- Explain the way we use information Churches and Givers share with us in order to build a great product and give you a great experience with it;
- Ensure that you understand what information we collect with permission, and what we do — and do not do — with it;
- Hold us accountable for protecting your rights and your privacy under this policy.
This policy was updated on May 21, 2018. We may need to update it over time but if we do, we'll post the updated version on our website.
1. Your right to privacy
Your privacy and security is important to us. Tithe.ly respects your right to privacy and is committed to protecting the personal information that you provide to us. We use information collected to facilitate donation collection and processing, to process registrations and to communicate relevant news and updates. Tithe.ly does not and will not trade, license, rent or sell any personal information.
2. Scope of this policy
3. Privacy statement and summary
Tithe.ly works carefully to ensure that personal information is kept safe and secure throughout the transaction process and otherwise while in our custody or under our control. Tithe.ly is committed to protecting and safeguarding the privacy and security of the personal information provided to us by donors and registered charities.
Tithe.ly observes the following privacy practices:
- We only collect information for strictly specified purposes.
- We only require that you provide the necessary amount of personal information to provide any service.
- We may ask you for more information about yourself to help us provide you with a more tailored service and additional services, but in such cases, you are not obligated to provide such information.
- You may request access to and/or the full removal of your information from Tithe.ly at any time and we will accomodate such a request
4. Privacy principles
Tithe.ly is committed to the following 10 privacy principles:
- Tithe.ly is responsible for personal information in our custody or under our control.
4.2 Identifying purposes
Tithe.ly collects and uses personal information for the following purposes:
- To allow users to create or register for a Tithe.ly account and to manage those accounts.
- To administer online donations.
- To administer pre-authorized recurring donations.
- To generate statistics and aggregate reports for internal and external use.
- To communicate directly with users, including through Tithe.ly service news and updates, charitable promotions, charitable stories we think will be of interest to you, or other forms of communications.
- To provide client support and help.
4.3 Consent to use your personal information
- Tithe.ly collects personal information about you only when you voluntarily provide it or otherwise only with your consent as required by PIPEDA, GDPR, or by other applicable law.
- All personal information collected is done so using industry standard 256 bit SSL encryption.
- We will not, as a condition of the supply of our service, require you to consent to the collection, use or disclosure of information beyond that required to fulfill the explicitly specified and legitimate purposes for which the information is being provided.
- Upon giving Tithe.ly reasonable notice, a user may withdraw consent to use his or her personal information and have that personal information removed from Tithe.ly at any time, subject to any legal or contractual restrictions. If you wish to withdraw your consent, please contact Tithe.ly as described below. We will inform you of the implications of withdrawing consent.
4.4 Limiting collection
Tithe.ly limits the collection of personal information to that which is reasonably necessary for the identified purpose. The types of information Tithe.ly collects can be summarized as follows:
- Personal Information provided to Tithe.ly: Tithe.ly collects certain personal information directly from individuals who interact with our website or otherwise with us, including the following:
- Contact information (such as name, address, e-mail address and telephone number); Financial and billing information (such as credit card number/expiration date, broker and financial advisor information); and Donation history (such as amount donated and charities donated to); Tax receipt information; andAccount username and password information.
- Non-Personal Information: When donors, volunteers, charities and other organizations access Tithe.ly, anonymous, non-personal information about their visit is automatically collected. This information may include the date of the visit, how the visitor uses the website, the length of the visit, what pages the visitor viewed, the type of browser and operating system being used, and the domain name of the visitor’s Internet service provider. Tithe.ly may also collect statistics that describe how our visitors use our site. This information might include the average donation amount, the geographic breakdown of donations by area, what times of the day have the heaviest traffic, and which type of charity receives the most gifts. This information, collected in the aggregate, allows Tithe.ly to better serve donors and charities. None of these statistics reveal any personally-identifiable or individual information and Tithe.ly does not use any of this information to identify individuals. In certain cases, for the purposes of fraud detection and mitigation, IP addresses are collected in order to protect Tithe.ly against possible illegal activities.
- Cookie-based Information: When our clients, donors, volunteers, and other constituents access Tithe.ly, a small text file called a “cookie” is sent from our web server to their web browser and is stored on their computer. Cookies allow us to recognize users while he or she is logged into the Tithe.ly website. Cookies expire when the browser window is closed. Session Cookies employed by Tithe.ly are strictly used to perform the function that the user intended, such as keeping the user logged into the service in a secure fashion and processing transactions and gathering donations into a Gift Basket. Some browsers can be set to reject all cookies. If you choose to modify your browser in this manner, some pages of this website may not function properly.
4.5 Limiting use, disclosure and retention
- Tithe.ly does not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as permitted or required by law.
- Tithe.ly does not disclose credit card account information provided by users except to the appropriate banking institutions or payment processing provider in order to process a credit or debit authorization for payment, or to resolve a dispute.
- Tithe.ly may have to disclose personal information to satisfy a law, regulation or government request, or to satisfy a subpoena, search warrant or legitimate court order.
- Tithe.ly may share personal information with third parties engaged to assist us in providing our services. Such third parties are contractually bound to protect your personal information as explained above under “Accountability”.
- Tithe.ly reserves the right to disclose and/or transfer personal information to a third party in the event of a proposed or actual purchase, sale, lease, merger, amalgamation or any other type of acquisition, disposal, transfer, conveyance or financing of all or any portion of Tithe.ly in order for you to continue to receive the same services from the third party.
- Tithe.ly retains personal information only as long as is necessary for the fulfillment of those purposes for which it was collected or as required by law, and your consent to such purposes(s) remains valid after termination of our relationship with you.
Tithe.ly takes reasonable effort to keep personal information accurate, complete and as up to date as is necessary for the purposes that is being used. Individuals are permitted to check on the accuracy of their personal information and may make, or request, modifications or corrections, if necessary.
Tithe.ly depends on individuals and organizations to help it in maintaining the completeness, accuracy, and timeliness of the information collected. You must log-in to your Tithe.ly online account to update, modify, correct or delete your personal information.
- Tithe.ly makes commercially reasonable efforts to protect personal information from loss, theft, unauthorized access, copying, use, modification, disclosure and destruction by establishing and maintaining appropriate security safeguards appropriate to the sensitivity level of the information.
- All Tithe.ly staff members are made aware of the need to maintain strict confidentiality of all personal information and receive training on data security practices and how to properly handle personal information.
- In addition to training all Tithe.ly personnel, further safeguards are put into place by only allowing specific individuals access to personal information for customer support purposes. Access to information is limited (through username/password credentials and software systems) to those employees who require it to perform their job functions. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information.
- Tithe.ly uses Secure Sockets Layer (SSL) technology to help ensure the safety and security of online donations. SSL technology enables encryption (scrambling) of sensitive information, including passwords and credit card numbers, during your online transactions.
- With respect to the handling of credit card information, Tithe.ly adheres to Payment Card Industry Data Security Standards (PCI DSS) and uses the facilities of a PCI DSS compliant payment processor to securely store your payment card details. Detailed audit logs of all transactional information are kept for record keeping and backup purposes. Tithe.ly does not touch or store any payment card or bank account information on it’s servers or platforms.
- Tithe.ly has thorough security standards to protect our systems and your personal information against unauthorized access and use. This includes the security protections required by PCI compliance as well as specific procedures to keep your donation information secure and private.
Additional information about our privacy policies and practices can be obtained from our Privacy Official as described below.
4.9 Individual access
Upon request Tithe.ly will:
- Inform users of the existence and use of their personal information.
- Inform users whether their personal information has been disclosed to any authorized third parties.
- Provide users with access to their personal information in our custody or under our control subject to legal restrictions. Requests are to be directed to firstname.lastname@example.org. Tithe.ly will make every effort to respond to requests for access to personal information in a reasonable and timely manner.
4.10 Challenging compliance
5. Information collected and not collected
Personal information gathered by Tithe.ly is held in the strictest confidence and is secured by industry standard best practices.
5.1. Church Information
Tithe.ly provides church giving software to help churches raise money. As part of providing that service, we collect information from people who make enquiries of us, trial our software, or set up and operate an account on behalf of a church. This might include:
- Name, email, phone number and contact details
- Church name, location, and number of members
- Financial information like your church's bank account details
- Legal representitive information such as Name, last 4 of SSN, and copy of personal identification
We call this information “Church Information.”
5.2. Individual Information
Our service aims to give churches the right tools to make giving easy for their members and supporters. As part of this, churches collect information about individuals taht might include: include lots of information about their members in their account by adding new fields to the standard data categories which we set up.
- Name, email, phone number, address, and contact details
- Donation amount and designation of funds
- Payment information such as bank account details or credit / debit card informatio (Note: Although Tithe.ly makes it possible for individuals to provide their payment information, we do not store credit / debit or bank acocunt infomation. That information is collected and stored by our 3rd party payment processor, Stripe, who maintains a full PCI DSS Level 1 secure envronment.
The information that our clients collect about their members and supporters is called “Individual Information.” We assume that churches have collected all Individual information lawfully. We never sell, share, or otherwise use Individual Information for any comercial purposes outside of Tithe.ly.
Tithe.ly may collect information through the use of common information-gathering tools such as web beacons or cookies (“Cookie Information”). A cookie is a small string of text that a website can send to your browser which helps the Site remember and customize your visit. You have the option to delete or decline cookies by changing your browser’s settings. No personally identifiable information is stored in these cookies.
5.4 Web Beacons and Server Logging.
We may also use single pixel images on the Site or in our emails to you (web beacons). This technology tells us more about browsing, click-tracking, viewing, and buying activity, but none of your Personal Information will be transmitted. Tithe.ly may also collect information from your interaction with the Site, such as statistics in connection with pageviews, IP address, and standard web log information.
5.5 GPS information
When browsing the Site through a mobile phone or mobile application, we will attempt to collect your location through GPS in order to pair you with nearby churches and not-for-profit organizations for donation purposes. You may remove this location sharing authorization.
5.6 Financial information
Tithe.ly provides products that allow organizations to accept donations and register for events online. When transferring money to the Site, you provide Personal Information, credit, debit or bank account information, and a address (“Financial Information”) through Tithe.ly’s third party payment processor. This payment process is external to Tithe.ly.
Tithe.ly does not have any access to your Financial Information inputted through the third party payment processor’s payment process nor do we collect Financial Information for any purpose. All financial information transferred for purposes of processing a payment is done so using industry standard 256 bit SSL encryption.
5.6 Children under 13
Tithe.ly does not knowingly collect any Personal Information from or about a child under the age of 13 without the consent of the child’s parent or legal guardian. If we discover that we have inadvertently collected information from a child under 13 years of age, we will promptly take all reasonable measures to delete that data from our systems.
6. Use of information collected
We will only use personal information for purposes related to providing our Services.
Examples of this use by us include:
- enabling donors / supporters to give to their church via the Tithe.ly mobile giving app
- providing you with services requested;
- administering your account, including billing and dealing with payment issues;
- dealing with requests, enquiries or complaints and other customer care related activities;
- marketing our services generally.
We will not use your information for purposes other than described in this Section unless we have your consent or there are specified law enforcement or public health and safety reasons or other uses required by law.
In most cases, Tithe.ly will interact only with administrative Tithe.ly users for a Church Account, and not directly with Individual givers / supporters. We are happy to interact with Individual givers / supporters, but in most cases will direct them back to the authorised user for their church account. In later sections of this Policy we describe how we respond to requests for access to, correction and deletion of Individual Information.
Generally, we do not collect Individual Information (other than in special cases, such as when we help with on-boarding). However, if churches do provide us with Individual Information (for example, for on-boarding) we will only use this information for the specific reason for which it is provided.
6.1 Direct marketing
By providing Personal Information on the Site during Registration, you consent to Tithe.ly’s use of your Personal Information. If you do not wish to receive marketing communications from Tithe.ly, you may unsubscribe in the marketing email or communication sent to you by following the instructions in that communication.
Tithe.ly does not participate in bulk email solicitations that you have not consented to receiving (i.e., “spam”). Tithe.ly does not sell or disclose client lists or email address lists to unrelated third parties.
Except as otherwise provided herein, Tithe.ly does not share Personal Information with any third party advertisers.
However, Tithe.ly may share aggregated anonymous information with third party advertisers, but this aggregated anonymous information cannot be matched with you personally unless you voluntarily share your Personal Information with the third party advertisers.
6.2 “Contact us”, customer support, or troubleshooting
Information provided by users as part of a request that Tithe.ly contact or follow up with as part of the “Contact Us” feature on the Site will be used by Tithe.ly to contact you and discuss your concerns or interest in Tithe.ly’s Products and Services. We may use your information to provide customer support or troubleshooting in the connection with your use of our Products or Services.
6.3 Mailing list
By registering to use Tithe.ly’s Services or purchasing Products and Services, you will be added to Tithe.ly’s mailing list or other mailing lists that we provide for your convenience. You may unsubscribe from Tithe.ly’s mailing lists at any time by clicking on the opt-opt line at the bottom of each E-newsletter or by contacting us at email@example.com.
7. Sharing information and sub-processors
Unless you consent, we will not disclose any church information or Individual Information to third parties, other than sub-processors we use as part of delivering the Service.
The sub-processors used by us include Digital Ocean, Stripe, Twillio, Mnadrill, ActiveCampaign, Chargify, Intercom, Google Analytics and Amazon Web Services. These sub-processors are located in the US, UK and EU. Use of their services may involve the transfer of personal information to them.
For all our sub-processors:
- each sub-processor has agreed that it will only access and use Church or Individual Information to the extent necessary to perform the functions contracted to it by us and which are necessary for us to be able to provide the Services;
- we ensure that they will comply with all the obligations contained in this Policy and principles
8. Protection of your information
Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while Tithe.ly attempts to protect all Personal Information, Tithe.ly cannot ensure or warrant that Personal Information will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network.
Tithe.ly will notify you in the event we become aware of a security breach involving your Personally Identifiable Information (as defined by the applicable state and federal laws) stored by or for us. By disclosing your email address to us for any reason, you expressly consent to receive electronic notice from us in the event of such a security breach.
We take steps to protect the security of the personal information we hold from both internal and external threats by:
- regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information
- conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
If a data breach occurs, we will:
- notify you of it as soon as reasonably possible after it comes to our attention;
- take reasonable steps to secure the affected data and minimise harm to all individuals; and
- provide you with whatever reasonable assistance might otherwise be required.
9. Third party links
The Site may contain links to websites not affiliated with Tithe.ly. Your use of an external website or any informational content found on an external websites is subject to and governed by the terms and guidelines of those website(s).
Tithe.ly does not endorse or make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available on an external website, even if one or more pages of the external website are framed within a page of this Site. Tithe.ly is not responsible for the privacy practices of any external website.
10. Retention and deletion of Personal Information
Generally, we will keep Personal Information for as long as a church is actively using Tithe.ly or the period during which any legal claim may be made in regard to the provision of Services in accordance with legal requirements or to meet our legal obligations. For example, we hold billing records, and any information associated with those records (such as the number of members a Church had) for 7 years.
10.2. Deletion and Disposal
If we hold personal information about you, and we do not need that information for any purpose, we will take reasonable steps to securely destroy or de-identify that information unless we are prevented from doing so by law.
An authorised administrative user can ask us to delete church information at any time, and we will delete it from all live systems and make sure we do not process it further in any way (other than as we may need to support your account or for other reasonable administrative or legal purposes, such as billing).
We apply the following rules to the permanent deletion of information:
- Church accounts and associated Individual Information, where there has been no activity for more than 7 months (and where not required for Tithe.ly's own records or administrative processes) will be deleted permanently; and
- Individual Information which has been deleted or disabled, will be permanently deleted or de-identified 90 days after deletion or disabling (or 18 months where members have financial data associated to them).
10.3. Deletion of Individual Information by Churches
Churches can delete or disable Individual Information at any time. Members who wish to delete or stop the use of their Individual Information should contact their Church. Permanent deletion of Individual Information will be done in accordance with section 11.2 above.
If a Member feels their Church has not dealt with their request promptly or effectively, we will respond in the same way we would to a request for access (see the next paragraph for more information).
11. Updating Personal Information
If you ever wish to access your Personal Information, or to have your Personal Information deleted, updated, changed or modified, you may do so by logging into the Tithe.ly app using your account or by contacting Tithe.ly at firstname.lastname@example.org.
To cancel your account and have your Personal Information returned to you, you may also contact email@example.com and we will respond do your request in a reasonable amount of time.
13. Contacting us
YourGiving, Inc.Last Updated: 5/21/2018