Privacy policy
1. Who we are
Fundolar (“we,” “us,” or “our”) operates Fundolar websites, the Fundolar WordPress plugin, Fundolar Central, and related documentation and support services. We are based in Toronto, Ontario, Canada.
Depending on your interaction, we act as a controller of personal information you provide directly to us (for example, Fundolar Central account data) or as a processor on behalf of organizations that use our products to operate fundraising programs (for example, donor transaction data handled under their instructions).
For privacy inquiries directed at Fundolar as described in this policy, contact info@fundolar.com or use the contact form on our website.
2. Scope
This policy applies when you:
- Visit Fundolar marketing web properties;
- Create or administer a Fundolar Central account or workspace;
- Install or interact with the Fundolar WordPress plugin in connection with services we operate;
- Communicate with our team (support, security, partnerships).
Fundraising organizations that use Fundolar to collect donations remain independent controllers for donor-facing operations and publish their own privacy notices on their WordPress sites or checkout flows. Where those organizations process donor personal information, their policies govern the donor relationship in addition to this Policy where Fundolar acts as their processor.
3. Personal information we collect
The categories below depend on how you use Fundolar. We collect only what is reasonably necessary for the stated purposes.
3.1 Information you provide
- Account and profile data: name, email address, organization name, role, authentication credentials (stored using industry-standard hashing where applicable), billing identifiers when applicable, and preferences.
- Communications: messages you send via forms, email, or support channels, including attachments you voluntarily provide.
- Transactional records: records associated with payments for Fundolar services (amounts, timestamps, payment method metadata—not full payment card numbers when handled by a certified processor).
3.2 Information collected automatically
- Device and technical data: IP address, approximate location derived from IP, browser type, operating system, referrer URLs, and timestamps.
- Usage diagnostics: pages viewed, clicks, feature usage patterns, error logs, and performance telemetry necessary to secure and improve the service.
- Cookies and similar technologies: as described in our Cookie policy.
3.3 Information from third parties
We may receive limited information from analytics providers, authentication partners, fraud-prevention services, social sign-in providers (if enabled), and payment processors to confirm transactions or prevent abuse.
4. How we use personal information
We use personal information to:
- Provide, operate, maintain, and secure Fundolar Central and related infrastructure;
- Authenticate users, prevent fraud, enforce rate limits, and investigate misuse;
- Deliver customer support and transactional notices (billing, security alerts, policy updates);
- Improve product reliability and user experience through aggregated or de-identified analytics;
- Comply with legal obligations and respond to lawful requests;
- Send optional marketing communications where permitted (you may opt out as described in communications).
5. Legal bases (EEA, UK, and similar regimes)
Where GDPR-style laws apply, we rely on one or more of the following legal bases:
- Performance of a contract — to deliver services you request;
- Legitimate interests — to secure services, understand aggregate usage, and communicate operational updates, balanced against your rights;
- Legal obligation — to meet regulatory, tax, or law-enforcement requirements;
- Consent — where required for non-essential cookies or marketing, which you may withdraw.
6. How we share personal information
We do not sell personal information. We may share data with:
- Service providers (processors) — hosting, email delivery, observability, security scanning, customer-support tooling, and payment processing, subject to contractual confidentiality and processing terms;
- Professional advisers — auditors, accountants, or legal advisers where necessary to operate our business;
- Authorities — when required by law or to protect rights, safety, and integrity of users or the public;
- Business transfers — in connection with a merger, acquisition, or asset sale, with notice where practical.
Organizations operating Fundolar-connected WordPress sites may configure integrations (CRMs, email tools). Those flows are governed by the organization’s agreements with those vendors.
7. International transfers
Fundolar systems may be operated from or backed up in multiple regions. Where personal data moves across borders, we implement appropriate safeguards such as standard contractual clauses or equivalent mechanisms required by applicable law, alongside technical and organizational measures.
8. Retention
We retain personal information only as long as necessary for the purposes above, including satisfying legal, accounting, or reporting requirements. Retention periods vary by data category:
- Account data — for the life of the account plus a limited grace period unless longer retention is required;
- Security logs — typically rotated on a shorter cycle unless needed for incident investigation;
- Billing records — as mandated by tax and financial regulations;
- Marketing suppression lists — as needed to honor opt-outs.
9. Security
We employ administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit where appropriate, access controls, vulnerability management, and least-privilege operational practices. No method of transmission or storage is perfectly secure; please use strong passwords and protect API keys.
10. Your privacy rights
Depending on your location, you may have rights to access, rectify, delete, restrict, or port certain personal information, and to object to particular processing. You may also have the right to lodge a complaint with a supervisory authority.
To exercise rights applicable to data Fundolar controls directly, email info@fundolar.com. We may verify your identity before fulfilling requests. If we process data solely as a processor for an organization’s fundraising program, we may direct you to that organization for certain requests.
11. California residents
If the California Consumer Privacy Act (CCPA) as amended applies, California residents may have additional rights regarding personal information, including disclosure, deletion, and opt-out of certain sharing that constitutes “selling” or “sharing” under California law. Fundolar does not sell personal information for monetary consideration. For requests, contact info@fundolar.com.
12. Children
Fundolar services are not directed to children under 16 (or the minimum age required locally). We do not knowingly collect personal information from children for marketing purposes. If you believe we have collected such information inadvertently, contact us for prompt deletion.
13. Automated decision-making
We do not use automated decision-making that produces legal or similarly significant effects concerning individuals without human review, except where necessary for fraud prevention or security and permitted by law.
14. Changes to this policy
We may update this policy to reflect product, legal, or operational changes. Material updates will be communicated through reasonable means (for example, email to account holders or prominent notice on Fundolar Central). Continued use after the effective date constitutes acceptance where permitted by law.
15. Related policies
16. Contact us
Privacy questions or rights requests: info@fundolar.com or our contact form. We respond to verified requests within the timeframes required by applicable law.