Privacy Policy

1. Introduction

DonorKit, Inc., doing business as townhall (“we,” “us,” or “our”), operates townhall. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and being transparent about our data practices. Please read this policy carefully to understand how we handle your data. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (securely hashed using bcrypt)
• Name (optional)
• Workspace/organization name
• Profile picture (if provided)
• Two-factor authentication preferences

2.2 Usage Data

We automatically collect certain information when you use our Service:

• IP address (may be anonymized for analytics)
• Browser type and version
• Device information (operating system, screen resolution)
• Pages visited and features used
• Timestamps of actions
• Referral URLs
• Session duration and interaction patterns

2.3 Form Submission Data

When end users submit forms to your endpoints, we store the submitted data on your behalf. This may include personal information that your end users choose to submit. You are responsible for ensuring proper consent and providing privacy notices to your end users.

2.4 Uploaded Files

Files you upload through our Service are stored on our CDN. We do not analyze, access, or use the contents of your files except as necessary to provide the Service or comply with legal obligations.

2.5 Payment Information

Payment processing is handled by our third-party payment processors (Stripe and Polar.sh). We do not store complete credit card numbers on our servers. We may receive and store limited billing information such as the last four digits of your card, expiration date, and billing address for record-keeping purposes.

2.6 Communications Data

When you contact us for support or send us communications, we may retain the content of those communications along with your email address and our responses.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze usage patterns and trends to improve user experience
• Detect, prevent, and address technical issues, fraud, or abuse
• Comply with legal obligations and enforce our terms
• Send promotional communications (with your consent, where required by law)
• Personalize and customize your experience

4. Data Processing Locations

We believe in transparency about where your data is stored and processed. Here is a breakdown of our infrastructure:

5. Data Sharing & Third Parties

We may share your information with:

• Service Providers: Third-party companies that help us operate our Service (cloud hosting, payment processing, email delivery, analytics)
• Legal Requirements: When required by law, subpoena, court order, or to respond to legal process
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets
• Protection of Rights: When we believe disclosure is necessary to protect our rights, your safety, or the safety of others
• With Your Consent: When you have given us explicit permission to share your data

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Upon account deletion:

• Account data is deleted within 30 days
• Form submissions and associated data are permanently removed
• Uploaded files are deleted from our CDN
• Backups containing your data are purged within 90 days
• Aggregated, anonymized data may be retained for analytics purposes

We may retain certain information as required by law or for legitimate business purposes such as fraud prevention, dispute resolution, or enforcing our agreements.

7. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.2+ / HTTPS)
• Encryption at rest for sensitive data (AES-256)
• Secure password hashing (bcrypt with appropriate work factors)
• Two-factor authentication (2FA) support
• Regular security assessments and vulnerability scanning
• Access controls and role-based permissions
• Security monitoring and incident response procedures
• Employee security training and access limitations

8. Your Rights

Depending on your location, you may have certain rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (“right to be forgotten”)
• Export/Portability: Receive your data in a commonly used, machine-readable format
• Objection: Object to certain processing of your data
• Restriction: Request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw consent at any time where we rely on consent for processing
• Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, please contact us at privacy@townhall.gg. We will respond to your request within 30 days. We may ask for additional information to verify your identity.

8.1 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt-out of the sale of your personal information. Note: We do not sell personal information.

8.2 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including the rights listed above. Our legal basis for processing personal data includes: performance of a contract, legitimate interests, compliance with legal obligations, and your consent.

9. Cookies & Tracking Technologies

We use essential cookies and similar technologies to:

• Maintain your login session and authentication state
• Remember your preferences and settings
• Ensure the security of your account (CSRF protection)
• Understand how our Service is used (analytics)

We use privacy-respecting analytics that do not track individual users across websites. We do not use third-party advertising cookies or share cookie data with advertisers.

9.1 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service. Essential cookies cannot be disabled as they are required for the Service to function.

10. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we learn we have collected data from a child without proper parental consent, we will delete that information promptly.

11. International Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. These countries may have data protection laws that differ from your jurisdiction.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with our service providers
• Compliance with applicable data protection frameworks

12. Do Not Track Signals

Some browsers have a “Do Not Track” (DNT) feature that lets you tell websites you do not want to be tracked. We honor DNT signals and do not track users who have DNT enabled, except where necessary to provide core Service functionality.

13. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page, updating the “Last updated” date, and sending you an email notification for material changes. We encourage you to review this policy periodically.

Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@townhall.gg
• Company: DonorKit, Inc. (d.b.a. townhall)