Privacy Policy

Last updated: June 2026

1. Who we are

MpactNet ("MpactNet," "we," "us," or "our") provides a donor management platform for nonprofit organizations and a companion mobile application for donors. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our websites, the MpactNet CRM, and the MpactNet donor app (together, the "Services").

By using the Services, you agree to the practices described in this policy.

2. Information we collect

Information you provide

• Account information — name, email address, organization details, role, and login credentials.
• Donor information — when nonprofits use the CRM, they may provide donor names, contact details, and giving history; donors may provide their own profile and contact details in the app.
• Payment information — donation amounts and related details. Card and bank details are collected and processed directly by our payment processor (see Section 5); we do not store full card numbers.
• Communications — messages, support requests, and survey or waitlist responses you send us.

Information collected automatically

• Usage data — pages and features used, actions taken, and timestamps.
• Device and log data — IP address, browser or device type, and similar technical information.
• Cookies and similar technologies — used to keep you signed in, remember preferences, and understand usage. You can control cookies through your browser settings.

3. How we use information

We use information to:

• Provide, operate, and improve the Services;
• Process donations and related transactions;
• Authenticate users and secure accounts;
• Provide customer support and respond to requests;
• Send service-related and, where permitted, product communications (you can opt out of non-essential messages at any time);
• Generate insights and analytics for nonprofits about their own supporters;
• Detect, prevent, and address fraud, abuse, and security incidents; and
• Comply with legal obligations.

4. Nonprofits and donors: our role

MpactNet serves two types of users, and our role differs accordingly:

• For nonprofit organizations, we generally act as a service provider (processor) that handles donor data on the nonprofit's behalf and under its instructions. Each nonprofit is responsible for its own privacy practices toward its donors.
• For donors using the app, we act as a controller of the account and profile data a donor provides directly to us, and we give donors tools to manage their own information.

Data belonging to one organization is kept logically isolated from other organizations.

5. Payments

Donations and other payments are processed by Stripe, Inc. and its affiliates through Stripe Connect. When you make or receive a payment, your payment details are provided to and processed by Stripe in accordance with Stripe's Privacy Policy. We receive limited information about transactions (such as amount, status, and a payment identifier) to operate the Services, but we do not collect or store full payment card numbers.

6. Use of AI

The Services include AI-assisted features (for example, drafting messages, summarizing donor activity, and answering questions about an organization's own data). To provide these features we send relevant information to trusted AI providers under contractual confidentiality and data-protection commitments. We take steps to limit and, where practical, pseudonymize personal identifiers sent to AI providers. We do not sell personal information, and we do not permit AI providers to use your information to train their general models except as needed to provide the feature to you.

7. How we share information

We share information only as needed to run the Services:

• With the relevant nonprofit — a donor's interactions with an organization are visible to that organization.
• With service providers — payment processing, cloud hosting, communications, analytics, and AI providers who process information on our behalf under appropriate agreements.
• For legal reasons — to comply with law, enforce our terms, or protect rights, safety, and security.
• In a business transfer — in connection with a merger, acquisition, or sale of assets, subject to this policy.

We do not sell your personal information.

8. Data retention

We retain information for as long as needed to provide the Services, comply with legal and tax obligations (including donation and receipt records), resolve disputes, and enforce agreements. Nonprofits control retention of their donor records within the CRM, subject to applicable law.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. Donors can review and update much of their profile information directly in the app. To exercise other rights, contact us using the details below. If your information is held by a nonprofit through our CRM, we may direct your request to that organization.

10. Security

We use technical and organizational measures designed to protect information, including encryption in transit and at rest, access controls, and isolation between organizations. No method of transmission or storage is completely secure, but we work continuously to protect your information and to respond promptly to potential incidents.

11. Children's privacy

The Services are not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us information, please contact us so we can remove it.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new "Last updated" date and, where appropriate, provide additional notice.

13. Contact us

Questions about this policy or your information? Email us at privacy@mpactnet.com.