Privacy Policy

Last updated: June 10, 2026

The short version: We're Startabout LLC, the company behind Kindly — the all-in-one platform for nonprofit teams. We collect the data we need to run the product, and nothing more. We do not sell your personal information or share it for ad targeting. We do not use your content to train AI models. This page explains, in plain English, what we collect, why, and the choices you have.

This policy covers everyone who uses Kindly or visits bekindly.app (together, the "Service"). Kindly is a product of Startabout LLC, and when we say "we," "us," or "our," we mean Startabout LLC.

If anything here is unclear, email us at support@bekindly.app. We're happy to explain.

What We Collect

We collect two kinds of information: what you give us directly, and what we collect automatically when you use the Service.

What you give us directly

Account details — your name, email address, and password when you sign up.
Profile and organization info — things like your nonprofit's name, your role, and the team members, volunteers, donors, or members you add.
Content — the data, files, text, contact records, and other material you create, upload, or store in the Service.
Support and communications — messages you send us, including support tickets and survey responses.
Payment info — your billing name, address, and the last four digits of your card. Our payment processor, Stripe, handles the full card number directly and securely; we never see or store it.

What we collect automatically

Usage data — which features you use, pages you view, and actions you take, so we can understand how the Service is used and improve it.
Device and log data — your IP address, browser type, operating system, and timestamps.
Cookies and similar technologies — see Cookies and Tracking below. Our website analytics are privacy-first and cookieless.

What we get from third parties

If you sign in with Google or connect another account, that provider sends us basic account information like your name and email.

We do not knowingly collect biometric, health, or genetic data, and we do not knowingly collect personal information from children (see Children's Privacy).

Business Customer Data

If you use the Service as part of a nonprofit or other organization, your organization is in charge of the personal information in its workspace, and we handle that information on its behalf and under its instructions. For those accounts, a separate Data Processing Addendum (DPA) governs how we handle workspace Content, and it controls if anything in it conflicts with this policy. To request a DPA, email support@bekindly.app. When an organization closes its account, we delete its Content as described in Data Retention.

How We Use Your Information

We use your information only for clear reasons:

To provide the Service — so you can log in, use features, and access your content.
To process payments — to bill you and manage your subscription, and to process donations and other transactions you collect through the Service.
To support you — to respond to your questions and fix problems.
To improve the Service — to understand how features are used and make them better.
To keep things secure — to detect, prevent, and respond to fraud, abuse, and security issues.
To communicate with you — to send service updates, security notices, and (if you've opted in) product news. You can opt out of marketing messages at any time.
To meet legal obligations — to comply with applicable laws and enforce our terms.

We do not use your information to make automated decisions that produce legal or similarly significant effects about you.

How We Share Your Information

We share information only in these situations:

Service providers. We work with trusted companies (sometimes called subprocessors) that help us run the Service — for example, cloud hosting and storage, payment processing, email and SMS delivery, video conferencing, and analytics. They may only use your data to perform work for us. Our current subprocessors include Stripe (payments), Resend (email delivery), Zoom (video conferencing), Google (sign-in and calendar sync), DigitalOcean (cloud hosting and file storage), QuickBooks (optional accounting sync), Cloudflare (spam and abuse protection), and Fathom (cookieless website analytics). A current list is available on request at support@bekindly.app.
Legal requests. We may disclose information if required by law, subpoena, or valid legal process. When we can, we will notify you first and will push back on requests that are overly broad or improper.
Business transfers. If we're involved in a merger, acquisition, or sale of assets, your information may transfer as part of that deal. We'll notify you if that changes who controls your data.
With your direction. When you ask us to share data — for example, through an integration you connect.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising (tracking you across other sites to target ads). This is true everywhere in this policy, so we won't repeat it in each section below.

AI and Model Training

We do not use your content to train AI or machine-learning models — ours or any third party's. Your data is yours.

Cookies and Tracking

We use cookies and similar technologies to keep you logged in and remember your preferences. We do not use advertising cookies, and we do not allow third-party advertisers to track you on the Service.

Our website analytics are provided by Fathom Analytics, which is privacy-first and cookieless — it does not use cookies, does not collect personal information, and does not track you across other websites.

You can control cookies through your browser settings. Blocking some cookies may affect how the Service works.

Do Not Track: Because there is no common standard for Do Not Track signals, we currently do not respond to them.
Global Privacy Control (GPC): We honor recognized opt-out preference signals, including Global Privacy Control. When we detect a valid signal from your browser, we treat it as a request to opt out of any sale or sharing of your personal information for that browser or device.

Data Security

We protect your information with safeguards including encryption in transit (TLS) and at rest, access controls, and regular security reviews. Passwords are never stored in plaintext — they are hashed using bcrypt.

That said, no method of transmitting or storing data is 100% secure. We work hard to protect your information, but we can't guarantee absolute security. If we learn of a security breach that affects you, we'll notify you without undue delay and as required by law.

For more detail on how we protect your data, see our Security page.

Data Retention

We keep your personal information only as long as we need it for the purposes in this policy:

Account data — for as long as your account is active.
After you delete your account — we delete or strip out anything that identifies you within 30 days, except where we need to keep certain records to meet legal, tax, or accounting obligations (for example, donation and payment records).
Backups — residual copies may remain in backups for up to 60 days before they are overwritten.
Logs — server and usage logs are purged after 90 days.

Your Privacy Rights and Choices

No matter where you live in the US, you can:

Access the personal information we hold about you.
Correct information that's wrong or out of date.
Delete your account and personal information.
Export your data in a portable format.
Opt out of marketing emails.

To exercise any of these, email us at support@bekindly.app or use the controls in your account settings — these are the two ways to submit a request. We may need to verify your identity before acting. We'll respond within the time required by law (generally 45 days for US privacy requests).

We will not deny you service, charge you a different price, or give you a lower-quality experience for exercising your privacy rights.

If we deny your request, you can appeal by replying to our decision or emailing support@bekindly.app with "Appeal" in the subject line. We'll review and respond in writing within the time your state's law allows.

US State Privacy Rights

Several US states — including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana — give residents privacy rights. We extend the core rights above (access, correct, delete, export, opt out) to all our US users, so most of what these laws require is already covered. The appeal process above is also available to residents of any state whose law provides one. This section adds the state-specific details.

What we collect, why, where it comes from, and how long we keep it

In the past 12 months, we may have collected these categories of personal information. We collect them from you directly, from your device when you use the Service, and from sign-in providers you connect. We disclose each category to our service providers (such as cloud hosting, payment processing, and analytics) for the business purposes in How We Use Your Information.

Category	Examples	Why we collect it	How long we keep it
Identifiers	Name, email, IP address	To provide and secure the Service	See Data Retention
Customer records	Billing name and address	To process payments	While your account is active, plus any legally required period
Commercial information	Subscription and purchase history	To manage your account	While your account is active, plus any legally required period
Internet activity	Usage and log data	To run and improve the Service	Logs purged after 90 days
Content you provide	Files and data you upload	To deliver the Service	While your account is active

Your state rights

Depending on your state, you may have the right to:

Know or access the personal information we've collected, used, and disclosed.
Correct inaccurate personal information.
Delete your personal information.
Export your data in a portable format.
Opt out of the sale or sharing of your personal information.
Limit the use of sensitive personal information.
Appeal a denied request, as described above.

Sensitive personal information

We collect only the sensitive personal information needed to run the Service (such as account login credentials). We do not use or disclose it beyond the purposes permitted by law, and we do not use it to infer characteristics about you or for advertising.

How to exercise your rights

Use either method described under Your Privacy Rights and Choices. We honor Global Privacy Control signals as described under Cookies and Tracking.

Authorized agents. You may designate an authorized agent to make a request on your behalf. We may ask the agent for proof that you've given them permission, and we may ask you to verify your own identity directly.

International Users

Kindly is based in the United States and the Service is designed for US-based organizations. If you use the Service from outside the US, your personal information will be transferred to and processed in the United States, where data protection laws may differ from those where you live. By using the Service, you understand that your information will be processed in the US.

Children's Privacy

The Service is not directed to children, and you must be at least 13 years old to use it. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, email support@bekindly.app and we'll delete it.

Changes to This Policy

We may update this policy from time to time. When we make material changes, we'll update the "Last updated" date at the top and, where appropriate, notify you by email or through the Service. We'll give you advance notice of significant changes when we can, so you have a chance to review them.

Contact Us

Questions about your privacy or this policy? Get in touch and we'll get back to you.

Startabout LLC (maker of Kindly) Email: support@bekindly.app

This policy is governed by the laws of the State of Delaware, United States.