Privacy Policy

Effective Date: September 9, 2025
Last Updated: September 9, 2025

Welcome to charitydirect LLC (“charitydirect,” “we,” “us,” or “our”). This privacy policy (“Privacy Policy”) explains how we collect, use, disclose, and protect the personal information of individuals who use, including financial advisors, of our Platform and Services (“Users”), as defined in our Terms of Service, individuals about whom we receive personal information to provide our Platform and Services to Users (“End Customers”), and our charity partners (“Charity Partners”). Depending on the context, “you” or “yours” might be a User, End Customer, or Charity Partner. By accessing or using our Platform or Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Platform or Services.

We are committed to protecting your privacy and ensuring the security of your personal information in compliance with applicable U.S. federal and state laws, including North Carolina's charitable solicitation regulations under N.C. Gen. Stat. § 131F and our Charitable Solicitation License No. SL101788. Our operations are limited to the State of North Carolina and the United States; we do not operate internationally, and access from outside the United States is not permitted. If you have any questions about this Privacy Policy, please contact us at support@charity-direct.com.

1. Information We Collect

Our collection and use of personal information differs based on whether you are a User or End Customer. For example, we provide a Platform and various Services for financial advisors (Users) to facilitate tax-efficient charitable giving on behalf of their customers (End Customers). We collect personally identifying information about End Customers from Users acting on behalf of their End Customers. Users are responsible for ensuring that the privacy rights of End Customers are respected, including obtaining appropriate consents and making disclosures about their own data collection and use associated with their products and services. If you’re an End Customer, please refer to the privacy policy of the User you’ve engaged to act on your behalf for its privacy practices, choices, and controls.

We collect the following types of information on Users and End Customers. We do not collect highly sensitive financial details such as full individual retirement account (“IRA”) numbers or Social Security Numbers (“SSN(s)”). We do not have a payment collection system on our web app; invoices are sent via QuickBooks for Charity Partner fees only.

1.1 Information Provided by Users

Account Information:
When you register as a User (e.g., financial advisor or advisory firm), we collect your name, email address, professional title, firm name (if applicable), phone number, and contact details.
Client Information:
As a User, you may enter personal information about End Customers to facilitate Qualified Charitable Distributions (“QCDs”), including their names, contact details (e.g., email, address), financial summaries (e.g., adjusted gross income (“AGI”), IRA types excluding account numbers), donation preferences, and images of donation checks written by IRA custodians on behalf of End Users. When a User provides personal information about the User or an End Customer to us, or authorizes us to collect personal information directly from End Customers, the User acknowledges and agrees to provide all required notices and to obtain all necessary rights and consents (including, where applicable, obtaining explicit opt-in consents) from the applicable individuals (including End Users) sufficient to enable us to process the personal information in compliance with applicable state and federal law for the purposes described in this Privacy Policy. The User will determine the content of notices provided to applicable individuals in this regard.
Communication Data:
Any information you, as User or End Customer, provide when communicating with us, such as through support requests, feedback, or inquiries.
Charity Partner Data:
For Charity Partners, we collect organizational details, contact information for primary contacts/CFO/Treasurer, and invoicing data related to our 3.9% Field Agent Fee (which compensates us for services like vetting, audits, Impact Reports™, receipt tracking, promotion, and facilitation). Invoices are sent via QuickBooks with net 15 days payment terms (plus a 3-day grace period); late payments incur a 2.1% fee.

1.2. Automatically Collected Information

Usage Data:
We collect data about how User and End Customers interact with the Platform, including IP addresses, browser types, device information (e.g., operating system, unique identifiers), pages visited, timestamps, and referral sources.
Cookies and Tracking Technologies:
We do not use cookies, web beacons, or similar technologies to analyze usage patterns when you access our Platform or Website.

2. How We Use The Information You Provide to Us

We use the information we collect or that you provide to us for the following purposes:

To Provide and Improve Our Services:
Including facilitating QCDs, generating donation receipts, delivering personalized thank-you notes and Impact Reports™, managing User accounts, and processing Charity Partner fees/invoices via QuickBooks.
To Communicate with You:
Sending service-related notifications (e.g., updates, receipts, Impact Reports™), responses to inquiries, and legal notices.
To Ensure Security and Compliance:
Monitoring for fraud, abuse, or unauthorized access; conducting internal audits; and complying with legal obligations, such as tax reporting and North Carolina charitable solicitation requirements (e.g., retaining records for state inquiries under N.C. Gen. Stat. § 131F).
To Analyze and Enhance User or End Customer Experience:
Using aggregated and anonymized data (e.g., usage statistics) for internal analytics, product development, and Service improvements. We do not use personal information for automated profiling or decision-making.
For Legal and Business Purposes
Responding to legal requests, enforcing our agreements, resolving disputes, and supporting business transfers (e.g., mergers or acquisitions).

3. How We Share The Information You Provide to Us

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

With Charity Partners:
To facilitate donations, we share relevant End Customer details (e.g., name, donation amount, check images) with selected Charity Partners.
With Service Providers:
We engage third-party vendors for essential functions, such as:
QuickBooks (for invoicing Charity Partners, including fee details like the 3.9% Field Agent Fee).
Amazon Relational Database Service (“RDS”) (for database hosting, with encryption at rest via Amazon Web Services (“AWS”) Key Management Service and Transparent Data Encryption for Structured Query Language Server, and in transit via TLS/SSL). These providers are bound by data processing agreements that require them to protect your information, use it only for specified purposes, and comply with applicable laws. A list of sub-processors is available upon request at chris@charity-direct.com.
For Legal Reasons:
We may disclose information if required by law, such as in response to subpoenas, court orders, regulatory requests (e.g., from the North Carolina Secretary of State under our CSL # SL101788), or to protect our rights, safety, or property.
In Business Transfers:
If charitydirect undergoes a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of the business assets, subject to equivalent privacy protections.
Aggregated/Anonymized Data:
We may share non-identifiable, aggregated data for research, marketing, or analytics purposes as permitted by applicable law.

4. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. This includes:

Encryption:
Data at rest is encrypted using AWS Key Management Service and Transparent Data Encryption in Amazon RDS; data in transit is secured via TLS/SSL protocols.
Acess Controls:
Role-based access, firewalls, and regular security audits.
Monitoring:
Role-based access, firewalls, and regular security audits.

However, no system is completely secure, and we cannot guarantee absolute security. In the event of a data breach, we will notify affected individuals as required by applicable laws (e.g., within timelines set by potential future North Carolina privacy legislation like HB 462 or SB 757, if enacted).

5. Your Rights and Choices

You have the following rights regarding the personal information we collect and that you provide to us, subject to verification and legal limitations:

Access & Update:
User or End Customer can access, review, and update your account information through the Platform dashboard.
Deletion:
User or End Customer may request deletion of your account and personal information at any time by contacting us. We will comply unless retention is required for legal reasons (e.g., tax audits).
Opt-In Consents
For sensitive data processing (e.g., sharing donation check images or End User details with Charity Partners), we require Users to obtain explicit opt-in consent from End Customers before Users share sensitive data with us. Users or their End Customers can withdraw consent at any time, though this may limit Service functionality.
Data Portability:
Upon request, we will provide a copy of personal information to the applicable individual in a structured, commonly used, machine-readable format.
Opt-Out:
User or End Customer can opt out of marketing communications by following unsubscribe links made available in internet-based marketing communications or contacting us.
Do Not Sell:
We do not sell personal information.

To exercise these rights, contact us at chris@charity-direct.com. We respond to verifiable requests within 45 days (extendable if complex). No fees apply unless requests are excessive or unfounded.

6. Data Retention

We retain the personal information you provide to us for only as long as necessary to: fulfill the purposes outlined in this Policy, provide Services, comply with legal obligations, resolve disputes, or enforce agreements. Specific periods include:

Account Usage Data:
Retained while your account is active and for up to 30 days post-termination (during export grace period).
End User and Donation Data:
Retained for the duration of your account and thereafter as required for tax and audit purposes (e.g., at least 3 years from tax return filing date; extendable to 6 years for income underreporting 25%, or 7 years for audit-prone records like ledgers/invoices).
Charitable Solicitation Records:
Under N.C. Gen. Stat. § 131F, retained for 3-7 years to respond to state requests (e.g., financial statements within 14 days). Records involving fraud are retained indefinitely.

After retention periods, data is securely deleted or anonymized. Users can delete profiles anytime via the Platform, triggering the grace period.

7. Third-Party Links

The Platform may contain links to third-party websites (e.g., Charity Partners or Calendly). We are not responsible for their privacy practices and encourage you to review their policies.

8. Children's Privacy

Our Services are not directed to individuals under 18, and we do not knowingly collect personal information from minors. If we learn of such collection, we will delete it promptly.

9. International Users

The Platform is intended solely for Users and End Customers who are residents of the state of North Carolina.

10. Internet Security Disclaimer; Limitation, Suspension, or Termination of Access:

10.1 Internet Security Disclaimer

You consent to our collection, storage, use, and disclosure of personal information as contemplated hereunder, which will involve transmission over the Internet and over various networks, only part of which may be owned or operated by us. You acknowledge and understand that personal information may be accessed by unauthorized persons when communicated across the internet, network communications facilities or other electronic means. You acknowledge and agree that we, our affiliates, directors, subsidiaries, agents, and service providers are not responsible for any information or data that is delayed, lost, destroyed, altered, intercepted or stored during the transmission of such data across network infrastructure not owned or operated by us, including the internet, third party websites or Users’ or End Customer’s local networks. You agrees that we are not in any way responsible for any interference with End Customer’s or Users’ use of or access to the Platform, Services, or Website or security breaches arising from or attributable to such network infrastructure and, to the fullest extent permitted by law, you waives any and all claims against us in connection therewith (except with respect to the requirements of the following sentence).

10.2 Limitation, Suspension or Termination of Access.

We reserve the right to suspend or terminate or limit (as determined in our sole discretion) a User or End Customer’s access to or use of the Platform or Services, or any component thereof, without notice in order to: (i) prevent any actual or reasonably potential adverse impact on our ability to deliver any services to our customers; (ii) prevent any actual or reasonably potential damage to, or misuse, abuse or degradation of the integrity of, the Platform, Services, Website, our property or systems; (iii) comply with any applicable laws, including any judicial or governmental request or order; or (iv) otherwise protect us from actual or reasonably potential liability.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at our discretion and at any time. We will notify you of material changes by posting the updated Policy on the Platform, updating the “Last Updated” date, and (for significant changes) via email or Platform notice at least 30 days in advance. Your continued use of the Platform following the posting of changes constitutes your acceptance of such changes.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email:
Phone:
Address:
10407 Brock Run, Charlotte, NC 28269

This Privacy Policy reflects charitydirect’s commitment to transparency, user trust, and compliance with applicable laws, including North Carolina regulations for charitable solicitation.