Privacy Policy

1. What we collect

Account information. When your organization registers, we collect the organization name, your name, your email address, and a password (stored as a bcrypt hash — we never store your plaintext password).

Financial data. If you connect a bank account via Plaid, we store a per-item access token (AES-256-GCM encrypted) so we can fetch balance and transaction data on your behalf. We store aggregated balances, monthly burn rates, and runway snapshots in our database. We do not store raw transaction details beyond what is needed to calculate your runway figure.

Donation platform data. If you connect Givebutter, Donorbox, or a similar platform, we retrieve recurring donation totals to include in runway calculations. We do not store donor names, payment instruments, or personal donor information.

Usage data. We log authentication events (login timestamps, IP addresses, user-agent strings) for security purposes. We log audit events — such as integration changes and admin actions — to maintain an audit trail for your organization. This data is never sold or used for advertising.

Consent records. When you create an account, we record that you accepted our Terms of Service, including the timestamp, IP address, and the version of the terms you accepted. If you opt into product update emails, we record that separately.

2. How we use your information

We use the data we collect exclusively to:

• Calculate and display your organization's financial runway
• Authenticate you and protect your account from unauthorized access
• Send transactional emails you request (invitations, password resets)
• Send product update emails, only if you opted in at registration
• Detect and prevent fraud and abuse on the platform
• Comply with legal obligations and respond to lawful requests

We do not build advertising profiles. We do not use your financial data for any purpose other than computing the runway metrics you requested.

3. What we do not do

• ✓We do not sell your data to any third party, ever.
• ✓We do not share your data with data brokers or advertising networks.
• ✓We do not use your financial data to train machine learning models without explicit consent.
• ✓We do not store donor personal information — only aggregated totals.
• ✓We do not send marketing emails without your opt-in consent.
• ✓We do not share your organization's financial data with other organizations on the platform.
• ✓We do not store plaintext passwords — only bcrypt hashes.
• ✓We do not store Plaid access tokens in plaintext — they are AES-256-GCM encrypted at rest.

4. Third-party integrations

Plaid. We use Plaid to connect to bank accounts. When you link a bank account, you interact directly with Plaid's secure Link interface. Plaid is bound by its own privacy policy and its agreements with financial institutions. We store only the encrypted access token Plaid issues; we do not store your bank login credentials.

Mercury, Givebutter, Donorbox, Stripe, PayPal. If you connect these services, we store only the API keys or credentials you provide, encrypted at rest with AES-256-GCM. We use these credentials solely to retrieve data for your runway dashboard. We do not share your credentials or retrieved data with any other party.

Infrastructure. Nonprofit Runway runs on Render (hosting) and uses a managed PostgreSQL database. Both providers are bound by their own privacy policies and data processing agreements. Data is stored in the United States.

Email delivery. Transactional emails (invitations, password resets) are delivered via a third-party email provider. Email delivery metadata (delivery status, open timestamps) may be retained by that provider per their own policies.

5. Data security

We protect your data using industry-standard practices:

• All data in transit is encrypted via TLS 1.2+
• Passwords are hashed with bcrypt (cost factor 12)
• Bank credentials and API keys are encrypted with AES-256-GCM
• Authentication uses short-lived JWT tokens with 30-day expiry
• Access to admin functions is restricted by role-based access control
• Failed login attempts trigger progressive account lockout after 10 failures
• All admin actions are recorded in an immutable audit log

For a detailed description of our security practices, see our Security page.

To report a security vulnerability, email security@nonprofitrunway.com. We aim to respond to all security reports within 24 hours.

6. Data retention and deletion

We retain your organization's data for as long as your account is active. If you delete your organization, we immediately soft-delete all user accounts and begin a 30-day deletion window during which financial data and integration credentials are purged from our database.

Audit logs and consent records are retained for 7 years to comply with financial record-keeping requirements applicable to nonprofit organizations.

To request deletion of your organization's data, email privacy@nonprofitrunway.com with the subject line "Data Deletion Request" and your organization slug. We will confirm receipt within 5 business days and complete deletion within 30 days.

7. Your rights

Depending on your location, you may have the following rights regarding your personal data:

• Access. You may request a copy of the personal data we hold about you.
• Correction. You may update your name and email address from within the application at any time.
• Deletion. You may request deletion of your account and associated personal data.
• Portability. You may request an export of your organization's runway history data in JSON or CSV format.
• Opt-out. You may opt out of product update emails at any time by clicking "Unsubscribe" in any email or by contacting us.
• Restriction. You may request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, contact us at privacy@nonprofitrunway.com. We will respond within 30 days. We do not charge a fee for exercising these rights unless a request is manifestly unfounded or excessive.

If you are located in the European Economic Area, United Kingdom, or California, you have additional rights under GDPR, UK GDPR, or CCPA respectively. If you believe we have not honored your rights, you have the right to lodge a complaint with your local supervisory authority.

8. Cookies and tracking

Nonprofit Runway uses a single authentication cookie (token) to keep you signed in. This cookie is:

• HttpOnly — not accessible to JavaScript
• Secure — only sent over HTTPS in production
• SameSite=Lax — provides CSRF protection
• Set to expire after 30 days

We do not use advertising cookies, cross-site tracking pixels, or analytics SDKs that report to third parties. We do not use Google Analytics or any equivalent service.

9. Children's privacy

Nonprofit Runway is a financial management platform intended for use by nonprofit organizations and their staff. It is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has registered, please contact us at privacy@nonprofitrunway.com and we will promptly delete the account.

10. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the version date at the top of this page and, where feasible, notify account administrators by email at least 14 days before the changes take effect.

Your continued use of Nonprofit Runway after the effective date of a revised policy constitutes acceptance of the revised policy. If you do not agree to the revised policy, you may delete your account before the effective date.

11. Contact us

For privacy questions, data requests, or to report a concern:

• Privacy: privacy@nonprofitrunway.com
• Security: security@nonprofitrunway.com

We aim to respond to all privacy inquiries within 5 business days.