Privacy Policy

Ethical Donations is the data controller for personal data processed via the Platform. If you have questions about this policy, contact us at privacy@ethicaldonations.com.

• Account data: name, email, password hash, profile details.
• Donation data: amount, campaign, message, anonymity preference, timestamps.
• Gift Aid data: title, full name, house number, postcode, declaration timestamps.
• Charity data: organisation details, bank details (held by Stripe), contact details.
• Technical data: IP address, browser type, device, cookies and analytics events.

• Contract: processing donations and providing platform services.
• Legal obligation: Gift Aid records, accounting and tax records.
• Legitimate interests: security, fraud prevention, service improvement.
• Consent: non-essential cookies and marketing communications.

We use your data to operate the Platform, process donations, deliver receipts and statements (including annual Gift Aid statements), enable charity payouts, prevent fraud, comply with legal obligations, and improve our services.

• Stripe — payment processing and identity verification for charities.
• HMRC — Gift Aid claim data, where you have given a declaration and the charity submits a claim.
• Lovable — our hosting and infrastructure provider for the Platform.
• Other service providers (email delivery, analytics) under written data processing terms.

Some of our processors operate outside the UK/EEA. Where data is transferred internationally we rely on UK adequacy decisions or Standard Contractual Clauses with the UK Addendum to ensure equivalent protection.

• Gift Aid declarations: retained for at least 6 years from the end of the tax year in which the declaration was made (HMRC requirement).
• Donation records: retained for 7 years for accounting and tax purposes.
• Account data: retained while your account is active and for a reasonable period after closure.
• Marketing preferences: retained until you withdraw consent.

Under UK GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

We use strictly necessary cookies for authentication and security, and (with your consent) analytics cookies to understand how the Platform is used. You can manage cookie preferences in your browser at any time.

We use industry-standard measures including encryption in transit, hashed passwords, access controls, and regular security reviews. Payment card data is handled by Stripe and never touches our servers.

The Platform is not intended for children under 18. We do not knowingly collect personal data from children. If you believe we hold data about a child, please contact us so we can delete it.

We may update this policy from time to time. Where changes are material we will notify you by email or in-product notice. The "Last updated" date above reflects the latest revision.

For privacy questions, requests or complaints, email privacy@ethicaldonations.com. See also our Terms & Conditions.