This Privacy Policy explains how "GreekFunder," "we," "us," and "our" refer to GreekFunder, a sole proprietorship, the operator of greekfunder.com, and its successors and assigns, collect, use, share, and retain personal information when you use the GreekFunder website and platform (the Services). It applies to everyone who uses the Services: account holders (Users), people who make a payment with or without an account (Donors), the Greek-letter organizations that fundraise on the platform (each a Chapter), and visitors who simply browse.
This Privacy Policy is effective as of the effective date shown at the top of this page. Please read it together with our Terms of Service. By using the Services, you acknowledge the practices described here.
1. Who we are
GreekFunder provides a platform that lets a Chapter create fundraisers and attach events such as ticketed events, merchandise shops, photo contests, and giving boards, and collect payments for them. Chapters run their own fundraisers; GreekFunder provides the technology that makes them work. GreekFunder is not a charity, is not a party to the relationship between a Donor and a Chapter, and does not control how a Chapter uses the funds it raises.
Payments on the Services are processed by Stripe, and funds settle through Stripe's regulated payment rails directly into the Chapter's own Stripe account. GreekFunder never takes custody of Donor funds and never handles or stores your full card number. This Privacy Policy covers the personal information GreekFunder itself collects and processes; it does not cover the separate privacy practices of Stripe, a Chapter, or any other third party, each of which is governed by its own terms.
2. Information we collect
Information you give us
- Account information. When you create an account, we collect your name, email address, and a password (which we store only in hashed form, never in plain text), and an optional profile photo if you choose to upload one.
- Donor and checkout information. When you make a payment, including as a guest without an account, we collect your name and email address, an optional phone number, and your choice of how your name is displayed publicly (for example, on a leaderboard or a public donation feed).
- Payment details. Your card number and related payment credentials are entered directly into Stripe's payment fields and are transmitted to Stripe. GreekFunder never receives or stores your full card number. We keep a record of the payment itself, such as the amount, date, the fundraiser or item paid for, and the Chapter that received it.
- Uploaded photos and content. We collect images you upload, including fundraiser and event cover images, team images, merchandise item images, and photo-contest submissions, along with any captions or descriptions you provide.
- Attendee names. When you buy tickets, we collect any attendee names you enter for the admissions you purchase.
- Chapter information. From a Chapter and its administrators, we collect organizational contact details and the tax information needed to issue receipts, including the Chapter's legal name and Employer Identification Number (EIN).
- Contact-application information. If you apply to bring a Chapter onto the platform, we collect the details you submit, such as your name, your school email address, a phone number, and information about your chapter.
Information we generate or collect automatically
- Acceptance records. When you agree to our Terms of Service, this Privacy Policy, or a Chapter agreement, we record which version of the document you accepted, the date and time, and technical details of the acceptance such as the IP address and browser. For a guest payment, this record is tied to the email address used at checkout.
- Log and technical data. As you use the Services, we and our network provider automatically receive technical information such as your IP address, device and browser type, and requests made to our servers, which we use to operate, secure, and troubleshoot the Services.
3. How we use your information
We use the information described above to:
- operate, maintain, and improve the Services, and provide the features you use;
- process payments, issue receipts and, where applicable, tax documents, and support refunds, chargebacks, and payouts;
- run the fundraisers, ticketed events, merchandise shops, photo contests, and giving boards that Chapters create;
- display content you choose to make public, such as your chosen display name on a leaderboard or a photo-contest submission in a gallery;
- send you transactional messages such as receipts, ticket confirmations, pickup notices, refund and dispute notices, account-verification and password-reset emails, and organizational invitations;
- scan certain uploaded images for content-safety purposes as described in Section 7;
- protect the Services, detect and prevent fraud and abuse, and defend against payment disputes and chargebacks;
- keep the business and tax records the law requires us to keep, and record your acceptance of our agreements; and
- comply with legal obligations and enforce our Terms of Service and Acceptable Use Policy.
4. How we share your information
We do not sell your personal information, and we do not share it for advertising or cross-context behavioral advertising. We share personal information only in the limited ways described below.
Service providers (sub-processors)
We rely on a small number of vendors that process personal information on our behalf, under contract and only to provide services to us, not for their own purposes:
- Stripe processes payments and payouts and handles Chapter onboarding for Stripe Connect. Stripe collects and hosts the sensitive information a Chapter provides to receive payouts, such as bank-account, tax-identification, and identity details; that information goes to Stripe, not to us.
- Cloudflare provides our network proxy, content-delivery network, image storage, image transformations, and a privacy-focused website-analytics measurement beacon. It processes technical data such as IP addresses and request metadata, and stores uploaded images.
- Google Cloud Vision performs a content-safety review of uploaded photos that our own first-stage screening has flagged, as described in Section 7. Only flagged images are sent to it.
- MongoDB Atlas hosts our primary database, which stores the personal information described in this policy.
- DigitalOcean provides the hosting infrastructure that runs the Services.
- An email delivery (SMTP) provider sends the transactional emails described above, such as receipts and notifications.
Chapter administrators
When you make a payment to a Chapter, that Chapter's administrators can see information about the payment in their dashboard, including the Donor's name, email address, and the amount paid. This disclosure is necessary for a Chapter to run its fundraiser, fulfill orders, provide event admission, and issue receipts. The Chapter's own handling of that information is governed by the Chapter, not by GreekFunder.
Legal and protective disclosures
We may disclose personal information when we believe in good faith that doing so is required by law or legal process, or is reasonably necessary to enforce our agreements, protect the rights, safety, or property of GreekFunder, our Users, or the public, or investigate fraud or abuse.
Business transfers
If GreekFunder is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred to a successor or acquirer as part of that transaction, subject to this Privacy Policy or a successor policy.
5. Cookies and similar technologies
We use only a small set of first-party cookies and similar technologies that are strictly necessary to operate the Services. We do not use them to build advertising profiles or to track you across other websites, so no cookie banner or consent prompt is required.
- Session cookie. A first-party cookie (named connect.sid) keeps you logged in during a session and lasts approximately seven days. It is strictly necessary for authentication.
- Checkout cookie. A secure, first-party cookie holds a token representing your in-progress checkout and lasts approximately two hours. It is strictly necessary to complete a payment.
- Network-edge cookies. Our network provider, Cloudflare, may set edge cookies used for purposes such as bot management and security.
- Browser storage. We use your browser's sessionStorage to hold your in-progress shopping cart on an event page. This stays in your browser and is not a cookie.
We do not use advertising or cross-site tracking cookies. We do not sell or share personal information for advertising. We do not respond to Do-Not-Track signals, and we do not track users across third-party websites.
6. Payment security
Payments are processed by Stripe. When you pay, your card details are entered into fields hosted by Stripe and sent directly to Stripe; GreekFunder does not receive or store your full card number. We keep only a record of the transaction, such as the amount, the date, and what it was for. Stripe processes your payment information under its own terms and privacy policy. Because a Chapter receives its funds through Stripe, the sensitive banking and identity information a Chapter provides to get paid is collected and held by Stripe, not by GreekFunder.
7. Content-safety scanning
To help keep prohibited content off the Services, certain uploaded photos โ such as photo-contest submissions and profile photos โ may be scanned by automated content-safety tools. When scanning runs, it happens in two stages. The first stage runs on our own servers using an automated model that classifies an image; no third party is involved at this stage. If an image is flagged, a second-stage review is performed by Google Cloud Vision, which returns a content-safety assessment. Only flagged images are sent to Google Cloud Vision.
This scanning looks only for unsafe content, such as nudity or other material prohibited by our Acceptable Use Policy. It is not facial recognition. We do not use it to identify people, and we do not create or store faceprints or other biometric identifiers from your photos. Automated scanning is a safety tool: we do not promise to screen, review, or monitor any Content, and scanning is not a guarantee that any particular content is safe, accurate, or appropriate.
8. Data retention and deletion
We keep personal information for as long as needed to provide the Services and to meet our legal, tax, accounting, and fraud-prevention obligations. When you ask us to delete your account, we do not simply erase everything, because we are required to keep certain payment records. Instead:
- Account deletion redacts your identifying information. We replace your name with a placeholder, remove your email address and profile photo, and delete your photo-contest images.
- Payment records are retained in redacted form. Records of payments are kept in a redacted form for approximately seven years to meet tax, accounting, and fraud- and chargeback-related obligations. This applies to guest Donors' payment records on the same basis.
- Acceptance records are retained. Records showing which version of an agreement was accepted, and when, are kept on the same basis. On request, we can redact identifying details from these records while keeping the fact that the agreement was accepted.
- Contact applications are retained as business records and are deleted on request.
- Officer acceptance records for Chapter agreements are retained as business records.
- Photo-contest images. Submissions that are rejected or withdrawn may be retained but are not shown publicly. If the account of a person who uploaded contest images is deleted, those contest images are deleted.
9. Data security and breach notification
We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption of data in transit and at rest and access controls that limit who can reach it. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
If a security incident affects your personal information, we will notify affected users and the appropriate authorities as required by applicable law, without unreasonable delay.
10. Children
The Services are intended for adults. You must be at least 18 years old to create an account or make a payment. The Services are not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If we learn that we have collected personal information from a child under 13, we will delete it. If you believe a child under 13 has provided us personal information, please contact us at [email protected].
11. Your choices and rights
You can review, correct, or update your account information by signing in to your account. To request access to, correction of, or deletion of your personal information, email us at [email protected]. When you request deletion, we will redact your identifying information as described in Section 8, while retaining the redacted payment and record-keeping information the law requires us to keep.
GreekFunder is not currently subject to the California Consumer Privacy Act or the other comprehensive state privacy laws, based on our size and data practices. Even so, we honor reasonable requests to access, correct, or delete personal information as described above.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make a material change, we will provide notice by email or through a notice on the Services before the change takes effect and, where required, we will ask you to accept the updated policy before you continue to use the Services for transactions. Non-material changes take effect when we post them with an updated effective date. The current effective date always appears at the top of this page. Continuing to browse the Services after a non-material change means you accept the updated policy; simply continuing to browse is not, by itself, acceptance of a material change.
13. Contact us
If you have questions or requests about this Privacy Policy or your personal information, email us at [email protected]. For copyright and DMCA matters, use the contact in our Copyright / DMCA Policy or email [email protected].