This website uses cookies to ensure you get the best experience
OK
Privacy policy

Last Updated: January 28, 2026


Roster Giving, Inc. ("Roster", "we", "us") values your privacy. This Privacy Policy explains how we collect, use, disclosure, and safeguard your information when you use our Employee Giving platform ("Services").


This policy is designed to comply with US privacy standards and align with the specific needs of our Healthcare Foundation partners.



1. Information We Collect

1.1. Information You Provide to Us

We collect information strictly necessary to facilitate employee giving and engagement:
  • Employee Administrative Data: Name, business email address, department, job title, and employee ID number.
  • Financial & Giving Data: Donation amounts, campaign participation history, payroll deduction preferences, and transaction history.
  • Account Credentials: Usernames and passwords for administrative access.

1.2. Information We DO NOT Collect (Non-PHI)

We do not collect, process, or store Protected Health Information (PHI).
Our services are designed solely for employee engagement and fundraising operations. We expressly prohibit the uploading of patient records, clinical data, or any health-related information protected under HIPAA.

1.3. Automatic Data Collection

When you access our Services, we may automatically collect certain technical information:
  • Usage Data: Log files, access times, pages viewed, and IP addresses (used for security monitoring).
  • Device Data: Browser type and operating system.

2. How We Use Your Information

We use the collected information for the following specific purposes (depending on the features enabled by your organization):
  • Service Delivery: To process donations, manage campaigns, and track employee engagement.
  • Communications: To send transaction receipts, campaign updates, and system notifications (via email or SMS).
  • Security & Fraud Prevention: To monitor for unauthorized access and protect our platform.
  • Improvement: To analyze usage trends and improve user experience (using aggregated, non-identifiable data).
AI Policy Note: We DO NOT use your proprietary data or employee PII to train or improve our Artificial Intelligence models.

3. Disclosure of Your Information

We do not sell your personal information. We may share information only in the following situations:

3.1. Service Providers (Sub-processors)

We share data with trusted third-party vendors who assist us in operating our Services. These vendors are bound by confidentiality agreements and security requirements:
  • Infrastructure & Database: Supabase (AWS) - Data Hosting and Storage.
  • AI & LLM Services: OpenAI - Ambassador recommendations and content generation (Zero Data Retention policy).
  • Communications: Resend (Email), Twilio (SMS).
  • Payment Processing: Stripe, Blackbaud - Payment gateway providers.

3.2. Legal Requirements

We may disclose information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of Roster, or protect against legal liability.

4. Data Security

We use administrative, technical, and physical security measures to help protect your personal information.
  • Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Access Control: Strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for internal staff.
  • Compliance: We are actively executing our SOC 2 Readiness Roadmap to ensure independent validation of our security controls.

5. Your Data Rights

Depending on your location, you may have specific rights regarding your data:
  • Access and Correction: You may request access to or correction of your personal data stored in our system.
  • Deletion: You may request the deletion of your personal data, subject to legal retention obligations (e.g., tax records for donations).
  • Opt-Out: Employees may opt out of receiving marketing or campaign communications at any time.

6. Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy.
  • Donation Records: retained as required by tax laws and financial audit standards.
  • Deletion: Upon termination of service, client data is deleted in accordance with our data disposal procedures.

7. International Data Transfers

Roster Giving, Inc. is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share it use in the United States.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date and will be effective as soon as it is accessible.

If you have questions or comments about this policy, you may contact our Privacy Officer at:

Roster Giving, Inc.

Email: finance@rostergiving.com