Donor Bridge

Privacy Policy

Last updated July 15, 2026

Donor Bridge ("Donor Bridge," "we," "us") provides donor‑management software to nonprofit organizations. This Privacy Policy explains how we handle personal information in connection with our service.

Two roles: controller and processor

We handle two kinds of data differently:

  • Your organization's account data (the people who administer an account): here we act as a data controller.
  • Donor data your organization enters or imports (names, contact details, giving history, notes): your organization is the controller and Donor Bridge is a processor that handles this data on your instructions to provide the service. Donors should direct requests about their information to the organization they support.

Information we collect

  • Account information — name, email, organization, and role. Passwords are stored only as salted hashes by our authentication provider; we never see them.
  • Donor and giving data — the donor records, contact details, gifts, pledges, and notes that your organization inputs or imports.
  • Payment information — when paid plans are enabled, card details are handled directly by our payment processor; Donor Bridge does not store full card numbers.
  • Usage and technical data — log data, device/browser information, and essential cookies needed to keep you signed in and secure the service.

How we use information

  • Operate, maintain, and secure the service.
  • Send transactional messages you or your donors expect (e.g., gift receipts, pledge confirmations).
  • Provide support and respond to requests.
  • Detect, prevent, and address security incidents and abuse.
  • Improve the service. We do not sell personal information or use donor data for advertising.

Service providers (subprocessors)

We share data only with vendors that help us run the service, under contracts that require appropriate protection:

  • Supabase — database and authentication hosting.
  • Vercel — application hosting.
  • Twilio SendGrid — transactional email delivery.
  • Intuit QuickBooks — only if your organization connects it, to sync financial data you choose to export.
  • Stripe — payment processing for paid plans (when enabled).
  • Cloudflare — domain, DNS, and email routing.

We may update this list as our infrastructure evolves; material changes will be reflected on this page with an updated date.

How we protect data

  • Encryption in transit (HTTPS/TLS).
  • Database row‑level security that isolates each organization's data from every other tenant.
  • A step‑up password re‑prompt before donor personal information is displayed.
  • Role‑based access controls within each organization.

Data retention

We retain data while your account is active and as needed to provide the service. On account termination, we make your data available for export for a limited period and then delete or de‑identify it, except where retention is required by law.

Your rights

Depending on your location, you may have rights to access, correct, export, or delete personal information. Organization administrators can contact us at privacy@donor-bridge.org. Donors should contact the nonprofit that holds their record, which controls that data.

International processing

Your data is processed primarily in the United States, where our hosting and infrastructure providers operate.

Children

The service is intended for organizations and is not directed to children. We do not knowingly collect personal information directly from children.

Changes to this policy

We may update this policy from time to time. Material changes will be posted here with an updated date, and where appropriate we will notify account administrators.

Contact

Questions about this policy: privacy@donor-bridge.org. Donor Bridge is operated by Donor Bridge, Burke, Virginia, USA. Governing law: the Commonwealth of Virginia.

Privacy PolicyTerms of ServicePricing