Donor Privacy Policy

Effective Date: February 13, 2026
Last Updated: February 13, 2026

1. Introduction

This Donor Privacy Policy explains how Ekkleios, Inc. ("we," "us," "our," or "Ekkleios") and the organizations using our platform ("Organizations," "Churches") handle donor information when you make donations through the Ekkleios platform.

This policy applies specifically to donors making financial contributions through our platform.

2. Important: Who Controls Your Donor Data

2.1 Data Controller

The organization you donate to (the church, ministry, or nonprofit) is the Data Controller of your donor information. They determine:

• What donor information is collected
• How your information is used
• Who has access to your information
• How long your information is retained
• How you can access or delete your information

2.2 Ekkleios Role

Ekkleios is a Data Processor acting on behalf of the organization. We:

• Provide the technology platform for donation processing
• Store donor data securely on behalf of organizations
• Process donations through our payment partner (Stripe)
• Do NOT own, sell, or control your donor data

2.3 Your Relationship

When you donate:

• You have a relationship with the receiving organization
• The organization is responsible for donor privacy and data protection
• You should review the organization's privacy policy
• Contact the organization directly for donor-related requests

3. Information We Collect

3.1 Donation Information

When you make a donation, we collect:

Personal Information:

• Full name
• Email address
• Phone number (optional)
• Mailing address (for tax receipts)

Donation Details:

• Donation amount
• Donation date and time
• Fund designation (if applicable)
• Donation frequency (one-time or recurring)
• Campaign or appeal (if applicable)

Payment Information:

• Credit/debit card information (collected and stored by Stripe, not by us)
• Last 4 digits of card number (for your records)
• Card type (Visa, Mastercard, etc.)
• Billing address

Technical Information:

• IP address
• Device type and browser
• Timestamp of donation
• Referring page (how you reached the donation page)

3.2 Donor Portal Information

If you access the donor portal to view your giving history:

• Email address (for authentication)
• One-time password (OTP) for secure access
• Portal usage data

3.3 Communication Preferences

• Email communication preferences
• Receipt delivery preferences
• Newsletter subscription status (if applicable)

4. How We Use Donor Information

4.1 Processing Your Donation

• Process your payment securely through Stripe
• Transfer funds to the organization's account
• Generate donation receipts
• Record your donation in the organization's database
• Send confirmation emails

4.2 Tax Receipts and Compliance

• Generate annual giving statements
• Provide tax receipts (for tax-deductible donations)
• Maintain records for IRS and tax compliance
• Support audit and reporting requirements

4.3 Donor Communications

Organizations may use your information to:

• Send donation confirmations and receipts
• Provide giving statements
• Send thank-you messages
• Share ministry updates (if you've opted in)
• Request feedback or testimonials

4.4 Platform Improvement

We may use aggregated, anonymized donation data to:

• Improve the donation platform
• Analyze donation trends
• Optimize user experience
• Generate platform-wide statistics

Note: We never share individual donor information across organizations.

5. Payment Security and PCI Compliance

5.1 Stripe Payment Processing

All payment processing is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor.

What this means:

• Your credit card information is encrypted and transmitted directly to Stripe
• Ekkleios never sees or stores your complete credit card number
• Only tokenized payment methods are stored
• Stripe maintains the highest level of payment security certification

5.2 PCI DSS Compliance

We maintain PCI DSS compliance by:

• Using Stripe.js and Stripe Elements for payment collection
• Never storing sensitive card data on our servers
• Implementing secure HTTPS connections (256-bit SSL)
• Regular security assessments
• Following PCI DSS best practices

5.3 Secure Transmission

• All donation pages use HTTPS encryption
• Data is encrypted in transit (TLS 1.2 or higher)
• Data is encrypted at rest in our database
• Secure API connections to Stripe

5.4 Fraud Prevention

We implement fraud prevention measures including:

• Address verification (AVS)
• Card verification value (CVV) checks
• Velocity checks (unusual donation patterns)
• IP address monitoring
• reCAPTCHA protection

6. How We Share Donor Information

6.1 With the Receiving Organization

Your donor information is shared with the organization you donate to. They have full access to:

• Your donation history
• Contact information
• Payment methods (tokenized only)
• Communication preferences

6.2 With Payment Processors

We share necessary information with Stripe to process your donation:

• Payment card information (directly to Stripe, not through us)
• Billing address
• Donation amount
• Email address (for receipts)

6.3 With Tax Authorities

Organizations may be required to report donations to tax authorities (e.g., IRS) for:

• Donations over certain thresholds
• Tax-deductible contribution reporting
• Compliance with tax laws

6.4 We DO NOT Sell Donor Data

• We never sell donor information to third parties
• We never share donor lists with other organizations
• We never use donor data for our own marketing purposes
• Each organization's donor data is completely isolated

6.5 Legal Requirements

We may disclose donor information if required by:

• Court orders or subpoenas
• Legal processes
• Law enforcement requests
• Fraud investigations
• Protection of rights and safety

7. Donor Rights and Choices

7.1 Access Your Donation History

You can:

• Access the donor portal to view your giving history
• Request donation records from the organization
• Download your giving statements
• View all donations by year

7.2 Update Your Information

You can:

• Update your contact information through the donor portal
• Contact the organization to correct inaccurate data
• Change your communication preferences
• Update your payment methods

7.3 Opt-Out of Communications

You can:

• Unsubscribe from email communications (via unsubscribe link)
• Opt out of marketing emails while still receiving receipts
• Contact the organization to update preferences
• Request to be removed from mailing lists

7.4 Request Data Deletion

You can request deletion of your donor data by contacting the organization. Note:

• Some data must be retained for tax and legal compliance (typically 7 years)
• Donation records may be required for audit purposes
• Tax receipts must be maintained for IRS requirements
• Complete deletion may not be possible due to legal obligations

7.5 Anonymous Donations

You may request to make anonymous donations, but:

• You may not receive tax receipts
• You won't be able to access the donor portal
• The organization may still need to record the donation for financial reporting
• Complete anonymity may not be possible for large donations (IRS requirements)

7.6 GDPR Rights (EU Donors)

If you're in the EU, you have additional rights:

• Right to access your data
• Right to rectification
• Right to erasure (subject to legal retention requirements)
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with your supervisory authority

7.7 CCPA Rights (California Donors)

If you're a California resident, you have rights under CCPA:

• Right to know what data is collected
• Right to request deletion (subject to exceptions)
• Right to opt-out of data "sales" (Note: We don't sell data)
• Right to non-discrimination

8. Data Retention

8.1 Active Donors

While you continue to donate, your information is retained to:

• Maintain your donation history
• Generate annual statements
• Process recurring donations
• Provide donor portal access

8.2 Inactive Donors

If you stop donating:

• Your data is retained for tax compliance (typically 7 years)
• You can still access your historical giving statements
• You can request deletion after legal retention periods expire

8.3 Legal Retention Requirements

We retain donation records for:

• Tax purposes: 7 years (IRS requirement)
• Financial audits: As required by law
• Legal disputes: Until resolved
• Regulatory compliance: As required

8.4 Recurring Donations

For recurring donations:

• Payment methods are stored securely (tokenized)
• You can cancel recurring donations at any time
• Cancellation stops future charges but doesn't delete history

9. Security Measures

9.1 Technical Security

• 256-bit SSL/TLS encryption
• Encrypted database storage
• Secure API connections
• Regular security audits
• Vulnerability scanning
• Intrusion detection

9.2 Access Controls

• Role-based access for organization staff
• Multi-factor authentication (optional)
• Audit logs of data access
• Least privilege principle
• Regular access reviews

9.3 Organizational Security

• Employee background checks
• Confidentiality agreements
• Security training
• Incident response procedures
• Data breach notification protocols

9.4 Third-Party Security

• Stripe: PCI DSS Level 1 certified
• Firebase/Google Cloud: SOC 2 Type II certified
• Regular vendor security assessments

10. Recurring Donations

10.1 How Recurring Donations Work

• You authorize automatic charges to your payment method
• Donations are processed on your selected schedule (weekly, monthly, annually)
• You receive a receipt for each donation
• You can modify or cancel at any time

10.2 Managing Recurring Donations

You can:

• View recurring donation schedules in the donor portal
• Update donation amounts
• Change payment methods
• Pause or cancel recurring donations
• Contact the organization for assistance

10.3 Payment Method Updates

• You're responsible for keeping payment methods current
• Failed payments will be retried (up to 3 attempts)
• You'll be notified of failed payments
• Recurring donations may be cancelled after repeated failures

10.4 Cancellation

To cancel recurring donations:

• Access the donor portal and cancel online
• Contact the organization directly
• Email support@ekkleios.com for assistance
• Cancellation takes effect immediately (no future charges)

11. Tax Receipts and Statements

11.1 Automatic Receipts

• You receive an email receipt immediately after each donation
• Receipts include donation amount, date, and organization details
• Receipts are stored in your donor portal

11.2 Annual Giving Statements

• Organizations provide annual giving statements (typically in January)
• Statements summarize all donations for the tax year
• You can download statements from the donor portal
• Statements are emailed to your registered email address

11.3 Tax Deductibility

• Tax deductibility depends on the organization's tax-exempt status
• Organizations are responsible for providing accurate tax information
• Consult a tax professional for tax advice
• We do not provide tax advice

11.4 IRS Requirements

Organizations must:

• Provide written acknowledgment for donations over $250
• Include required IRS language on receipts
• Maintain donation records for 7 years
• Report certain donations to the IRS

12. Children's Privacy

12.1 Age Restriction

The donation platform is not intended for children under 13. We do not knowingly collect information from children under 13.

12.2 Parental Consent

If you are under 18, you must have parental consent to make donations.

12.3 Family Donations

Parents may make donations on behalf of their children or family. The parent's information is recorded as the donor.

13. International Donors

13.1 Data Transfers

If you donate from outside the United States:

• Your data may be transferred to and stored in the US
• We implement appropriate safeguards for international transfers
• See our Privacy Policy and Data Processing Agreement for details

13.2 Currency Conversion

• Donations are processed in USD
• Your bank may charge currency conversion fees
• Exchange rates are determined by your card issuer

13.3 International Tax

• Tax deductibility varies by country
• Consult local tax authorities for guidance
• Organizations may not be able to provide tax receipts for all countries

14. Data Breaches

14.1 Notification

In the event of a data breach affecting donor information:

• We will notify affected donors without undue delay
• We will notify the receiving organization
• We will notify relevant authorities as required by law
• We will provide information about the breach and steps to protect yourself

14.2 Our Response

We will:

• Investigate the breach immediately
• Contain and remediate the issue
• Implement additional security measures
• Cooperate with law enforcement
• Provide credit monitoring if appropriate

14.3 Your Actions

If you're notified of a breach:

• Monitor your financial accounts for suspicious activity
• Consider changing passwords
• Review your credit reports
• Contact your bank if you notice unauthorized charges
• Follow guidance provided in the breach notification

15. Third-Party Links

Donation pages may include links to the organization's website or social media. We are not responsible for the privacy practices of these third-party sites.

16. Changes to This Policy

16.1 Updates

We may update this Donor Privacy Policy to reflect:

• Changes in our practices
• Legal or regulatory requirements
• New features or services
• Feedback from donors

16.2 Notification

Material changes will be communicated via:

• Updated "Last Updated" date on this page
• Email notification to recent donors
• Notice on donation pages
• 30 days' advance notice when possible

16.3 Continued Use

Continued use of the donation platform after changes constitutes acceptance of the updated policy.

17. Contact Information

17.1 For Donor-Related Requests

Contact the organization you donated to directly. They control your donor data and can:

• Provide your donation history
• Update your information
• Process deletion requests
• Answer questions about your donations

17.2 For Platform/Technical Issues

Contact Ekkleios:

Email: support@ekkleios.com Privacy: privacy@ekkleios.com Website: https://ekkleios.web.app

17.3 For Payment Issues

Contact Stripe:

Website: https://stripe.com/contact Support: https://support.stripe.com

17.4 For Privacy Rights (GDPR/CCPA)

Email: privacy@ekkleios.com Subject: "Donor Privacy Rights Request" Include: Your name, email, organization name, and specific request

18. Donor Bill of Rights

We support the Donor Bill of Rights established by leading philanthropic organizations. Donors have the right to:

1. Be informed of the organization's mission and how donations will be used
2. Know that donations will be used for the purposes for which they were given
3. Receive appropriate acknowledgment and recognition
4. Be assured that information about donations is handled with confidentiality
5. Expect that all relationships will be professional in nature
6. Access information about the organization's board and staff
7. Receive financial statements and annual reports
8. Ask questions and receive prompt, truthful answers
9. Be informed whether those seeking donations are volunteers, employees, or hired solicitors
10. Opt out of communications and have preferences respected

19. Specific Scenarios

19.1 Memorial Donations

For donations made in memory of someone:

• The honoree's name is recorded
• Notification may be sent to designated family members
• Memorial information is included in receipts
• Privacy of both donor and honoree is respected

19.2 Matching Gifts

For employer matching gift programs:

• Your employer may receive confirmation of your donation
• Matching gift information is recorded
• Both your donation and the match are receipted separately

19.3 Donor-Advised Funds

For donations from donor-advised funds:

• The fund sponsor is recorded as the donor
• You may be listed as the advisor/recommender
• Tax receipts go to the fund sponsor

19.4 Stock or Cryptocurrency Donations

For non-cash donations:

• Additional information may be required
• Fair market value is determined at time of gift
• Special tax rules may apply
• Contact the organization for specific procedures

20. Transparency and Accountability

20.1 Organization Responsibility

Organizations using Ekkleios are responsible for:

• Maintaining tax-exempt status
• Using donations for stated purposes
• Providing accurate information to donors
• Complying with fundraising regulations
• Maintaining financial transparency

20.2 Platform Transparency

Ekkleios provides:

• Clear fee disclosure ($0.99 platform fee per donation)
• Transparent payment processing (Stripe fees disclosed)
• Secure, auditable donation records
• Real-time donation tracking
• Comprehensive reporting tools

20.3 Donor Verification

You can verify:

• Organization's tax-exempt status (IRS.gov)
• Organization's financial health (GuideStar, Charity Navigator)
• Organization's registration with state charity regulators
• Organization's legitimacy before donating

21. Acknowledgment

BY MAKING A DONATION THROUGH THE EKKLEIOS PLATFORM, YOU ACKNOWLEDGE THAT:

1. You have read and understood this Donor Privacy Policy
2. You consent to the collection and use of your information as described
3. You understand that the receiving organization controls your donor data
4. You agree to the processing of your payment through Stripe
5. You understand your rights and how to exercise them

---

22. Additional Resources

• Main Privacy Policy: [Link to Privacy Policy]
• Terms of Service: [Link to Terms of Service]
• Cookie Policy: [Link to Cookie Policy]
• Stripe Privacy Policy: https://stripe.com/privacy
• IRS Charitable Contributions: https://www.irs.gov/charities-non-profits
• Donor Bill of Rights: https://afpglobal.org/donor-bill-rights

---

Version: 1.0 Effective Date: February 13, 2026 Last Updated: February 13, 2026

© 2026 Ekkleios, Inc. All rights reserved.

---

Questions? Contact the organization you donated to for donor-related questions, or email privacy@ekkleios.com for platform-related questions.