Effective Date: March 6, 2026 • Last Updated: March 6, 2026
Droplet ("we," "us," or "our") operates the website www.givedroplet.com and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Droplet is a micro-donation platform that rounds up your everyday purchases to the nearest dollar and donates the spare change to local fundraisers and nonprofits you choose to support. By using the Service, you consent to the data practices described in this policy.
Account Information: When you create an account, we collect your name, email address, and password. Organization Information: If you register as an organization, we collect your organization name, type, contact email, location, and fundraiser details. Support Communications: When you contact us, we collect the content of your messages and any information you provide.
When you link a bank account or credit card through our Service, we use Plaid, Inc. ("Plaid") to securely connect to your financial institution. By linking your account, you grant Plaid access to your financial data on your behalf. We receive transaction amounts, dates, and merchant names from your linked accounts, which we use solely to calculate round-up amounts. We also receive account and routing numbers to verify your bank account for payment processing. We do not receive or store your bank login credentials. Plaid handles all authentication directly with your financial institution.
We use Stripe, Inc. ("Stripe") to process payments and facilitate payouts to organizations. Stripe collects and processes bank account details for ACH debit transactions to collect your weekly round-ups. For organizations, Stripe Connect collects banking and identity information to facilitate payouts. We do not store your full bank account numbers on our servers. All payment data is handled by Stripe in accordance with PCI-DSS standards.
We automatically collect usage data (pages visited, features used, interaction patterns), device information (browser type, operating system, device identifiers), and log data (IP addresses, access times, referring URLs).
We use the information we collect to provide the Service (calculate round-ups, collect donations, distribute funds), process payments (charge your linked account and pay out to organizations), communicate with you (transaction confirmations, weekly summaries, payout notifications), maintain and improve the Service, ensure security and prevent fraud, and comply with legal obligations including tax reporting and regulatory requirements.
We do not sell your personal information. We share data with service providers including Plaid (account linking and transaction data), Stripe (payment processing), Supabase (data hosting), Resend (email delivery), and Webflow (website hosting) to operate the Service. When you donate to a fundraiser, the recipient organization may see aggregate donation data but does not receive your personal financial information. We may disclose information if required by law, court order, or government request. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
We implement reasonable security measures to protect your information. All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data stored in our database is encrypted at rest using AES-256 encryption. We use role-based access controls to limit access to personal data. Our backend is hosted on Supabase, which maintains SOC 2 Type II compliance and enterprise-grade security. While we strive to protect your information, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
We retain your personal information for as long as your account is active or as needed to provide the Service. Account data is retained while your account is active and for 30 days after a deletion request. Transaction data is retained for the current fiscal year plus 7 years to comply with tax and financial reporting requirements. Payment records are retained as required by applicable financial regulations. You may request deletion of your account and associated data at any time by contacting us at support@givedroplet.com.
You have the right to access and request a copy of your personal data in a portable format. You may update or correct inaccurate information through your account settings or by contacting us. You may request deletion of your personal information, subject to legal retention requirements. You may disconnect your linked bank account at any time through your dashboard or through Plaid Portal (my.plaid.com). You may opt out of non-essential communications and pause round-up donations at any time through your dashboard without deleting your account. To exercise any of these rights, contact us at support@givedroplet.com.
California residents have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have rights to access, correct, delete, and opt out of certain data processing. Contact us to exercise these rights.
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete that information promptly.
Our Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties and encourage you to review their privacy policies.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, please contact us at support@givedroplet.com or visit www.givedroplet.com.
