Privacy Policy
Last updated: December 17, 2024
1. Introduction
DonorKit, Inc., doing business as townhall (“we,” “us,” or “our”), operates townhall. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
We are committed to protecting your privacy and being transparent about our data practices. Please read this policy carefully to understand how we handle your data.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address
- Password (securely hashed)
- Name (optional)
- Workspace/organization name
2.2 Usage Data
We automatically collect certain information when you use our Service:
- IP address
- Browser type and version
- Device information
- Pages visited and features used
- Timestamps of actions
2.3 Form Submission Data
When end users submit forms to your endpoints, we store the submitted data on your behalf. This may include personal information that your end users choose to submit.
2.4 Uploaded Files
Files you upload through our Service are stored on our CDN. We do not analyze or access the contents of your files except as necessary to provide the Service.
2.5 Payment Information
Payment processing is handled by our third-party payment processors (Stripe and Polar.sh). We do not store complete credit card numbers on our servers.
3. How We Use Your Information
We use your information to:
- Provide, maintain, and improve our Service
- Process transactions and send related information
- Send you technical notices, updates, and support messages
- Respond to your comments, questions, and requests
- Monitor and analyze usage patterns and trends
- Detect, prevent, and address technical issues or abuse
- Comply with legal obligations
4. Data Processing Locations
We believe in transparency about where your data is stored and processed. Here is a breakdown of our infrastructure:
| Data Type | Location | Provider |
|---|---|---|
| Account & Form Data | United States (Azure) | Azure SQL Database |
| Uploaded Files | Global (Cloudflare R2 CDN) | Cloudflare R2 |
| Email Notifications | United States | SMTP2GO |
| Payment Processing | United States (Stripe/Polar) | Stripe / Polar.sh |
| Analytics & Tracking | Global (Edge) | Self-hosted |
📍 About Cloudflare R2
Files uploaded to our Service are distributed globally via Cloudflare's R2 storage and CDN. This means your files are cached at edge locations worldwide for faster access, but the primary storage location is determined by Cloudflare's infrastructure.
5. Data Sharing & Third Parties
We may share your information with:
- Service Providers: Third-party companies that help us operate our Service (cloud hosting, payment processing, email delivery)
- Legal Requirements: When required by law or to respond to legal process
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- With Your Consent: When you have given us permission to share your data
We do NOT:
- Sell your personal information to third parties
- Share your data for advertising purposes
- Use your form submission data for our own purposes
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. Upon account deletion:
- Account data is deleted within 30 days
- Form submissions are permanently removed
- Uploaded files are deleted from our CDN
- Backups are purged within 90 days
7. Data Security
We implement appropriate security measures including:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for sensitive data
- Secure password hashing (bcrypt)
- Regular security audits
- Access controls and authentication
Security Responsibility
While we take reasonable measures to protect your data, no method of transmission over the Internet is 100% secure. You are responsible for maintaining the security of your account credentials.
8. Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data
- Export: Receive your data in a portable format
- Objection: Object to certain processing of your data
- Restriction: Request restriction of processing
To exercise these rights, please contact us at privacy@townhall.gg.
9. Cookies & Tracking
We use essential cookies to:
- Maintain your login session
- Remember your preferences
- Ensure the security of your account
We do not use third-party tracking cookies or advertising cookies.
10. Children's Privacy
Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected data from a child under 13, we will delete that information promptly.
11. International Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place when transferring data internationally.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@townhall.gg
- Company: DonorKit, Inc. (d.b.a. townhall)
🔒 Data Protection Officer
For data protection inquiries, you can reach our DPO at dpo@townhall.gg.