Donor Camp
Privacy Policy

Privacy that matches fundraising-intent work

This Privacy Policy explains how Donor Camp handles information across our website, app, tracking pixel, collector APIs, integrations, enrichment workflows, and support channels.

Effective May 14, 2026

Overview

Donor Camp provides fundraising-intent software for campaigns, PACs, nonprofits, agencies, consultants, and other fundraising teams. The Service helps customers collect event signals, normalize donor activity, score leads, run Camps, manage suppression settings, and use enrichment features where enabled.

Donor Camp is a business tool. Customers are responsible for giving their supporters, donors, website visitors, and prospects appropriate privacy notices and honoring any legal obligations that apply to their own fundraising, political, nonprofit, marketing, and outreach activities.

This policy is designed to be clear about categories of information, sources, purposes, sharing, retention, and rights. It does not replace legal advice, campaign-finance advice, or the privacy policy each Donor Camp customer may need for its own organization.

Our role

Customer workspace data
Customers decide what donor, lead, visitor, webhook, CSV, and workflow data they put into Donor Camp and how they use it. For that data, Donor Camp generally acts as a service provider or processor and handles it according to the customer's instructions, our agreements, and applicable law.
Donor Camp account data
Donor Camp controls account, website, security, billing, product analytics, and support information that we collect to operate and improve the Service.
Supporter requests
If you are a donor, supporter, or visitor whose information was submitted by one of our customers, please contact that organization first. We can help customers respond to valid requests when the data is in Donor Camp.

Information we collect

Account and workspace information
Name, email address, organization name, workspace role, authentication details, preferences, settings, and support communications.
Customer content
Leads, profiles, CSV imports, webhook payloads, tags, source labels, notes, workflow configuration, alert history, suppression rules, and customer-provided identifiers such as email, phone, external IDs, hashed identifiers, employer, occupation, location, and donation-platform metadata.
Pixel and event data
Workspace ID, pixel ID, visitor ID, session ID, event type, form URL or slug, page title, referrer, refcode, refcode2, UTM fields, timestamps, conversion and return-visit events, IP address, user agent, coarse location, and related metadata.
Enrichment information
Company, professional, contact, confidence, source, and match metadata from Donor Camp Enrichment or customer-enabled enrichment vendors. Person enrichment should be used only with customer-authorized inputs and appropriate disclosure.
Usage, device, and security data
Log data, browser and device details, IP address, product events, error reports, audit records, integration-delivery records, and security signals used to protect the Service.
Billing information
If paid plans or paid add-ons are enabled, billing contact, plan, invoice, payment status, and transaction metadata may be processed by Donor Camp and our payment providers. We do not intentionally store full payment card numbers.

Donor Camp is not intended to collect Social Security numbers, government IDs, financial account credentials, health data, biometric identifiers, children's data, or other high-risk sensitive data. Customers should not upload that information unless a written agreement with Donor Camp expressly allows it.

How we use information

  • Provide, secure, monitor, troubleshoot, and improve the website, app, pixel, collector APIs, integrations, enrichment workflows, scoring, alerts, and Camps.
  • Authenticate users, manage workspaces, administer roles, enforce settings, and provide customer support.
  • Collect, validate, normalize, store, and display fundraising-intent signals, visitor sessions, refcodes, UTMs, conversions, alerts, leads, run history, and audit logs.
  • Run Donor Camp Enrichment only where enabled, eligible, and consistent with customer settings, disclosures, suppression choices, and applicable agreements.
  • Honor suppression, do-not-contact, do-not-enrich, deletion, export, and privacy-request workflows where available.
  • Detect abuse, debug delivery issues, prevent unauthorized access, enforce our Terms, and comply with law.
  • Send administrative, security, product, support, billing, and service-related communications.
Donor Camp does not automatically initiate calls, texts, or emails to donors based solely on pixel activity, enrichment, or intent scores. Customers remain responsible for outreach consent, disclosure, suppression, and compliance decisions.

How we share information

  • With service providers and subprocessors that help us host, store, secure, authenticate, route, enrich, monitor, support, bill, and operate Donor Camp.
  • With integrations a customer configures, such as inbound webhooks, outbound webhooks, Zapier, donation-platform workflows, CSV imports, or other customer-directed destinations.
  • With enrichment providers when the customer enables or requests enrichment and the data is eligible for that workflow.
  • With a customer workspace, administrators, and invited users according to their roles and permissions.
  • When required for legal, security, compliance, audit, dispute, fraud-prevention, or rights-protection purposes.
  • In connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality and continuity protections.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information of people under 16.

Retention

We keep information only as long as reasonably necessary for the purposes described in this policy, to provide the Service, to follow customer instructions, to honor suppression choices, to meet legal or accounting obligations, to resolve disputes, and to maintain security and audit records.

Account records
Kept while the account is active and for a reasonable period after closure for administration, legal, tax, security, and audit purposes.
Workspace content
Kept while the workspace is active, until the customer deletes it, or until a retention setting or written agreement requires deletion.
Pixel, signal, and log data
Kept according to workspace settings, product requirements, and security needs, then deleted, aggregated, or de-identified where practical.
Suppression records
Kept as long as needed to honor do-not-contact, do-not-enrich, opt-out, and similar preferences, unless applicable law requires a different outcome.
Backups
May persist for a limited period after deletion until overwritten or retired through normal backup cycles.

Choices and rights

  • Customers can update workspace settings, delete or export supported records, configure suppression rules, disable enrichment features, and control which users can access a workspace.
  • Account users can update certain profile details, adjust product preferences, and request account deletion or export through support.
  • Supporters and donors can ask the relevant Donor Camp customer to access, correct, delete, suppress, or restrict use of information that customer controls.
  • Where required by law, eligible individuals may request access, deletion, correction, portability, opt-out of sale or sharing, limitation of sensitive-information use, and non-discriminatory treatment for exercising privacy rights.
  • Browser visitors can block or delete cookies and local storage, though some authentication, theme, session, and pixel features may not work without them.

To submit a request to Donor Camp, email privacy@donorcamp.com. We may need to verify your identity and determine whether Donor Camp or one of our customers controls the relevant information.

Security, children, and transfers

  • We use administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, and alteration.
  • No online service can guarantee perfect security. Customers should use strong access controls, limit exports, and avoid uploading unnecessary or sensitive data.
  • Donor Camp is not directed to children under 13 and should not be used to collect children's personal information.
  • Donor Camp operates primarily in the United States. If information is accessed from outside the United States, it may be transferred to and processed in the United States and other locations where our providers operate.
  • We may update this policy from time to time. Material changes will be posted on this page and, where appropriate, communicated through the Service.

Contact

Questions about this Privacy Policy or Donor Camp's privacy practices can be sent to privacy@donorcamp.com.

For service terms, see the Donor Camp Terms of Service.