Learn how we collect, use, and protect your personal information while using the Kindly platform.
We never sell your personal data to third parties
End-to-end encryption for sensitive information
Full control over your personal data
Effective Date: January 1, 2025
Kindly is committed to protecting your privacy and handling your personal information in a transparent and secure manner. This Privacy Policy explains what information we collect, how we use and share it, and your rights and choices regarding your information. This Policy applies to all users of the Kindly platform and related services. By using Kindly, you agree to the collection, use, and disclosure of information in accordance with this Privacy Policy, and you acknowledge that your information will be processed in the United States (our primary place of business) and possibly other jurisdictions as needed to provide the Service.
We collect several categories of information from and about users of the Service, including both information that can identify you ("Personal Data") and data that does not identify you on its own (such as usage data that is not tied to a named individual). The types of information we collect include:
Account and Contact Information: When you register or use our Service, we collect information such as your name, email address, telephone number, job title/role, the name of your nonprofit organization, and similar contact details provided by you. We may also collect profile information like your username, profile photo, or preferences if you choose to provide them. You may be required to create a password, which we will store in an encrypted form.
Authentication and Login Data: We collect the credentials you use to log in (such as your username and hashed password). For organizations using Single Sign-On (SSO), we may collect an authorization token or identifier from your identity provider to facilitate login.
Communications and Content: Any content that you input, upload, or create within the Service will be collected and stored on our systems. This includes, for example, emails or messages sent through Kindly's communication tools, posts or announcements, documents and files uploaded to shared storage, contact records and CRM entries (such as donor or volunteer information that you enter), form submissions, and any other data you actively submit while using the platform. Support communications are also collected – if you contact us for support or feedback, we will receive the information you provide (such as your contact details and a description of the issue) and any attachments you send.
Usage Data: We automatically collect certain technical information about how you use the Service. This may include data such as your IP address, device type, browser type and version, operating system, pages or screens you view, features you use, the dates/times of your visits, and other telemetry about interactions with the Service (for example, clicks, scrolling, and navigation actions). We may also record metadata related to your use, like the size of files you upload or the duration of sessions. This usage data helps us understand how the Service is performing and is used for improving the Service and troubleshooting issues.
Cookies and Similar Technologies: When you use Kindly, we (or third parties authorized by us) may use cookies and similar tracking technologies (described in more detail below under "Cookies and Tracking") to collect information about your browsing activities on our Service over time. This information may include unique identifiers, preferences, and usage statistics. For instance, cookies help recognize you when you return to the site and can track your actions within the Service.
Transactional and Payment Information: If you process payments or donations through the Service (e.g., accepting online donations via our platform's integration with Stripe or similar payment gateways), we will collect information about those transactions. This can include the name of the donor or payor, the date and amount of the transaction, and the payment method. Note: Credit card numbers or financial account details are not stored on Kindly's servers; such sensitive payment information is handled by our third-party payment processor. We only store tokens or references necessary to record the transaction and link it to your organization's account (as provided by the payment processor).
Device and Network Information: We may collect information about the device and network you use to access the Service. This can include device identifiers, mobile network info, and if you consent through your device settings, possibly location information (e.g., city-level location derived from your IP address).
Third-Party Data: If you choose to integrate or connect third-party services with Kindly, we may receive certain information from those third parties. For example, if you connect your Google Calendar, we might receive calendar event data; or if you import contacts from another CRM, we will collect the contact details that you import. We treat any such third-party-sourced data in line with this Privacy Policy, assuming you have the right to provide it.
We limit our collection of Personal Data to what is relevant for providing and improving our Service, and we collect Personal Data by fair and lawful means, in accordance with your consent or other legal bases as described below. You have choices about the data you provide (for example, information that is optional in your profile), but note that certain features may not function if you do not provide required information.
We use the information we collect for various purposes in order to operate, enhance, and secure our Service, as well as to communicate with you. The primary purposes for which we process your Personal Data include:
Providing and Maintaining the Service: We use collected information to provide you with access to the Service's features and to allow the platform to function as intended. This includes using your information to create and manage your account, authenticate you when you log in, and operate the core functionalities such as sending communications, storing files, managing your CRM data, processing transactions, and generally running the platform on your behalf. For example, we'll use your email to deliver messages or notifications that you send through the Service, and use data you enter to populate your nonprofit's website or communications if you use those features.
Improving and Customizing the Service: We analyze usage data and user feedback to understand how our Service is used and to make improvements. This can include using your information to troubleshoot technical issues, to develop new features or tools, and to make the user experience more intuitive. We may also use data (like your role or activities) to customize your experience, such as displaying relevant content or recommendations for features that might be useful to you.
Customer Support and Communications: We use your contact information and support issue details to provide customer service. For example, if you submit a support ticket or email us, we will use your name and email to communicate with you, and use the information you provided to resolve your issue. We may also send you important administrative communications relating to the Service, such as account alerts, password reset emails, billing notices, or updates on security or privacy matters. These are considered part of the Service and you may not opt out of such administrative messages.
Processing Transactions: If your organization uses Kindly to collect donations, membership dues, or other payments, we use the relevant Personal Data to facilitate those transactions. For example, we use payment information and contact info to process a donor's contribution and provide them with a receipt. We keep records of transactions (amount, date, payer name, etc.) for accounting and for your reference, and to enable refunds or dispute resolution if necessary.
Communicating with You (Marketing and Newsletters): If you have opted in to receive marketing communications, we will use your contact information (e.g., email address) to send you newsletters, product updates, event invitations, or other information we think may be of interest to you. These communications will be sent in accordance with applicable law, and you can opt out of marketing emails at any time by using the unsubscribe link in the email or contacting us. (Note: opting out of marketing messages will not affect receipt of essential service-related communications.)
Ensuring Security and Preventing Misuse: We may use data (particularly usage and device data) to monitor for and prevent fraudulent, unauthorized, or illegal activity on the Service. This includes detecting attacks, abuse, or violations of our Terms of Use. For instance, we might analyze log-in attempts to detect suspicious logins, or use automated tools to flag unusual usage patterns that could indicate misuse. We also use data to debug and fix errors to maintain the Service's integrity and performance.
Compliance with Legal Obligations: We process Personal Data as necessary to meet our legal obligations, such as maintaining proper business records, complying with lawful requests by government authorities (where such requests pass a balancing test for user privacy), or fulfilling obligations under financial, tax, or data protection laws. For example, transaction records may be retained to comply with IRS or accounting requirements, and we may be required by law to retain information related to opt-outs or consents.
Aggregated Analytics and Service Improvement (including AI features): We may combine and anonymize data from many users to generate aggregated statistics or insights (for example, average donation amounts, or feature usage trends). These aggregated analyses help us understand how the Service is performing and where improvements can be made, and do not identify any individual user. We also use machine learning and AI techniques on anonymized or aggregated data to improve our Service's functionality. For instance, if Kindly offers AI-driven suggestions or automation (such as recommending optimal times to send emails or suggesting content for newsletters), our algorithms may be trained on historical usage patterns and data across our user base. Any such use of personal data for improving AI features would be in anonymized form or as permitted by law and, where required, by obtaining user consent.
Other Purposes with Consent: If we intend to use your information for any purpose that is materially different from the purposes listed in this Privacy Policy, we will obtain your consent where required by law. For example, with your consent, we might post user testimonials that include your name or share certain information with a partner organization – but in such cases we would explicitly ask for your permission.
We rely on various legal bases to process your information, including: your consent (where applicable), the necessity to perform a contract (to provide you the Service per our Terms), and our legitimate interests (such as improving the Service, and securing it), and compliance with legal obligations.
We understand that your Personal Data is important, and we are not in the business of selling it to third parties. We do not sell personal data to third parties for their own commercial use. However, we do share certain information with third parties in the following circumstances, in order to operate our business and provide the Service:
Service Providers (Processors): We employ or contract with trusted third-party companies and individuals to perform services on our behalf – for example, cloud hosting providers (to host our application and databases), data storage services, email service providers (to send out notifications or newsletters), SMS gateways (to send text messages if your organization uses that feature), payment processors (to handle credit card or bank transactions), and analytics companies (to help us analyze usage of our Service). These third-party service providers are bound by contractual obligations to keep Personal Data confidential and to use it only for the purposes of providing their services to us. They act as our "processors" and we only share the minimum information necessary for them to perform their functions. For example, if we use a cloud infrastructure provider, your data is stored on their servers, but they do not access it except as needed to ensure our Service runs properly; or if we use an email delivery service, we share your email address and message content only as needed to send communications to you.
Third-Party Integrations at Your Request: When you choose to connect third-party applications to Kindly (such as enabling the Zoom integration for video calls, or syncing with Google Calendar), you are directing us to share certain data with that third party to enable the integration. In these cases, we will share data only as needed to fulfill your request. For example, if you schedule a meeting through Kindly's Zoom integration, we send Zoom the meeting details (like date, time, participants' email addresses) so that Zoom can create the meeting. Or if you connect an email marketing integration, we might send your contact list to that service upon your instruction. Please note: Any data transmitted to a third-party integration is governed by that third party's privacy policy, not Kindly's. We encourage you to review the privacy practices of any third-party services you connect to the platform. We are not responsible for how third-party services use the data you provide to them via our Service.
Affiliated Entities: If Kindly is part of a group of related companies (for example, if we in the future have subsidiaries, a parent company, or undergo a corporate reorganization), we may share information with our corporate affiliates for purposes consistent with this Policy. For instance, a parent company or subsidiary might assist in data processing or storage, or in customer support. Any affiliated entity that gets access to your information will honor the same privacy commitments made in this Policy.
Business Transfers: In the event that Kindly is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your information may be transferred to the successor or acquiring entity as part of that transaction. We will ensure that any such entity is aware of the obligations of this Privacy Policy and we will make reasonable efforts to require that your personal data remains subject to equivalent protections. If a change in ownership occurs and it results in a new materially different use of your personal data, we will notify you (for example, by email or a notice on the Service) about the change.
Legal Compliance and Protection: We may disclose your information when we believe in good faith that such disclosure is necessary to comply with a legal obligation or lawful request, such as to respond to subpoenas, court orders, or legal process. We may also disclose personal information if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved. Additionally, we may disclose information to enforce our rights or contracts (including our Terms of Use) or to collect any debts owed to us, or to protect the rights, property, or safety of Kindly, our employees, our users, or others.
With Your Consent: We will share your personal data in other ways not covered above only with your explicit consent. For example, if you instruct us to share data with a third party that is not integrated with our Service, or if we contact you and you expressly agree to additional sharing (e.g., featuring your success story with your name and testimonial on our website), we will share data in accordance with that consent. You have the right to withdraw such consent at any time, but this will not affect any sharing that has already occurred.
Aggregated or De-Identified Data: We may share information that has been aggregated and/or anonymized, so it is no longer reasonably associated with an identifiable individual. This type of data is not considered Personal Data and may be used by us for various purposes (such as publishing trend reports or statistics about nonprofit sector usage of our Service) or shared with partners, researchers, or the public. For example, we might share that "total donations processed across all Kindly nonprofits in 2024 was $X million," or usage metrics like "average logins per user per week," which do not contain any personally identifying information.
Kindly does not sell your personal information to third parties for monetary consideration or for their independent commercial use. Any sharing we do is primarily to serve you (service providers, integrations) or to meet legal and operational needs as described. Where required by law (for example, certain jurisdictions' privacy laws), we will enter into data processing agreements with service providers to ensure they handle personal data in compliance with applicable standards.
Like most online services, Kindly uses cookies and similar tracking technologies to provide and improve our Service. Cookies are small text files placed on your device that help us remember your preferences and understand how you interact with our site. When you visit or use the Kindly web application, we (and authorized third parties) may set the following types of cookies:
Necessary Cookies: These are essential for the operation of the Service. For example, we use authentication cookies to keep you logged in as you navigate between pages. Without these cookies, certain features (like secure login or remembering items in a cart/form) would not work.
Preference Cookies: These cookies allow the Service to remember information you have provided or choices you have made (such as your language preference or time zone) to provide a more personalized experience.
Analytics Cookies: We use analytics tools (for instance, Google Analytics) to collect information about how users use our Service. Google Analytics may set cookies or similar identifiers to collect information such as page views, the pages you visited, how long you spent on the site, and how you interacted with various parts of the Service. Importantly, Google Analytics does not identify individual users or provide us with personally identifying information. We use the insights from analytics cookies to understand usage patterns, measure the effectiveness of new features, and improve the Service's performance and user experience.
Functionality and Performance Cookies: These help us gather information about the performance of our site and detect problems. For example, we might use cookies to log errors or to test different versions of features to see which performs better (A/B testing).
Third-Party Cookies: If we embed content or integrate with services from third parties, those third parties may set cookies. For instance, if a user watches an embedded YouTube video on our site or interacts with a social media sharing button, those third-party services may set their own cookies. Kindly's direct use of third-party cookies is limited; primarily, third-party cookies on our Service would come from our analytics or integration partners as described. We do not allow third-party advertisers to set cookies on our Service for behavioral advertising.
Your Choices for Cookies: When you use Kindly, you have the option to control or limit cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. Please note that if you disable cookies entirely, the Service may not function properly – for example, you might not be able to log in or use certain interactive features.
We support user choice regarding cookies for non-essential purposes. On our public-facing website, we may display a cookie consent banner (depending on legal requirements in your region) to inform you of our cookie practices and allow you to opt out of certain analytics cookies. Even if you opt out of analytics, we will likely still set necessary cookies for site functionality.
Do Not Track: Some browsers offer a "Do Not Track" (DNT) setting that allows you to signal your privacy preference regarding tracking across websites. At this time, there is no industry-standard consensus on how to interpret DNT signals, and our Service does not currently respond to "Do Not Track" browser headers or signals. We will update this section if our practices change in the future. Regardless, we only use cookies and tracking as described above, and mainly to improve your experience and our service performance.
For more detailed information on our use of cookies (including specific names of cookies, duration, and purpose), please refer to our Cookie Notice [if we have a separate detailed notice] or contact us with any questions.
Security Measures: Kindly employs a variety of technical and organizational measures to protect the security and integrity of your personal data against unauthorized access, alteration, disclosure, or destruction. We follow industry best practices for data security. Some of the key measures we take include:
Encryption: Data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols. This means that any personal data you send us (like in forms or API calls) is encrypted in transit. We also encrypt sensitive data at rest in our databases whenever feasible (for example, passwords are stored using one-way hashing and cannot be recovered by us; other sensitive fields may be encrypted on disk).
Access Controls: We limit access to personal data strictly to personnel and service providers who need that access to operate and develop the Service. Access to production systems and databases is restricted to authorized personnel, and we employ authentication safeguards such as strong passwords and multi-factor authentication for administrative access.
Network and System Security: Our servers are protected by firewalls and network security monitoring. We keep our software and infrastructure up to date with security patches. Regular security scans and vulnerability assessments are conducted, and we use intrusion detection systems to alert us of suspicious activities. We also segregate environments (e.g., testing vs. production) to minimize risk.
Organizational Policies: Our team members are trained on data privacy and security practices. We have internal policies in place to handle data securely, including protocols for incident response. Only employees with a business need are granted access to user data, and they are bound by confidentiality obligations.
Data Backups: We perform periodic backups of our databases and test our backup restoration procedures. Backups are encrypted and stored securely. This helps protect data integrity and availability in case of hardware failures or other issues.
Monitoring: We monitor our systems for possible vulnerabilities and attacks. This includes maintaining audit logs of system access and employing automated security tools that alert us to potential unauthorized access attempts or anomalies in system behavior.
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. You should also do your part – protect your account credentials and avoid sharing them, use a strong unique password, and notify us immediately if you suspect any unauthorized access to your account.
Incident Response: In the event of a data breach or security incident, we have a response plan in place. We will act promptly to contain the issue, mitigate harm, and investigate the incident. If a data breach occurs that affects your personal data, we will notify you and relevant regulatory authorities as required by law, and provide guidance on steps you may need to take to protect yourself.
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. The exact duration we keep your data depends on the type of information and the purposes of processing. For example:
Account Information is kept for as long as you have an active account with us. If you delete your account, we will remove or anonymize your personal information within a reasonable time after account deletion, except as noted below for legal requirements or backup retention.
Customer Data and Content that you store on the Service is retained so long as you are an active user of the Service. If you cease using the Service or your subscription ends, we typically provide an opportunity for you to retrieve your data. We may retain archived copies of your data for a brief period (e.g., 30-60 days) after you stop using the Service, in case you reactivate your account or need to recover information (this is also often due to how backups operate).
Transaction Records (e.g., donations, payments) may be retained for longer periods as required for financial reporting and audits, or by applicable law (for example, records of donations might be kept for several years for tax purposes).
Communications with Customer Support might be retained for a period of time after resolution to help us in future if you have additional requests and to improve our support services.
Legal Compliance: We might retain certain data to comply with laws (e.g., records of consents, opt-outs, or other preferences; information needed to comply with a subpoena or legal order). We will also retain information as necessary to resolve disputes, enforce our agreements, or protect our legal rights.
When we no longer have a legitimate need or legal obligation to retain your personal data, we will either delete it or anonymize it (so it can no longer be associated with you). For example, we may aggregate or anonymize usage data for analytical purposes, which we may use indefinitely without further notice to you.
Please note that even after you delete your account or we purge personal data, residual copies may remain in our backup systems for a certain period until those backups rotate out of cycle. We also may retain some information in our files (for example, your email address or transaction history) if we believe it may be necessary to prevent fraud or future abuse, or for legitimate business purposes such as analysis of aggregated, non-personal data.
Access, Correction, Deletion: You may have certain legal rights with respect to your personal data, depending on the laws applicable to you (for example, residents of the European Economic Area, United Kingdom, California, and other jurisdictions have specific rights). These rights may include:
Right to Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it. This enables you to receive a copy of the data we have about you.
Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct it. You can also update some of your own information by logging into your account (for example, updating your profile info).
Right to Erasure: You have the right to request deletion of your personal data under certain conditions (often called the "right to be forgotten"). We will honor such requests to the extent required by applicable law. For example, if you no longer want to use our Service, you can request that we delete your account and personal data. Note that we may need to retain certain information for legal reasons or legitimate business purposes – if so, we will inform you.
Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain situations – for instance, if you contest the accuracy of the data, or if you object to us processing it on the basis of our legitimate interests, we will consider whether we must limit processing pending verification of your claim.
Right to Data Portability: In some cases, you have the right to request to receive your personal data in a structured, commonly used, and machine-readable format, and to have that information transmitted to another service provider (where technically feasible).
Right to Object: You have the right to object to certain types of processing, such as processing for direct marketing or in some cases where we process based on legitimate interests. If you object to direct marketing, we will stop sending you marketing communications.
Right to Withdraw Consent: If you have given us consent to process your personal data, you have the right to withdraw that consent at any time. For example, if you consented to receive marketing emails, you can opt out later. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, you (or an authorized agent acting on your behalf) can contact us using the contact information provided at the end of this Privacy Policy. We may need to verify your identity (for example, by asking you to confirm your email or other details) before fulfilling your request. We will respond to your request within the timeframe required by law (generally within 30 days, with the possibility of extension if the request is complex – we will inform you if an extension is needed).
Please note: These rights are subject to certain exemptions and limitations. For example, we cannot provide access to information we do not have or delete data that we are legally required to keep. If we decline a request for any reason, we will inform you of the reason, subject to legal restrictions. Also, some of the above rights (like data portability or objecting to processing) may not apply to you if the law of your jurisdiction does not provide for them in the context of our Service.
Marketing Communications: If you no longer wish to receive our newsletter or other marketing emails, you can opt out at any time by clicking the "unsubscribe" link included in those emails or by adjusting your account settings if that feature is available. Note that even if you opt out of marketing, we may still send you transactional and administrative emails about the Service (e.g., billing statements, password resets, important updates about the Service's availability or security).
Do Not Call or Text: If we send SMS messages or make calls for service-related purposes (for example, multi-factor authentication codes or urgent service announcements), those are not marketing communications. We currently do not engage in telephone marketing. If that ever changes, we will provide a clear way to opt out of marketing calls or texts and comply with applicable telemarketing laws.
Cookies Choices: As discussed in the Cookies section, you can control cookies through browser settings and other tools. If you want to opt-out of Google Analytics, Google provides a browser add-on for opting out (Google Analytics Opt-out Browser Add-on). For other third-party tools, see their specific opt-out mechanisms if available. However, blocking cookies may impair functionality of our Service.
Non-Discrimination: If you choose to exercise any of your privacy rights, we will not treat you differently. For example, if you exercise your right to delete data, we will not deny you access to our Service or provide you a lower quality service (except that we cannot provide certain features without your data).
If you have any questions about your rights or how to exercise them, you can always reach out to us at the contact information below and we will do our best to assist you.
Kindly is based in the United States and our Service is primarily designed for U.S. organizations. If you are using the Service from outside the U.S., please be aware that your personal data will be transferred to and processed in the United States or other jurisdictions where we or our service providers operate. Data protection laws in these jurisdictions may be different from those in your country of residence. We will take appropriate measures to ensure that your personal data remains protected in accordance with this Privacy Policy and applicable law. For example, if you are in the European Economic Area (EEA) or UK, and we transfer your personal data outside of that area, we will do so under EU/UK-approved transfer mechanisms (such as Standard Contractual Clauses) or other appropriate safeguards.
By using Kindly or providing us with information, you consent to the transfer of your personal data to the U.S. and other jurisdictions as described above. Non-U.S. users should understand that by using the Service, they are doing so at their own risk regarding any differences in data protection regimes (see the Terms of Use section on non-U.S. usage at your own risk).
The Kindly Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13 (or under the age of 16 in certain jurisdictions where 16 is the age of consent for data processing), please do not use Kindly or provide any personal data to us. If we learn that we have inadvertently collected personal information from a child under the applicable age without proper consent, we will promptly delete that data from our records.
Organizations using Kindly may include youth-focused nonprofits or educational institutions; however, our Terms of Use require that any official account holder be an adult or have the appropriate parental consent. If you are a parent or guardian and you believe your child under the age of 13 has provided personal information to us, please contact us immediately so that we can investigate and take necessary action.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we update the policy, we will revise the "Effective Date" at the top. For significant changes, we will take additional steps to notify you of the changes – for example, by posting a notice on our website or within the Service, or by sending an email notification to the primary address associated with your account. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information.
Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree to the changes, you should stop using the Service and deactivate your account.
If you have any questions, concerns, or requests regarding this Privacy Policy, you can contact Kindly at:
We will do our best to respond promptly and address your inquiry. Your trust is important to us, and we welcome any feedback you have about our policies or practices.
