Mindful Give

Privacy Policy

Effective Date: February 25, 2026 · Version 1.0

This document is currently available in English only. Translated versions are forthcoming.

1. Introduction

Mindful Give Inc. ("Mindful Give", "we", "us", "our") is committed to protecting the privacy of all users of our donation platform. This Privacy Policy explains how we collect, use, disclose, and protect personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

This policy applies to all users of the Mindful Give platform, including Donors, Organization administrators, and visitors.

2. Definitions

  • Personal Information — Information about an identifiable individual, as defined by PIPEDA.
  • Donor — Any individual who makes a donation through the Platform.
  • Organization — A registered Canadian charity using the Platform.
  • Platform — The Mindful Give website, applications, and services.

3. Information We Collect

3.1 From Donors

  • Full legal name
  • Email address
  • Mailing address (required for CRA tax receipts)
  • Phone number (optional)
  • Payment method type — card brand and last four digits only (we never store full card numbers, CVVs, or expiry dates)
  • Donation amounts, dates, and frequency
  • Communication preferences

3.2 From Organizations

  • Legal name, operating name, and CRA registration number
  • Contact information (address, phone, email)
  • Banking details for disbursements
  • Names and contact information of authorized signatories
  • Onboarding data (category, designation, programs)

3.3 Collected Automatically

  • IP address and approximate location
  • Browser type and version
  • Device information (operating system, screen size)
  • Pages visited, time on page, and referral source
  • Cookies and similar tracking technologies (see Section 10)

3.4 From Third Parties

  • CRA charity registration data via the Charity Verify API (public registry information)
  • Payment confirmation data from Stripe and Moneris (tokenized, no full card data)

4. How We Collect Information

We collect personal information:

  • Directly from you — when you create an account, make a donation, or contact us.
  • From payment processors — Stripe and Moneris provide tokenized transaction data.
  • From the Charity Verify API — we retrieve publicly available CRA charity data during Organization onboarding.
  • Automatically — through cookies, server logs, and analytics tools when you use the Platform.

5. Purpose of Collection

We collect and use personal information for the following purposes:

  • Donation processing — to process your donations and distribute funds to Organizations.
  • CRA tax receipts — to generate and deliver official donation receipts as required by law.
  • Communications — to send donation confirmations, receipts, recurring donation notifications, and account updates.
  • Platform improvement — to analyze usage patterns and improve our services.
  • Fraud prevention — to detect and prevent fraudulent transactions.
  • Legal compliance — to meet CRA, FINTRAC, PIPEDA, and other regulatory requirements.
  • Customer support — to respond to your inquiries and resolve issues.

6. Consent

6.1 Implied Consent

By using the Platform, you provide implied consent for us to collect and process personal information necessary for donation processing, receipt generation, and essential communications.

6.2 Express Consent

We obtain express consent before sending marketing or engagement communications. You may provide or withdraw marketing consent at any time through your account settings or by contacting us.

6.3 Withdrawal of Consent

You may withdraw consent for non-essential processing at any time by contacting privacy@mindfulgive.com. Withdrawal may limit certain features of the Platform. Note that we cannot withdraw consent for processing required by law (e.g., CRA record-keeping).

7. Data Sharing and Disclosure

We share personal information only as follows:

7.1 With Organizations

When you donate to an Organization, we share your name, donation amount, date, and contact information with that Organization so they can acknowledge your gift and communicate with you about their programs.

7.2 Payment Processors

Stripe and Moneris process payment transactions on our behalf. They receive only the information necessary to process your payment. Their use of your data is governed by their own privacy policies.

7.3 Service Providers

We use Postmark (email delivery), Twilio (SMS), Supabase (database and authentication), Sentry (error monitoring), and Vercel (hosting). These providers process data on our behalf under contractual obligations to protect your information.

7.4 Legal Requirements

We may disclose personal information when required by law, court order, or government request, including to the Canada Revenue Agency, FINTRAC, or law enforcement.

7.5 No Sale of Data

We never sell personal information to third parties. We do not share donor data for advertising or marketing purposes with any third party.

8. Data Retention

  • CRA records — Donation and receipt records are retained for a minimum of seven (7) years as required by the Income Tax Act.
  • Organization data — Retained for the duration of the service relationship plus ninety (90) days for data export after termination.
  • Donor accounts — Retained until deletion is requested (subject to CRA retention requirements).
  • Analytics data — Retained for twenty-four (24) months.
  • Server logs — Retained for ninety (90) days.

9. Data Security

We protect personal information through:

  • Tokenization — We never store full credit card numbers, CVVs, or expiry dates. All card data is tokenized by Moneris or Stripe at the point of entry.
  • Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS.
  • Encryption at rest — Database contents are encrypted at rest.
  • Access controls — Access to personal information is restricted to authorized personnel on a need-to-know basis.
  • Regular security reviews — We conduct regular reviews of our security practices and infrastructure.

10. Cookies and Analytics

10.1 Essential Cookies

We use essential cookies for authentication, session management, and security. These cookies are necessary for the Platform to function and cannot be disabled.

10.2 Analytics

We use analytics tools to understand how users interact with the Platform. Analytics data is aggregated and anonymized where possible.

10.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent certain features from functioning.

11. Your Rights Under PIPEDA

You have the right to:

  • Access your personal information held by Mindful Give.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your personal information, subject to legal retention requirements (e.g., seven-year CRA records).
  • Withdraw consent for non-essential processing.
  • File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

To exercise any of these rights, contact us at privacy@mindfulgive.com. We will respond within thirty (30) days.

12. Breach Notification

In the event of a data breach that creates a real risk of significant harm to individuals, Mindful Give will:

  • Notify affected individuals as soon as feasible.
  • Notify the Privacy Commissioner of Canada.
  • Notify affected Organizations within seventy-two (72) hours of confirming the breach.
  • Take immediate steps to contain the breach and mitigate harm.

13. Children

The Platform is not directed at persons under eighteen (18) years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.

14. International Data Transfers

Personal information is primarily stored in Canada (Supabase, hosted in Canadian regions where available). Some processing occurs through US-based service providers including Vercel (hosting), Sentry (error monitoring), and Stripe (payments). These providers are bound by contractual obligations to protect your data in accordance with Canadian privacy standards.

15. Third-Party Services

We integrate with the following third-party services, each with their own privacy policies:

  • Stripe — Payment processing
  • Moneris — Payment processing
  • Postmark — Email delivery
  • Twilio — SMS delivery
  • Supabase — Database and authentication
  • Sentry — Error monitoring and diagnostics
  • Vercel — Application hosting
  • QuickBooks Online — Accounting and reconciliation

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email and post the updated policy on the Platform at least thirty (30) days before changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

17. Privacy Officer

Mindful Give has designated a Privacy Officer responsible for overseeing compliance with this policy and PIPEDA. You may contact our Privacy Officer at:

Privacy Officer
Mindful Give Inc.
Email: privacy@mindfulgive.com

18. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:

Mindful Give Inc.
Email: privacy@mindfulgive.com
Support: support@mindfulgive.com
Website: mindfulgive.com