Trust center

Privacy notice

Effective July 18, 2026 · Private-pilot notice

Current scope

The public DonorBeam environment is a controlled sales demonstration using synthetic organization and donation data. It is not authorized to receive live donations or production customer records yet.

Information we handle

We may handle invited team-member identity and authentication data, organization and campaign configuration, support communications, security and access logs, and—only after a signed production pilot—donor contact and transaction metadata. Stripe handles payment credentials; DonorBeam does not store full card numbers.

How information is used

We use information to provide and secure the service, authenticate users, route payments and receipts, support organizations, diagnose incidents, meet legal obligations, and improve reliability. We do not sell personal data.

Service providers

The operating stack uses Cloudflare for edge hosting and DNS, Supabase for database and authentication, Stripe for payment processing, and—when final verification is complete—Google for optional sign-in and Resend for transactional email. Each provider receives only the data needed for its role.

Control, retention, and requests

A production organization's signed order and data-processing terms will define controller/processor roles, retention, deletion, exports, subprocessor notice, and incident commitments. Requests may be sent to privacy@donorbeam.com.

Operator

DonorBeam is operated by Compounding Love Labs, PBC. Material changes to this notice will be posted here with a revised effective date.