We Respect the Right to Privacy

Last revised: March 15, 2022

Welcome to Givio!

Givio Inc. and Givio Charitable Foundation have partnered to provide products and services that enable givers to make donations to charitable organizations, manage giving accounts, and use other related services. In order to avoid confusion for givers and customers, Givio Inc. and Givio Charitable Foundation (together for this Privacy Policy, “Givio”) have collaborated to produce a singular Privacy Policy that promotes respect for your right to privacy. It is our intention to allow givers to manage their data and control how that data is distributed outside of Givio products and services. This Privacy Policy explains how we fulfill this intention and help protect your privacy. Thank you for choosing Givio.

This Privacy Policy (“Privacy Policy”) is incorporated into the terms and conditions in the Terms of Use agreement. It covers all Givio websites (including www.Giv.io and www.giviocharitable.org), apps, products and services provided by Givio (collectively, the “Services”). Your use of any of the Services constitutes your acceptance of this Privacy Policy and the Terms of Use. If you do not accept any aspect of this Privacy Policy or the Terms of Use, you should not use the Services.

Givio has created this Privacy Policy to demonstrate our commitment to privacy for Authorized Users, Customers, Charitable Organizations, Partner/Resellers, and visitors. “Customers” and “Charitable Organizations” are organizations that contract for Givio Services, including but not limited to the creation and management of charitable giving programs and the disbursement of donations generated from those programs. “Authorized Users” are users who register to use the Services either through a personal account, or through or on behalf of a Customer, Charitable Organization or Partner/Reseller. (Authorized Users may be referred to in this Agreement as “members”, “givers”, “donors”, “users” or “you”.) “Partner/Resellers” are parties who have arrangements with Givio to provide or resell certain Services to other Customers, Authorized Users, or Charitable Organizations. Visitors are individuals who view the apps or websites that are part of the Services.

This Privacy Policy describes our information-gathering and dissemination practices.

BY CLICKING “I AGREE”, YOU ACKNOWLEDGE THAT YOU HAVE READ, ACCEPTED, AND AGREED TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO ALL THE TERMS OF THIS PRIVACY POLICY, YOU ARE NOT AUTHORIZED TO ACCESS THE SITE OR SERVICES AND NEITHER YOU SHALL NOT BE ABLE TO USE OR RECEIVE THE BENEFIT OF THE SITE OR SERVICES. YOU FURTHER AFFIRM YOUR CONSENT WHEN YOU SUBMIT CONTENT TO GIVIO THROUGH USE OF THE GIVIO SERVICES OR WHEN YOU BECOME A MEMBER OF GIVIO.

In certain circumstances, Customers, Charitable Organizations, Resellers/Partners, and Authorized Users of Givio may obtain the Givio Services by means of a Service Order Form with Givio or, in the case of Authorized Users, through a Customer or Charitable Organization authorized by Givio. In such cases, the terms of this Agreement shall become part of the Service Order Form, subject to any modifications to this Agreement as may occur from time to time by Givio in its sole discretion. Any discrepancies between this Agreement and a Client’s Service Order Form shall be governed by the Service Order Form. Clients and partners of Givio are responsible for notifying their donors regarding these Terms of Use and Privacy Policy documents.

Contacting Givio

Questions regarding this Privacy Policy or our Terms of Use should be e-mailed to support@Giv.io.

Legal questions should be directed to:

Legal Department

1900 Campus Commons Drive

Suite 100

Reston, VA 20191

Changes to this Privacy Policy

Givio reserves the right to revise or update this Privacy Policy at any time, and you agree to be bound by those revisions or updates. Givio will notify you of any changes to the Privacy Policy by posting the revised or updated Privacy Policy and its “Last revised” date on the Sites. Your use of the Services thereafter constitutes your agreement to and acceptance of the Privacy Policy and its revisions or updates. You should periodically read the Privacy Policy to learn of any revisions or updates. In the event we materially change the way in which we use your Personal Information, we will provide you with at least 30 days’ notice and ask you to affirmatively accept the changes to a new Privacy Policy.

This Privacy Policy is not intended to and does not create any contractual or other legal right in or on behalf of any person. The information you provide to Givio when you become a member is also governed by the terms and conditions of your membership. In the event of a conflict between this Privacy Policy and any term(s) of your membership, the terms of your membership will govern.

Contact and Electronic Communications

By providing your information through the use of Givio Services, including registering to become a member, you agree that we can communicate with you electronically regarding any legal, regulatory, technical, security, privacy, administrative or consumer notification obligation relating to your use of the Sites or regarding your membership. We may use your email address to confirm your request, to send you notice of payments, to send you information about changes to our products and services, and to send notices and other disclosures as described above or as required by law. Generally, users cannot opt-out of these communications, but they will be primarily informational in nature rather than promotional. If you have any specific questions about this Privacy Policy, please contact: support@Giv.io.

Information We Collect About You

We collect two types of information from you when you visit our website(s) or use our products and other Services: (1) “personally identifiable information” (“PII”) (as defined below) and (2) non-personally identifiable information (“NPII”) (as defined below).

PII for the purposes of this Privacy Policy is information that identifies you personally, such as your name, address, telephone number, email address. For users located in the EU, references to “PII” in this Privacy Policy are equivalent to what is commonly referred to as “Personal Data” in the EU.

Here are some examples and explanations of the ways in which we may collect, store, transfer, share or otherwise make your PII available to Givio.es Here

• Registration Data. If you choose to create an account using Givio Services, we will ask for certain information enabling the creation of that account, such as a username and password. If you make a donation to an organization listed on a Givio app or web page, we will ask for certain information enabling us to process, receipt and disburse that donation.

• Survey Data. The gathering of this information may include analysis and sharing of online surveys for which you may choose to participate.

• Contribution and Payment Information. We collect information on the amount of contributions you have made using the Givio Services.

“NPII” can be technical information or it can be demographic information, such as your age, gender, or interests. Non-personally identifiable information may also mean aggregated, non-identifiable or anonymized information. Non-personally identifiable information does not identify you personally. If you do provide us with non-personally identifiable information, we may use it for the purposes described in this statement or where it is collected, or any other legal purpose.

Here are some examples of the ways in which we may collect and store your non-personally identifiable information through our services, and how we use such information:

• Log Information. When you use our services or view content provided by Givio, we automatically collect and store certain information in our server logs. This type of information includes details of how you used our service, IP address information described below, web pages which have been viewed by a visitor, data and time, domain type, device event information such as crashes, system activity, hardware, settings, browser type or version, browser language, the date and time of your request and referral URL.

• Internet Protocol (IP) address. Your “IP address” is a number that lets computers attached to the Internet know where to send you data, such as the screens and pages of our services that you view. We use this information to deliver our screens and pages to you upon request, to tailor our services to the interests of you and our other visitors, and to measure traffic to and within our services.

• Campaign Data. Information about a giving campaign in which you participate, such as a campaign title, recipient charitable organization(s), descriptions, goals.

• Demographic Information. “Demographic information” may be your gender, age, zip code, and interests. We may collect such information about you through our services and use it to provide you with personalized services and to analyze trends to ensure that our services and the information on them is targeted to meet your needs. Please note that we also consider aggregated information, which is not personally identifiable, to be non-personally identifiable information.

• Device Information. “Device Information” may include information we collect such as your hardware model, operating system version, unique device identifiers and mobile network information including phone number. We may associate your device identifiers or phone number with your account.

Location Information. When you use our Services, we may collect and process information about your actual location. We use various technologies to determine location, including IP Address, Global Positioning Systems and other sensors that may provide Givio with information about nearby devices, Wi-Fi access points and cell towers.

Referrals

If you choose to use a Givio referral service to tell a friend about our Services, we may ask you for your friend’s email address. We will automatically send your friend a one-time email inviting him or her to visit the website. Givio stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program. Your friend may contact us to request that we remove this information from our database.

Log Data, Cookies and Activity Tracking Technologies

Givio collects certain information from visitors to our websites and apps and users of the Services, such as Internet addresses, browser types, referring domains, time stamps (time page accessed as well as time spent per web page), as well as the specific pages the visitor has requested. This information is logged for marketing purposes and to help diagnose technical problems and administer the Services in order to constantly improve the quality of the Services. We may also track and analyze non-identifying activity and aggregate usage-and-volume statistical information from visitors and users, and provide such information to third parties. We do not link this automatically collected data to other information we collect about you.

Givio, our partners, affiliates, or website analytics or service providers use technologies such as cookies, beacons, tags, and scripts, to analyze trends, administer the website, tracking users’ movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

We use cookies to remember users’ settings (e.g. language preference), for authentication. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our website, but your ability to use some features or areas of our website may be limited.

We use Local Storage, also known as HTML5, to store content information and preferences in order to provide users a better experience on our sites. We do not use HTML5 to display advertising based upon your web browsing activity. Various browsers may offer their own management tools for removing Local Storage/HTML5.

Children

The Services are not intended for use by children unless supervised by parents using, for example, a family account. We do not intentionally gather personally identifiable information about visitors who are under the age of 13. If a child has provided us with personally identifiable information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 13, please contact us at the support email provided at the top of this Privacy Policy statement. If we learn that we have inadvertently collected the personal information of a child under 13, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.

Social Media Widgets

Givio Services may include Social Media features, such as the Facebook ‘Like’ button, and widgets, such as the ‘Share This’ button or interactive mini-programs that run on our website. These features may collect your Internet protocol address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social Media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy statement of the company providing them.

How We Use Information

Personally Identifiable Information. If you do provide us with personally identifiable information, we will only use it for the purposes described in this statement or where it is collected.

We use PII to provide the Services, for troubleshooting and maintenance of the Services, and to communicate with Customers, Charitable Organizations, and Authorized Users. We also use PII to:

• help us create and publish content most relevant to you;

• control access to certain areas of our Services;

• register Authorized Users and develop their profiles and enable them to take advantage of the personalized features of our Services;

• process transactions requested by our Customers, Charitable Organizations, and Authorized Users; and

• communicate in response to request forms such as “Contact Us”.

Non-personally identifiable information. We may use non-personally identifiable information for the purposes described in this Privacy Policy or where it is collected, or any other legal purpose, including, when and where applicable, combining non-personally identifiable information with personally identifiable information.

Reports

We periodically prepare analyses and reports reflecting visitor and member use of the Services. In preparing these reports, we may combine and analyze the personal information you provide to us with information from other sources. However, these reports will only include aggregate information about visitors and Authorized Users. The information in these reports will not identify individuals. Any business partner with whom such reports may be shared will also not be able to contact you from the information contained in the reports.

Sharing by Customers and Charitable Organizations

Givio Customers or Charitable Organizations may choose to share PII data related to its employees in order to support charitable giving program management. For example, a Customer may choose to upload employee emails into Givio in order to create individual giving accounts for employees or to send communications to employees using Givio Services. It is the responsibility of each Customer or Charitable Organization to notify its employees that PII data is shared with Givio. Givio will cooperate with its Customers and Charitable Organizations, however, to help them provide notice to their users concerning the purpose for which personal information is collected. Neither Givio nor the Givio Services solicit the users on behalf of unrelated, third-party marketers.

Data Retention

Givio will retain personal data we collect, as well as personal data we collect and process on behalf of our Partners, for as long as needed to provide our Services. Givio will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Information Use/Opt-out

Givio uses the information that we collect to set up the Services for all user types and to improve the Services. We may also use the information to contact users and visitors to further discuss their interest in and use of the Services. Whenever visitors or users submit requests for more information or services from us, they may opt out of entering certain fields. Users wishing to stop receiving information from the Services may opt out of receiving notices by logging into their Givio account and using the account tools to manage settings, or may cancel their account, or may contact their employer for assistance, if the employer is a Customer of Givio.

We may also e-mail to Authorized Users information regarding updates to the Services.

Stored Data

Users of the Services will be using the Services to store data. Such data may at times be viewed or accessed by Givio only for the purpose of resolving a problem, support issue or suspected violation of the Terms of Use for the Services, or as may be required by law. Users are responsible for maintaining the confidentiality and security of their user registration and password. Except as provided in this Privacy Policy, Givio will not review, share, distribute, print or reference any data stored by users of the Services.

Sharing of Information by Givio

Other than as expressly described in this Privacy Policy, Givio will not share, sell or rent a user’s or a visitor’s personally identifiable information or hosted data with anyone outside of Givio, without such user’s or visitor’s prior permission or unless ordered by a court of law and when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud and/or to comply with a judicial proceeding, bankruptcy proceedings, court order, or legal process served on the Site.

Personally identifiable information. Primarily, we may share or disclose your personally identifiable information in the following instances:

• To identify you to a Charitable Organization to which you have made a donation and have requested to share your information. Users wishing to remain anonymous to their selected charity may remain anonymous.

• The Givio Services and technology platform transfers PII data to certain third-party donor-advised fund(s) (“DAF’s”) such Givio Charitable Foundation for purposes of managing individual donor DAF accounts and funds disbursements. Givio may transfer personal information to companies that help us provide our service. All such transfers to subsequent third parties are covered by confidentiality agreements with the third parties.

• To unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests, sweepstakes, and other promotions). We seek to ensure that such unaffiliated third-parties will not use your personally identifiable information for any purpose other than that for which they are responsible. However, we cannot guarantee that they will not use it for any other purpose.

• If you choose to make a donation or receive disbursements on or through our Services, we may ask you for your credit card number, billing address, and other information in connection with completing such purchase, and we may use such information to fulfill your purchase. We may also provide such information, or other personally identifiable information provided by you, to third-parties (such as ApplePay, Stripe, or a similar payment processor) (a “Payment Processor”) to complete your transaction (for example, to process your credit card). The Payment Processor is acting solely as a billing and processing provider for and on behalf of Givio and shall not be construed to be providing the applicable Service. In addition, the Payment Processor is an entity completely independent of Givio, Givio exercises no control over the operations of the Payment Processor, makes no warranties or representations on behalf of such Payment Processor, and accepts no liability in respect of the acts or omissions of the Payment Processor (including expressly with respect to any Security Breach). The Payment Processor’s use of your PII and NPII is subject to the terms, conditions, and privacy policies published by such Payment Processor.

• To comply with law, or in the good faith belief that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and to protect and defend our rights or property, including our rights and property and our services, or act in urgent circumstances to protect the personal safety of you and our other visitors.

• To track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties.

• To protect against fraud and potential fraud. We may verify the information you provide using our Services through third parties. In the course of such verification, we may receive additional personally identifiable information about you from such Services. In particular, if you use a credit card or debit card to purchase services with us, we may use card authorization and fraud screening services to verify that your card information and address match the information you supplied to us, and that the card has not been reported as lost or stolen.

Non-personally identifiable information. We may share and disclose your non-personally identifiable information for the purposes described in this statement or where it is collected, or any other legal purpose, including, when and where applicable, sharing and disclosing non-personally identifiable information combined with personally identifiable information.

Legal Disclosure. We may disclose information about you and your use of the services if we believe that such disclosure is reasonably necessary to:

(i) Comply with the law and/or legal process where a formal request has been made (e.g. request from an administrative oversight agency, civil suit, subpoena, court order or judicial or administrative proceeding);

(ii) Protect or defend our rights and/or property or the rights and property of others;

(iii) Enforce our Terms of Use, other agreements, and/or this Privacy Policy;

(iv) Respond to claims that the content(s) of a communication violates the rights of another.

Business Transactions

Circumstances may arise where, for business reasons, we may decide to reorganize, or divest all or part of our business through sale, assignment, merger or acquisition, or we may acquire a new business. In these circumstances, personal information may be shared with the actual or prospective purchasers or assignees, or with the newly acquired business. In such an event, we shall provide notice of any material change to this Privacy Policy, or our services, in the manner described in the Changes to this Policy section of this Privacy Policy.

Links to Other Sites

The Sites and the Services contains links to other sites. Givio is not responsible for the privacy practices of such other sites. We encourage users to be aware when they leave the Givio websites, apps and other Services and to read the privacy statements of each and every website that collects personally identifiable information. This Privacy Policy applies solely to information collected by the Givio Services.

Security

Givio uses generally accepted industry practices to help prevent unauthorized use of, access to or alteration of visitor and user information and hosted data. These practices include the use of firewalls, SSL encryption, system redundancies, and co-location at a 24/7 monitored, access-controlled environment.

The Givio website and the backend API services use TLS v1.2 and TLS v1.3 level encryption to ensure state-of-the-art security for all communications. As an additional factor of security, we use specially designed keys for REST API communications. Database-level encryption is employed to securely store the user details and the user’s access tokens.

The Givio mobile apps utilize the native secure storage mechanism to store data including the transactions of a guest user, and other user data like the user’s authorization tokens. For the Android app, we make use of the Android Keystore system, while we use the Keychain in the iOS app. All transaction data are secured over a REST API that’s protected using the latest TLS v1.3 encryption. For third-party tools like Stripe and Google Pay, we use their recommended, latest native SDKs to ensure that everything is up to date. For crypto transactions, we use Coinbase, where the actual payment happens directly on the Coinbase website, which is protected by Coinbase.

Givio personnel with access to information gathered from visitors and users have been advised of the importance of maintaining the confidentiality of such information and of using it only for the purposes described in this Privacy Policy. No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have further questions about security, please contact us at the email address provided at the beginning of this Privacy Policy.

Updating Personal Information

We encourage our visitors and users to update and edit their personal information and keep it current. Users can easily correct, delete or update their contact information at any time through the Site by logging into your account and using accounts settings, features and tools. We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, you may do so in your user account settings, or you may contact us. We will respond to your request within a reasonable timeframe. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

California Residents’ Rights

(As provided by the California Consumer Privacy Act)

A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receipt of a request by a California customer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed.

However, under the law, a business is not required to provide the above-described lists if the business adopts and discloses to the public (in its privacy policy statement) a policy of not disclosing customer’s personal information to third parties for their direct marketing purposes unless the customer first affirmatively agrees to the disclosure, as long as the business maintains and discloses this policy. Rather, the business may comply with the law by notifying the customer of his or her right to prevent disclosure of personal information and providing a cost free means to exercise that right.

We do not share information with third parties for their direct marketing purposes unless you affirmatively agree to such disclosure — typically by opting-in to receive information from a third party. To prevent disclosure of your personal information for use in direct marketing by a third party, do not opt-in to such use when you provide personal information on our website. Please note that whenever you opt-in to receive future communications from a third party, your information will be subject to the third-party’s privacy policies and practices. If you later decide that you do not want that third party to use your information, you will need to contact the third party directly, as we have no control over how third parties use information. You should always review the privacy policies and practices of any party that collects your information to determine how that entity will handle your information.

California customers may request further information about our compliance with this law by e-mailing us at the contact email address provided at the beginning of this Privacy Policy. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address.

California Do Not Track Notice

Some browsers have a “Do Not Track” feature that lets you tell websites and online services that you do not want to have your online activities tracked. Such browser features and industry standards are not uniform, so our websites and online services do not respond to those signals.

International Transfer of Information

We may transfer information that we collect about you, including PII, to subsidiary and affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are visiting from the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information about you, including personally identifiable information, to a country and jurisdiction that does not have the same data protection laws as the European Union, and you consent to: the transfer of information about you, including personally identifiable information, to the U.S.; and the use and disclosure of information about you, including personally identifiable information, as described in this privacy policy statement.

If you live outside the United States (including Canada, Mexico and the European Economic Area), and you use our services and Sites or provide us with PII directly via the Sites or Services, such information will be handled in accordance with this Privacy Policy. THE GIVIO SERVICES ARE GOVERERNED BY AND OPERATED IN ACCORDANCE WITH UNITED STATES LAW. BY USING THE SERVICES OR GIVING US YOUR PERSONAL INFORMATION, YOU ARE DIRECTLY TRANSFERRING YOUR PERSONAL INFORMATION AND OTHER INFORMATION TO US IN THE UNITED STATES WHERE OUR CENTRAL DATABASE OPERATES. BY USING THE SERVICES, YOU ACKNOWLEDGE THAT THE UNITED STATES MAY NOT HAVE THE SAME LEVEL OF DATA PROTECTION AS YOUR JURISDICTION AND YOU AGREE AND EXPLICITLY CONSENT TO YOUR PERSONAL INFORMATION BEING COLLECTED, PROCESSED AND TRANSFERRED IN ACCORDANCE WITH THIS PRIVACY POLICY AND SUBJECT TO UNITED STATES LAWS. You are solely responsible for compliance with any data protection or privacy obligations in your jurisdiction when you use our services and Sites, or provide us with PII. Regardless of where we transfer your information, we still protect your information in the manner described in this Privacy Policy.