Privacy Policy

Effective Date: [DATE]
Last Updated: [DATE]

Raisepath ("we," "us," or "our"), operated by Blue Ribbon Innovations LLC, a Wyoming limited liability company, respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your information.

By using the Raisepath platform (the "Service"), you agree to the practices described in this policy.

1. Information We Collect

Information You Provide

  • Account information: Name, email address, phone number, and password when you register.
  • Organization information: School or district name, address, EIN/tax ID, bank account or mailing address for payouts, logos and branding assets.
  • Donor information: Name, email, billing address, payment method (processed by Stripe — we never store full card numbers).
  • Student information (minimal): When schools use peer-to-peer features, we collect only what schools choose to provide. See Section 7 for our data-minimization approach.
  • Campaign content: Text, images, and other content you upload to create or run a fundraising campaign.
  • Communications: Messages you send through the platform or to our support team.

Information We Collect Automatically

  • Usage data: Pages visited, features used, time spent, clicks, via PostHog analytics.
  • Device and connection information: IP address, browser type, operating system, referring URLs.
  • Cookies: Authentication tokens, session state, analytics IDs.

Information from Third Parties

  • Payment processing data from Stripe (transaction confirmations, refund status, payout status).
  • Email delivery data from Resend (delivery status, bounces, opens).

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Process donations and payouts
  • Send transactional emails (receipts, payout notifications, campaign updates)
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Improve our Service through aggregated analytics

3. How We Share Your Information

We do not sell your personal information to anyone.

We share information only as follows:

  • With your organization: If you donate to a school, that school sees your name, email, donation amount, and any message you included.
  • With service providers: Stripe (payments), Supabase (data hosting), Resend (email delivery), Railway and Vercel (application hosting), PostHog (analytics), Checkbook.io (paper-check payouts), print-on-demand providers (when applicable). These providers only access what they need to perform their services.
  • For legal reasons: If required by law, subpoena, court order, or to protect rights, safety, or property.
  • In a business transfer: If Blue Ribbon Innovations LLC is acquired, merged, or sells substantially all its assets, your information may transfer to the successor entity.

4. Your Choices and Rights

  • Access and correction: You can view and update your account information at any time through your dashboard.
  • Deletion: You can request deletion of your account by emailing support@[YOUR_DOMAIN]. We may retain certain information as required by law (tax records, payout records).
  • Marketing emails: All marketing emails include an unsubscribe link. Transactional emails (receipts, payout notices) cannot be opted out of while you maintain an account.
  • Cookies: You can disable cookies in your browser, but the Service may not function correctly without them.

California Residents (CCPA)

You have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information (we do not sell personal information). Contact privacy@[YOUR_DOMAIN] to exercise these rights.

EU/UK Residents (GDPR)

You have rights of access, rectification, erasure, restriction, portability, and objection. The legal basis for processing is contract performance, legitimate interest, and consent where applicable. Contact privacy@[YOUR_DOMAIN] to exercise these rights.

5. Data Security

We implement industry-standard security measures: encryption in transit (TLS), encryption at rest, role-based access controls, Row-Level Security in our database, and regular security reviews. However, no system is perfectly secure, and we cannot guarantee absolute security of your information.

6. Data Retention

We retain information for as long as your account is active and as needed to provide the Service. We may retain certain records (transactions, payouts, tax records) for up to seven years to comply with legal and accounting requirements, even after account deletion.

7. Children's Privacy (COPPA and FERPA)

The Service is not directed to children under 13, and we do not knowingly accept direct registrations from children under 13. Students do not create their own accounts or log in to the Service directly. All student information is uploaded and managed by school administrators.

Our Data Minimization Approach

Raisepath is designed so schools choose what student information to provide. No student data field is required by the platform. Schools may choose to:

  • Use Guardian Mode, where only parent/guardian contact information is collected — never the student's own email or phone
  • Use display names, first names only, or student IDs instead of full names
  • Provide minimum information needed for fundraising (name only, for example) and omit grade, teacher, classroom, and other fields entirely
  • Provide additional context (grade, teacher, classroom) when helpful for organizing campaigns by class or grade group

Student Information the Platform Can Accept

When schools choose to provide student information, the following fields are available (all optional):

  • Student display name OR student ID OR pseudonym
  • Optional photo (uploaded by school)
  • Optional personal message
  • Optional school-context information: grade level, teacher name, homeroom assignment, school-internal student ID
  • Optional parent/guardian contact information (name, email, phone) for parent notifications about their child's fundraising activity

Information the Platform Does NOT Accept

The platform does not have fields for and will not accept:

  • Date of birth, age, or birthdate
  • Gender, sex, or gender identity
  • Race, ethnicity, or national origin
  • Home address
  • Social Security Number or government identifiers
  • Health, medical, or behavioral information
  • Academic records, grades, test scores, or disciplinary records
  • Religious affiliation

Schools as Data Controllers

When schools upload student information, the school acts as the data controller under COPPA, FERPA, and applicable state student privacy laws. The school is responsible for:

  • Obtaining all required parental consent under COPPA for children under 13
  • Complying with FERPA disclosure requirements
  • Complying with state student privacy laws (e.g., California SOPIPA, Colorado Student Data Transparency and Security Act, New York Education Law 2-d)
  • Determining what student information is appropriate to provide or display
  • Choosing whether to use Guardian Mode, display pseudonyms, or full names
  • Removing student information from the platform when requested by a parent, guardian, or eligible student

Raisepath acts as a service provider to the school, processing student information only at the school's direction.

Use of Student Information

Student information is used only to:

  • Display the student's fundraising page to potential donors
  • Notify parents or guardians about donations received
  • Ship products purchased on behalf of the student to the school for distribution
  • Generate fundraising reports for the school
  • Provide customer support when a school or parent requests it

We do NOT use student information for:

  • Marketing or advertising to students
  • Building behavioral or demographic profiles
  • Profiling for commercial purposes
  • Sale or rental to third parties
  • Training machine learning or AI models

Parental Rights

Parents and guardians may request review, correction, or removal of any student information by contacting the participating school directly, or by contacting Raisepath at privacy@[YOUR_DOMAIN]. We will route requests to the appropriate school within 2 business days. Removal requests will be processed within 5 business days of the school's confirmation.

Data Retention

Student information is retained while the student is actively participating in their school's campaigns and for up to 7 years afterward for tax and audit purposes related to fundraising records. Schools may request immediate deletion of inactive student records.

8. Monitoring and Content Review

We reserve the right to monitor content uploaded to the platform and to remove any content that violates our Terms of Service.

9. International Data Transfers

Your information may be processed in the United States. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email or platform notification at least 14 days before taking effect.

11. Contact Us

Blue Ribbon Innovations LLC
[YOUR_BUSINESS_ADDRESS]
privacy@[YOUR_DOMAIN]