Privacy Policy

Information We Collect

We collect information you provide directly, information collected automatically when you use our Services, and information from third parties.

Information You Provide Directly

We collect information you voluntarily provide when using our Services:

• Account Information: When you create an account, we collect your name, email address, password, and optionally your phone number. Phone numbers are optional and will only be shared with organizations if you explicitly consent;
• Donor Information: When making donations, we collect your legal name, mailing address, occupation, and employer information (required by federal campaign finance law), donation amounts, and donation history. IMPORTANT: Federal law requires donations over $200 to be reported to the FEC and become publicly searchable records including your name, address, occupation, employer, and donation amount on FEC.gov;
• Organization Information: For organizations, we collect organization name, EIN or FEC ID, authorized representative information, bank account details for disbursements, and campaign descriptions;
• Payment Information: Payment card details and bank account information are collected and stored by our payment processor, Stripe. We only receive and store the last four digits of your payment method and transaction identifiers;
• Communications: When you contact us for support or feedback, we collect your name, email, and the content of your communications;
• Consent Preferences: We track your consent status for communications from organizations you donate to.

Information Collected Automatically

When you use our Services, we automatically collect certain information:

• Device and Browser Information: We collect information about your device type, operating system, browser type and version, screen resolution, and language preferences;
• Usage Information: We collect information about your interactions with our Services, including pages viewed, features used, donation forms accessed, and timestamps of activities;
• IP Address and Location: We collect your IP address and derive approximate geographic location (city/state level) to comply with laws prohibiting foreign contributions and for security purposes;
• Cookies and Similar Technologies: We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. See our Cookie Policy section for more details;
• Log Data: Our servers automatically record information including IP address, browser type, referring/exit pages, and date/time stamps.

Information From Third Parties

We may receive information about you from third parties:

• Payment Processors: Stripe provides us with transaction confirmation data, payment status updates, and limited payment method details (last four digits only);
• Organizations: If you are already a supporter of an organization that joins our platform, they may provide your contact information to facilitate your account creation, subject to applicable laws;
• Publicly Available Sources: We may access publicly available FEC records to verify contribution limit compliance;
• Service Providers: Our infrastructure and security providers may share threat intelligence data to protect the platform.

Payment Information

• The Dore does not itself store your credit card or bank account information;
• All payment information is processed and stored securely by Stripe, Inc. Stripe is an industry leader in secure financial transactions and data privacy. Use of payment services is subject to Stripe's Terms of Service: https://stripe.com/legal.

Service Providers

We work with trusted third-party service providers to operate our platform:

• Cloud infrastructure and hosting services for platform operations;
• Email delivery services for transactional communications;
• Payment processing services (Stripe) as detailed above;
• These providers are contractually required to protect your information and use it only for providing services to us.

How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision and Operations: To create and manage your account; process donations and facilitate payments; provide customer support; send transactional communications (receipts, confirmations, security alerts);
• Legal and Regulatory Compliance: To comply with federal campaign finance laws and FEC reporting requirements; verify contribution eligibility and enforce contribution limits; prevent foreign nationals from making contributions; generate reports required by law for campaigns and organizations; maintain records as required by federal and state law;
• Security and Fraud Prevention: To detect, prevent, and investigate fraudulent transactions or unauthorized access; verify user identity and authenticate accounts; monitor for suspicious activity patterns; enforce our Terms of Service and other policies;
• Communications: To send you important notices about your account, donations, or changes to our policies; relay consent preferences to organizations you support; respond to your inquiries and support requests;
• Platform Improvement: To understand how users interact with our Services; identify and fix technical issues; develop new features and improve existing ones; conduct internal analytics and research;
• Legal Protection: To establish, exercise, or defend legal claims; protect the rights, property, and safety of PREAMBL LLC, our users, and the public; respond to legal process, law enforcement requests, and other legal obligations.

How We Share Your Information

We share your information in the following circumstances:

• With Recipient Organizations (Required by Law): When you make a donation, we share your name, address, occupation, employer, donation amount, and date with the recipient campaign or organization as required by federal campaign finance law. Email addresses are also shared with recipient organizations as part of the donation transaction for receipt and compliance purposes, regardless of marketing consent status. Organizations use this information to file mandatory reports with the FEC and comply with contribution limits;
• With the Federal Election Commission: Campaigns and organizations report donor information to the FEC, which becomes part of the public record for donations over $200. We may also directly report information to the FEC when required by law or regulation;
• With State Election Authorities: Where required by state campaign finance laws, donor information may be shared with state election commissions or similar regulatory bodies for donations to state-level campaigns or committees;
• With Service Providers: We share information with third-party service providers who are contractually obligated to protect your information and use it only for providing services to us, including: Stripe for payment processing; AWS for hosting and infrastructure; email service providers for transactional communications; security and fraud prevention services;
• For Legal Compliance: We may disclose information when required by law, subpoena, court order, or government request; to comply with campaign finance laws and regulations; to cooperate with law enforcement or regulatory investigations; to enforce our Terms of Service or protect our rights;
• In Business Transfers: If PREAMBL LLC is involved in a merger, acquisition, asset sale, or bankruptcy, user information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy;
• With Your Consent: We may share your phone number and email marketing preferences with organizations only when you explicitly consent. We may share additional information for purposes not described in this policy only with your explicit permission;
• Aggregated and Anonymized Data: We may share aggregated or anonymized information that cannot reasonably identify you for research, marketing, or other business purposes;
• Deceased Users: In the event of a user's death, we may share account information with authorized estate representatives or as required by law, while maintaining donation records for compliance purposes.

IMPORTANT: We NEVER sell, rent, or trade your personal information to third parties for their marketing purposes. We do not share donor lists between organizations without explicit donor consent.

FEC Compliance - Sale and Use Restrictions

In accordance with 52 U.S.C. §30111(a)(4) and 11 CFR 104.15:

• Donor information will never be sold or used for commercial purposes;
• We will not use donor information to solicit contributions for other campaigns without explicit consent;
• Violation of these restrictions may be reported to the FEC.

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Technical Safeguards: We use industry-standard encryption (TLS/SSL) for data in transit and encryption at rest for sensitive stored data; implement secure authentication and session management; maintain secure APIs and application security controls; employ firewalls and intrusion detection systems; conduct regular security updates and patch management;
• Organizational Safeguards: We restrict access to personal information to authorized employees and contractors who need it to perform their duties; require confidentiality agreements from all personnel with data access; provide security and privacy training to our team; conduct background checks on employees handling sensitive data;
• Third-Party Security: Our payment processor, Stripe, maintains PCI DSS compliance and handles all payment card data; AWS provides enterprise-grade infrastructure security for our hosting; all service providers are contractually required to maintain appropriate security measures;
• Security Assessments: We conduct periodic security reviews and vulnerability assessments; we engage in security best practices reviews as our platform evolves; we monitor for emerging threats and adjust our security measures accordingly;
• Incident Response: We maintain an incident response plan for potential security events; we will notify affected users of data breaches within the timeframe required by applicable law; breach notifications will include the nature of the incident, data affected, and steps we are taking to address it; notification may be delayed if law enforcement determines that notification would impede a criminal investigation;
• Limitations: While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information. PREAMBL LLC is not liable for security breaches caused by third-party service providers, provided we have used commercially reasonable care in their selection.

Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations:

• Donor Records: Donation information is retained for a minimum of five (5) years to comply with FEC recordkeeping requirements (52 U.S.C. §30102). Some states may require longer retention periods for state-level donations;
• Organization Records: Organization account data is retained for seven (7) years after account closure to comply with tax reporting obligations and potential audit requirements;
• Financial Records: Transaction records, invoices, and payment information are retained for seven (7) years for tax and accounting purposes;
• Account Information: Active account information is retained for the duration of your account. Inactive accounts may be deleted after three (3) years of inactivity, except for legally required records;
• Communications: Support communications and correspondence are typically retained for three (3) years unless relevant to an ongoing legal matter;
• Security Logs: System logs and security-related data are retained for ninety (90) days for security analysis and compliance purposes;
• Deletion Requests: You may request deletion of personal information we are not legally required to maintain. We will respond to deletion requests within 30 days, explaining what can be deleted and what must be retained for legal compliance;
• Backup Retention: Deleted data may persist in backup systems for up to 90 days before permanent removal, except for legally required records;
• Legal Changes and Holds: If laws change requiring longer retention periods, we will update our retention practices accordingly and notify you through updates to this Privacy Policy. We may also retain data beyond stated periods when subject to litigation holds or preservation obligations.

Your Privacy Rights and Choices

You have certain rights and choices regarding your personal information:

• Access Rights: You have the right to request access to the personal information we hold about you, including: (a) categories of information collected; (b) sources of information; (c) purposes for collection and use; (d) categories of third parties with whom we share information; (e) specific pieces of personal information we have collected;
• Correction Rights: You may request that we correct inaccurate or incomplete personal information. For donor information already reported to the FEC, we will assist you in understanding the FEC amendment process, though amendments must be filed by the recipient organization;
• Deletion Rights: You may request deletion of your personal information, subject to exceptions. We cannot delete: (a) information required for FEC compliance (5+ years); (b) information needed to complete pending transactions; (c) information required for legal obligations; (d) information needed to detect security incidents or protect against illegal activity;
• Portability Rights: You may request a copy of your personal information in a structured, commonly used, and machine-readable format. This includes your donation history for tax purposes;
• Communication Preferences: You can manage your communication preferences through your account settings, including: (a) opting out of marketing emails from us (transactional emails cannot be opted out of); (b) managing consent for communications from individual organizations; (c) updating phone number sharing preferences;
• Cookie Choices: You can manage cookie preferences through your browser settings. Note that disabling cookies may affect site functionality;
• Do Not Track: Our Services do not respond to Do Not Track signals as we only use essential cookies for functionality, not tracking;
• Account Closure: You may close your account at any time, though we will retain certain information as required by law;
• No Group Requests: Organizations cannot make privacy requests on behalf of their donors. Each individual must make their own privacy request.

State-Specific Privacy Rights

Residents of certain states have additional privacy rights under state law:

• California Residents (CCPA/CPRA): You have the right to: (a) know what personal information we collect, use, disclose, and sell; (b) delete personal information (with exceptions); (c) opt-out of the sale or sharing of personal information (we do not sell information); (d) correct inaccurate information; (e) limit use of sensitive personal information (we consider political donation history as sensitive information and use it only for legally required purposes); (f) non-discrimination for exercising privacy rights. You may designate an authorized agent to make requests on your behalf;
• Virginia Residents (VCDPA): You have the right to: (a) access personal data; (b) correct inaccuracies; (c) delete personal data; (d) obtain a portable copy of your data; (e) opt-out of targeted advertising (not applicable as we do not engage in targeted advertising); (f) opt-out of sale (not applicable); (g) opt-out of profiling for decisions with legal effects (not applicable - we do not engage in automated decision-making that produces legal or similarly significant effects); (h) appeal our decisions regarding your privacy requests;
• Colorado Residents (CPA): Similar rights to Virginia residents, including the right to opt-out of targeted advertising, sale of personal data, and profiling for decisions that produce legal or similarly significant effects (none of which apply to our Services);
• Connecticut Residents (CTDPA): Rights similar to Virginia and Colorado, including access, correction, deletion, portability, and opt-out rights for targeted advertising and sale of personal data (neither applicable to our Services);
• Utah Residents (UCPA): You have the right to: (a) access personal data; (b) delete personal data; (c) obtain a portable copy; (d) opt-out of sale of personal data and targeted advertising (neither applicable to our Services);
• Nevada Residents: Nevada residents may opt-out of the sale of covered information. We do not sell covered information as defined under Nevada law;
• Other States: As additional states pass privacy laws, we will extend appropriate rights to residents of those states.

To exercise these rights, you may: (1) submit a request through the privacy request form in your account settings, or (2) email us at contact@preambl.us. We verify your identity through your account credentials and may ask you to confirm recent donation history details to ensure security. We will respond within the timeframe required by applicable law (typically 30-45 days). If we deny your request, you have the right to appeal our decision by responding to our denial email with additional information.

Cookies and Similar Technologies

We use cookies and similar technologies to operate our Services:

• Essential Cookies: We use strictly necessary cookies to: (a) maintain your session and authentication state; (b) remember your preferences during a session; (c) ensure platform security and prevent fraud; (d) enable core functionality of the Services. These cookies are essential and cannot be disabled without losing access to the Services;
• No Tracking or Advertising Cookies: We do not use cookies for: (a) behavioral advertising or retargeting; (b) cross-site tracking; (c) building user profiles for marketing; (d) sharing data with advertising networks;
• Local Storage: We may use browser local storage to improve performance and user experience, such as temporarily storing form data to prevent loss during donation processes;
• Server Logs: Our servers automatically log technical information including IP addresses, browser types, and access times for security and operational purposes;
• Managing Cookies: You can manage cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling cookies will prevent you from using our Services as authentication depends on cookies. For more information, visit your browser's help pages.

International Data Transfers

While The Dore operates exclusively in the United States and only serves U.S. users:

• Data Location: All data is primarily stored and processed in the United States, specifically in AWS data centers located in the U.S.;
• Service Providers: Some of our service providers may process data outside the United States. We ensure these providers maintain appropriate safeguards for your information;
• Legal Basis: Any international data transfers are conducted under appropriate legal mechanisms, such as Standard Contractual Clauses or adequacy determinations;
• No Foreign Access: We do not provide access to our Services from outside the United States, and we block foreign IP addresses to comply with laws prohibiting foreign political contributions.

Children's Privacy

The Dore is not intended for minors:

• Age Requirement: Our Services are only available to individuals who are 18 years of age or older. Federal law prohibits political contributions from individuals under 18;
• No Knowing Collection: We do not knowingly collect, use, or disclose personal information from individuals under 18 years of age;
• Parental Notice: If we discover that we have inadvertently collected information from someone under 18, we will promptly delete such information and terminate the associated account;
• Parental Requests: Parents or guardians who believe we may have collected information from their child should contact us immediately at contact@preambl.us.

Third-Party Links and Services

Our Services may contain links to third-party websites and services:

• External Links: We may link to campaign websites, FEC resources, or other relevant third-party sites. We are not responsible for the privacy practices of these external sites;
• Social Media: If we provide social media sharing features, these are governed by the respective platform's privacy policy;
• Payment Processing: While Stripe handles payment processing, you interact with Stripe's services directly during payment, which is governed by Stripe's privacy policy;
• Your Responsibility: We encourage you to review the privacy policies of any third-party services you interact with through our platform.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time:

• Notification of Changes: We may update this Privacy Policy at any time. Changes are effective immediately upon posting. We will notify you of material changes by displaying a prominent notice on our platform when you next log in. We may also, at our discretion, provide notice via email for particularly significant changes;
• Review Responsibility: We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information;
• Acceptance of Changes: Your continued use of the Services after changes to this Privacy Policy constitutes acceptance of the revised policy;
• Historical Versions: Upon request, we can provide previous versions of this Privacy Policy for your reference.

Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you need this policy in an alternative format, please contact us at contact@preambl.us.

Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

For privacy rights requests (access, deletion, correction), please use the methods described in the "Your Privacy Rights and Choices" section above. We aim to respond to general privacy inquiries within 5 business days.

PREAMBL LLC - Privacy Inquiries

Email: contact@preambl.us