

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us. We will delete such information from our systems.

12. Third-Party Links

Our Service may contain links to third-party websites and services (including Stripe). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

13. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature. Our Service does not currently respond to DNT signals, as there is no industry standard for how to respond to them.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at [Your Privacy Contact Email].

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective when posted on this page, with the "Last Updated" date revised.

For material changes, we will:

  • Notify you via email or Service notification
  • Require your consent if legally required
  • Provide advance notice when possible

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Help Local - Privacy Team Email: [Your Privacy Contact Email] Address: [Your Business Address]

Data Protection Officer (for EEA/UK users): Email: [DPO Email if applicable]

EU Representative (if applicable): [EU Representative Details]

Summary of Key Points

  • We collect information you provide and usage data to operate our Service
  • We use Stripe for payments and MailerSend for emails
  • We do not sell your personal information
  • You can access, correct, or delete your data at any time
  • We implement strong security measures to protect your information
  • You have specific rights depending on your location (GDPR, CCPA)

By using Help Local, you acknowledge that you have read and understood this Privacy Policy.