Privacy notice

• Account details: name, email, password (hashed; we never see the plaintext).
• Identity verification data via Stripe Connect Express. Stripe stores legal name, date of birth, last-4 SSN where required, address, and identity document scans. Fund500 sees only the verification status, not the raw documents.
• Campaign content: story, beneficiary first name, photos / videos uploaded by the organizer, intended use of funds, category-specific disclosures.
• Payout banking information via Stripe Connect. Fund500 never stores bank account numbers or card data.

• Donor name (or Anonymous), email for receipt, optional message to organizer.
• Card / payment details handled by Stripe Checkout. Fund500 never sees full card numbers.
• IP address and user agent for fraud detection.

Donors are not required to create an account. Email is required only to send the receipt and to enable refund self-service.

• Beneficiary medical records.
• Beneficiary's full birth certificate.
• School grades or academic records.
• Plaintext passwords.
• Card numbers, CVV, or full bank routing details.

• To run the donation flow, route funds to organizers, and send receipts.
• To verify organizer identity via Stripe and detect fraud.
• To send transactional emails: receipts, refund confirmations, organizer payout notifications.
• To improve Fund500 (aggregated, non-identifying analytics).

We do not sell donor or organizer data. We share data only with service providers required to operate the platform (Stripe for payments, our email provider for receipts, our hosting provider, our error-monitoring provider) and only as needed for the specific service. We share data when required by law.

• You can request a copy of your account data by emailing trust@fund500 (placeholder pending launch).
• You can request deletion of your account and associated content. Active campaigns may have legal-hold restrictions until disputes are resolved.
• You can opt out of marketing emails at any time. Transactional emails (receipts, payout notifications) are required for the service.

We use a session cookie (fund500_session) to keep you logged in. We do not run third-party advertising trackers. Analytics is privacy-respecting and does not identify individual users.