Privacy Policy

Effective Date: August 15, 2025
This Privacy Policy explains how Pendly ("we," "us," or "our") collects, uses, stores, and shares your information when you use our website and services.

1. Information We Collect

Personal Information:

  • Name, email address, and business information when you create an account
  • Business name, description, and contact details when creating campaigns
  • Donation amounts and transaction history
  • Profile information and preferences
  • Communications with us (emails, support requests)

Payment Information:

  • Payment processing is handled securely by Stripe
  • We do not store your full credit card numbers or payment details
  • Stripe may store payment information in accordance with their privacy policy
  • We receive transaction confirmations and payment status from Stripe

Technical Data:

  • IP address, device information, and browser type
  • Usage analytics and website interaction data
  • Cookies and similar tracking technologies
  • Server logs and error reports

2. How We Use Your Information

  • Account Management: Create and manage your account, verify your identity
  • Payment Processing: Process donations and payments through Stripe
  • Communication: Send you notifications, updates, and support messages
  • Service Improvement: Analyze usage patterns to improve our platform
  • Security: Detect and prevent fraud, abuse, and security threats
  • Legal Compliance: Comply with applicable laws and regulations
  • Business Operations: Manage our platform and provide customer support

3. How We Share Your Information

  • Service Providers: We share data with trusted third-party services:
    • Stripe (payment processing)
    • Firebase (database and authentication)
    • Vercel (hosting and analytics)
    • SendGrid (email services)
  • Legal Requirements: We may disclose information if required by law or to protect our rights
  • Business Transfers: In case of merger, acquisition, or sale of assets
  • Public Information: Business names and campaign information may be publicly visible
  • We Never Sell: We do not sell, rent, or trade your personal information to third parties

4. How We Store and Protect Your Information

  • Secure Storage: Data is stored using industry-standard security measures
  • Encryption: We use encryption to protect data in transit and at rest
  • Access Controls: Limited access to personal information on a need-to-know basis
  • Data Location: Data is primarily stored in the United States
  • Retention: We retain data as long as necessary to provide services or comply with legal obligations
  • Security Measures: Firewalls, secure servers, and regular security audits
  • Compliance: We comply with applicable data protection laws including NY SHIELD Act

5. Cookies and Tracking Technologies

  • Essential Cookies: Required for basic website functionality
  • Analytics Cookies: Help us understand how users interact with our site
  • Third-Party Services: Vercel Analytics and similar services may use cookies
  • Cookie Management: You can control cookies through your browser settings
  • Do Not Track: We respect Do Not Track signals from your browser

6. Children's Privacy (COPPA Compliance)

  • Age Requirement: Pendly is not intended for children under 13 years old
  • No Collection: We do not knowingly collect personal information from children under 13
  • Parental Rights: If we discover we have collected data from a child under 13, we will delete it
  • Contact Us: Parents can contact us if they believe their child has provided us with personal information

7. Your Rights and Choices

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request a copy of your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Account Settings: Update your preferences through your account settings
  • Contact: Exercise these rights by contacting us at support@pendly.org

8. International Data Transfers

  • Primary Location: Your data is primarily processed and stored in the United States
  • Third-Party Services: Some service providers may process data in other countries
  • Adequate Protection: We ensure adequate protection for international data transfers
  • GDPR Compliance: For EU users, we comply with GDPR requirements

9. Data Breach Notification

  • Security Incidents: We have procedures to detect and respond to security incidents
  • Notification: We will notify affected users of data breaches as required by law
  • Regulatory Reporting: We report breaches to relevant authorities when required
  • Remediation: We take steps to remediate and prevent future breaches

10. Changes to This Privacy Policy

  • Updates: We may update this Privacy Policy from time to time
  • Notification: We will notify users of significant changes via email or website notice
  • Effective Date: The effective date will be updated when changes are made
  • Continued Use: Continued use of our service after changes constitutes acceptance
  • Review: We encourage you to review this policy periodically

11. Contact Information

  • Privacy Questions: For privacy-related questions, contact us at support@pendly.org
  • Data Requests: Use the same email for data access, correction, or deletion requests
  • Response Time: We will respond to privacy requests within 30 days
  • Verification: We may need to verify your identity before processing certain requests

12. Legal Basis for Processing (EU Users)

  • Contract: Processing necessary to provide our services
  • Legitimate Interest: Improving our services and preventing fraud
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws and regulations
Back to Home