Privacy Policy

PledgeAthon LLC ("PledgeAthon," "we," "us," or "our") operates www.pledgeathon.io and related services. This Privacy Policy explains what information we collect, how we use it, and what rights you have. PledgeAthon LLC is an Ohio limited liability company located at 12269 Scarlett Way, Concord Township, Ohio 44077.

PledgeAthon does not sell your data to any third parties under any circumstance.

Information You Provide

• Account information: Name, email address, phone number, and password
• Organization information: Organization name, type, and contact details
• Fundraiser information: Fundraiser names, descriptions, goals, and dates
• Participant information: Names provided by fundraiser organizers
• Donor information: Name, email, phone when making a donation
• Payment information: Collected and processed directly by Stripe
• Tax information: Employer Identification Number (EIN), legal entity name, and mailing address — collected from organizations participating in the TipShare program for IRS 1099-NEC reporting

Information Collected Automatically

• Usage data: Pages visited, features used, referral sources
• Device information: Browser type, operating system, device type
• IP address: For security, fraud prevention, anti-abuse, and conversion measurement (see Section 4 and Section 6)
• Meta advertising identifiers: When you visit our site, Meta's pixel sets a first-party cookie (_fbp) that identifies the browser to Meta's advertising platform. If you arrive via a Meta ad, a second cookie (_fbc) captures the click identifier. These are used for conversion measurement and to enable retargeting (see Section 6).

• Operate and improve the Platform
• Process donations and payouts through Stripe Connect
• Hold donated funds on behalf of organizers pending Stripe Connect onboarding, and issue automatic refunds to donors if the organizer fails to complete onboarding within the 90-day window described in the Terms of Service
• Share donation records (donor name, email, phone, amount, message, payment status) with the receiving organizer for donation processing, fundraiser management, and to enable the organizer to issue any tax acknowledgment it chooses to provide (PledgeAthon does not issue or verify tax acknowledgments — see Section 4 of our Terms of Service). Because organizers receive your contact information, they may contact you directly about future fundraisers, donation receipts, or related matters. PledgeAthon does not control those communications — to stop receiving messages from a specific organizer, contact them directly or use the unsubscribe link in their email. Donors who wish to hide their name and contact information from organizers can check the “Donate anonymously” option on the donation form
• Send SMS notifications to organizers (opt-in only)
• Send transactional emails (receipts, account notifications, held-donation reminders to organizers, auto-refund notifications to donors)
• Provide customer support
• Calculate and distribute TipShare payments to qualifying organizations
• File required IRS tax forms (1099-NEC) for organizations receiving TipShare payments exceeding $600 annually
• Detect and prevent fraud, spam, and abuse
• Measure conversions and build advertising audiences using Meta's Pixel and Conversions API (see Section 4). For donation events, we share a SHA-256-hashed version of donor contact fields (email, phone, name, and the billing city, state, zip, and country from the payment), the donor's IP address and browser user-agent, the Meta cookie identifiers described in Section 2, and the event details (the total transaction value including any platform tip, currency, and a unique event ID) with Meta to match the donation to a Meta account for attribution and future retargeting. Hashing means Meta does not receive the plain values of those contact fields.

We do not sell your personal data to third parties. We do not send unsolicited marketing emails. We do share certain information with Meta Platforms, Inc. for conversion measurement and advertising purposes as described in Section 4 and Section 10 — you may opt out of this sharing at any time (see Section 10).

We share data with the following service providers, only as necessary to operate the Platform:

• Stripe — Payment processing and TipShare payouts. Handles all credit card data and facilitates tip-share disbursements to organizations via Stripe Connect. We never store full card numbers. See Stripe's privacy policy.
• Resend — Email delivery. Receives email addresses to send transactional emails (receipts, notifications). See Resend's privacy policy.
• Twilio — SMS delivery for organizer notifications only. Receives organizer phone numbers to send opt-in SMS alerts. PledgeAthon does not send SMS to participants or donors. See Twilio's privacy policy.
• Vercel — Hosting. Our website and application run on Vercel's infrastructure. See Vercel's privacy policy.
• Neon — Database. Stores account, fundraiser, and pledge data. See Neon's privacy policy.
• Cloudflare Turnstile — Privacy-preserving bot and abuse protection on forms (pledge, signup, contact). Turnstile operates without tracking cookies and minimizes IP address usage; see Cloudflare's privacy policy.
• Google Analytics (Google LLC) — Anonymous usage analytics. PledgeAthon has disabled Google Analytics advertising features, Google Signals, and ad personalization, so analytics data is not used to build cross-site advertising profiles. See Google's privacy policy.
• Meta Platforms, Inc. — Conversion measurement and advertising audiences. We use the Meta Pixel (a small piece of JavaScript that runs in your browser) and Meta's Conversions API (a server-to-server channel) to measure how people interact with our site and to build audiences we can reach on Meta's platforms (Facebook, Instagram). For page views and similar browsing events we share event details and the Meta browser cookies (_fbp, _fbc) described in Section 2.
  
  When a donation is completed, we additionally share a SHA-256-hashed version of the donor's email address, phone number, and name, along with the billing city/state/zip/country from the payment, the donor's IP address and browser user-agent, the Meta cookie identifiers, and the transaction details (total value including any platform tip, currency, and a unique event ID).
  
  When an account is created(organizer signup), we share a SHA-256-hashed version of the account email, name, and the organization phone number (not a personal phone), together with the new account's IP address and browser user-agent, the Meta cookie identifiers, and the event details (event name and unique event ID — no donation amount is sent for registration events).
  
  In all cases Meta receives only the hashes, not the plain values of these contact fields. Meta uses this data to confirm conversions, to show relevant ads on Meta's platforms, and to build retargeting audiences of our site's visitors. Meta may use this data for the purposes described in its Business Tools Terms and Meta privacy policy, which may include using data (typically in aggregated or de-identified form) to improve Meta's own advertising products. You can opt out of this sharing — see Section 10.

Other than Meta (whose use is described above and in Section 10), none of these providers are authorized to use your data for their own marketing purposes.

PledgeAthon sends SMS messages only to organizers who have affirmatively opted in through a dedicated consent checkbox during account setup or in settings. Providing a phone number alone is not sufficient — a separate, explicit opt-in action is required. By checking the SMS consent box, you expressly consent to receive automated or prerecorded SMS messages from PledgeAthon in accordance with the Telephone Consumer Protection Act (TCPA).

• Message types: New donation alerts, fundraiser milestone notifications, payout confirmations, and account security alerts.
• Frequency: Varies based on account activity.
• Cost: Standard message and data rates may apply. PledgeAthon does not charge for SMS.
• Opt-out: Reply STOP to any message to unsubscribe. Reply HELP for help.
• Consent is not a condition of using the Platform. You can use PledgeAthon without providing a phone number.

PledgeAthon does not send SMS messages to donors or participants.

Session and login cookies. We use first-party cookies to keep you logged in, remember your preferences, and protect forms against abuse. Disabling these cookies will break core functionality of the Platform.

Analytics cookies. We use Google Analytics to understand site traffic and usage patterns. Google Analytics collects anonymous usage data such as page views, device information, and browser type. We have disabled Google's advertising features, Google Signals, and ad personalization, so this analytics data is not used to build cross-site advertising profiles. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Advertising cookies and trackers (Meta Pixel). We use the Meta Pixel — a first-party _fbp cookie and, for visitors who arrive via a Meta ad, a _fbc cookie — together with Meta's Conversions API (a server-side channel) for conversion measurement and to build advertising audiences we can reach on Meta's platforms (Facebook, Instagram). The data we share with Meta is described in Section 4. This is a form of "cross-context behavioral advertising" and "sharing" of personal information as those terms are defined under the California CCPA/CPRA.

How to opt out of Meta-related tracking on our site:

• Use your browser's built-in tracking-protection features, an ad blocker, or the Global Privacy Control (GPC) signal. PledgeAthon treats a detected GPC signal as a valid opt-out of sale/sharing for CCPA purposes.
• Adjust your ad settings inside Meta at facebook.com/adpreferences or use the Digital Advertising Alliance's opt-out page.
• Email support@pledgeathon.io with "Do Not Sell or Share" in the subject line. We will suppress Meta Pixel firing and CAPI sharing for your account and any future requests from the same email address.

Opting out of Meta-related tracking will not affect your ability to create an account, run a fundraiser, or receive donations. It will reduce the accuracy of Meta's conversion measurement for our platform and may reduce how often you see PledgeAthon ads on Meta.

PledgeAthon is not directed at children under 13. Account creation requires users to be 18+.

• Organizers may upload participant names that include minors (e.g., students in a school walk-a-thon). This information is provided by adult organizers, not by children directly.
• We display only first names and last initials on public pages to protect minors' privacy.
• We do not knowingly collect personal information directly from children under 13.
• We do not send SMS or marketing communications to minors.

If you believe a child under 13 has provided personal information directly to PledgeAthon, contact support@pledgeathon.io and we will delete it promptly.

We retain different categories of data for different periods based on operational need, legal obligation, and user expectations:

• Account data (name, email, phone, organization info): retained while the account is active, and up to 90 days after account closure to allow reactivation.
• Pledge and donation records: retained for a minimum of 7 years after the transaction date to satisfy tax, audit, and anti-fraud obligations.
• Tax records (EIN, legal name, mailing address, TipShare payment records): retained for a minimum of 7 years after the relevant tax year, as required by IRS regulations, even if an organization closes its account.
• SMS opt-in consent records: retained for a minimum of 4 years after consent is given or last message sent (whichever is later), to match the federal TCPA statute of limitations (28 U.S.C. § 1658) and FCC recordkeeping guidance.
• SMS delivery logs (message status, opt-out events): retained for 24 months for operational and dispute-resolution purposes.
• Authentication sessions: expire after 30 days of inactivity and are purged.
• Server logs (IP addresses, request metadata): retained for up to 90 days for security and debugging.
• Analytics data: retained per our Google Analytics configuration. Individual-event data is typically retained for the period selected in our GA4 property settings (currently 2 months of the GA4 default, or as configured).

Some data may be retained longer if required by law, by regulatory investigation, or to resolve disputes.

• You can review and update your personal information in your account settings.
• To request data deletion or export, email support@pledgeathon.io.
• We will respond to data access requests within 30 days.
• Some data may be retained for legal or compliance purposes (see Section 8).

If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), gives you the following rights regarding your personal information:

• Right to know: Request disclosure of the categories and specific pieces of personal information we collect, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: Request deletion of your personal information, subject to certain exceptions (e.g., transaction records required by law).
• Right to correct: Request correction of inaccurate personal information.
• Right to portability: Request a copy of your personal information in a portable, readable format.
• Right to opt out of sale or sharing: PledgeAthon does not sell your personal information for money. However, we do "share" personal information with Meta Platforms, Inc. for cross-context behavioral advertising as that term is defined under the CPRA — specifically, we share SHA-256-hashed contact information, IP address, user-agent, and Meta cookie identifiers to enable conversion measurement and retargeting on Meta's platforms (see Section 4 and Section 6). You have the right to opt out of this sharing. To opt out, use any of the methods described in Section 6 (Global Privacy Control signal, browser tracking protection, Meta ad preferences, or email support@pledgeathon.io with "Do Not Sell or Share" in the subject line). Opting out will not affect your account or your ability to use the Platform.
• Right to limit use of sensitive personal information: We do not use sensitive personal information for purposes beyond those permitted by the CCPA.
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

How to exercise your rights. Email support@pledgeathon.io with "California Privacy Rights" in the subject line. We will verify your identity using information already on file (such as your email address) before responding. Authorized agents may submit requests on your behalf with written authorization.

Shine the Light. California Civil Code § 1798.83 allows California residents to request information about third parties to whom we have disclosed personal information for the third parties' own direct marketing purposes. PledgeAthon does not disclose personal information to third parties for those third parties' own direct marketing purposes — our sharing with Meta Platforms, Inc. (described in Section 4 and Section 6) is for PledgeAthon's own advertising and conversion measurement purposes and falls outside the scope of Shine the Light.

PledgeAthon is operated from the State of Ohio, United States, and is intended for use by organizations and donors in the United States. The Platform is not marketed to, and is not intended for use by, residents of the European Economic Area, United Kingdom, or Switzerland. If you access the Platform from outside the United States, your information will be transferred to, stored, and processed in the United States.

If, notwithstanding the above, you are located in the EEA, UK, or Switzerland and have interacted with the Platform, you may have rights under the General Data Protection Regulation (GDPR) or equivalent laws, including rights of access, rectification, erasure, restriction, objection, data portability, and to lodge a complaint with a supervisory authority in your country. The data controller is PledgeAthon LLC, 12269 Scarlett Way, Concord Township, Ohio 44077, United States, contactable at support@pledgeathon.io. The legal basis for processing is: (a) your consent (for SMS and analytics); (b) performance of a contract (for fundraiser operations and donations); and (c) our legitimate interests in operating, securing, and improving the Platform (for fraud prevention, analytics, and account management).

Below is a quick reference. Your specific rights depend on your jurisdiction (see Section 10 for California, Section 11 for EEA/UK/Switzerland). The rights below apply to all users to the extent supported by applicable law:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data, subject to legal retention obligations (see Section 8)
• Portability: Request your data in a machine-readable format
• Opt-out: Opt out of SMS notifications (reply STOP) or non-essential emails anytime

Contact support@pledgeathon.io to exercise any of these rights.

We protect your data with HTTPS encryption, PCI-DSS compliant payment processing via Stripe, database encryption at rest, and industry-standard access controls. No method is 100% secure, but we use industry-standard practices to safeguard your information.

If PledgeAthon determines that your personal information has been acquired or accessed in an unauthorized manner, we will notify you as required by applicable law, including Ohio Rev. Code § 1349.19 and equivalent state and federal laws. Notice will generally be provided without unreasonable delay after confirmation of the breach and completion of any investigation required to determine the scope and restore system integrity, and in any case within the timeframes required by applicable law. Notice will describe, to the extent known, the categories of information affected, the date of the breach, and steps you can take to protect yourself.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Platform. Changes take effect on the date indicated at the top of this policy. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

PledgeAthon LLC
12269 Scarlett Way
Concord Township, Ohio 44077
United States
Email: support@pledgeathon.io
Website: www.pledgeathon.io