One of Believe.in’s chief concerns is the privacy of those using our website, products and services be these individuals, charities, businesses, or third party partners.
The information we collect from site visitors
The information we collect from users of Believe.in
When you create a Believe.in profile as an individual, charity, company, or partner, we collect the information you provide and store your password. For individuals who donate, we will automatically pass on your name to the charity to whom you donate, but will in all other instances not pass on this information to any third party unless you give us your express consent.
You accept that we need to disclose your Personal Data to The Believe.in Trust (our charity) under a contractual agreement to ensure privacy for your Data to a level that is required under UK law to process the donation.
For donors, when Believe.in confirms your transaction nowhere do your full card details get displayed. Your credit or debit card details (including card type, card number and expiry date); and your billing address are stored securely with Stripe and we do not handle, or store your credit or debit card details ever and will never have access to this information.
We also record your donation information, so that you can review, manage and edit this at any time from your profile. We share basic donor information with the beneficiary of your donation, so that they can administer this and understand where incoming donations are coming from. For UK donors, we collect your declaration of tax status, so that we can process Gift Aid on your behalf for those charities who are participating in Believe.in’s Gift Aid processing scheme.
We’ve also made sure to give donors several layers of privacy options to anonymise giving to whatever level is most comfortable. In all other cases our normal practice is to disclose only your name, the date and reason you gave and the amount donated to the receiving charity or good cause, unless you've specified otherwise.
When you make donations through Believe.in, you can specify to Believe.in, or any relevant website, or service associated with Believe.in whether you want to opt-out of receiving optional communications from the charities you support. If you remain opted in, we make your contact details available to the Participating Charities through their Charity Management Accounts. The use of these details by the Participating Charities is subject to our Charity User Agreement.
Outside of this, we never disclose your name, email address, or other personal information to any other party without your permission.
A donor’s name
A donor’s name will always be passed on to the fundraiser both privately and in a secure way so that he, or she might acknowledge this and thank the donor privately for their support.
User email addresses
We need the email addresses of users to register an account on Believe.in for them. We never share email addresses with any other party unless you explicitly say so. For users looking to manage a charity profile, you will first have to create a user account, then go through the Believe.in charity activation process.
Stripe will only use a user’s payment details for the purpose of processing a donation requested via Believe.in. If a donor makes a Gift Aid declaration, The Believe.in Trust will process this for participating charities and pass all relevant documentation on to HM Revenue and Customs for the purpose of reclaiming tax on behalf of the recipient charity. Gift Aid declarations include the claimant’s name and home address along with the confirmation that a sufficient amount of tax is paid during the current tax year. All of this information is held securely and will never be passed on or sold to anyone else.
Online giving via our payment processors
Online giving through us is strictly permission-based and is powered by our preferred payment processing partners at Stripe.
Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
SSL and HSTS
Stripe forces HTTPS for all services, including Believe.in and regularly audits the details of our implementation: the certificates served, the certificate authorities used, and the ciphers that are supported. Stripe uses HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Chrome and Firefox.
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe's infrastructure for storing, decrypting, and transmitting card numbers runs in a separate datacenter, and doesn't share any credentials with Stripe's primary services (API, website, etc.).
Stripe also works to rapidly investigate all reported security issues. If you believe you've discovered a bug in Stripe's security, please get in touch at firstname.lastname@example.org (optionally using our PGP key at the bottom of this page). Stripe guarantee a (non-automated) response within 24 hours, and usually faster.
Email alerts and newsletters from Believe.in
We may send users, eg individuals, charities and third parties short emails from time to time: email alerts with important information about our service, newsletters and other promotional activity. Users will always be offered the ability to unsubscribe from this communication and can also amend these notification settings from within the 'Settings' tab, found under the logged in user profile.
Charities’ use of an individual user’s personal information
Where an individual has opted in to pass on personal details to a charity through our website, Believe.in declines all responsibility for the subsequent use of his, or her personal information by the charity. If he, or she wishes to stop receiving further communications from a charity, please contact them directly.
Disclosure of a user’s Personal Data to Third Party Partners
We only give information to third parties in order to provide our services or when legally obliged to do so. We require our third party service providers to promise not to use such Personal Data except as necessary to provide the relevant services to us. We cannot maintain responsibility for the manner in which third parties use or further disclose the Personal Data collected from you after we have disclosed that information to them. We bear no responsibility for not exercising control over third party service providers' use or disclosure of Personal Data provided by you in connection with your use of the Believe.in service.
Believe.in’s Security Measures
Believe.in has security measures to protect against the loss of use and unauthorised alteration of Personal Data in our control. For example, whenever the Service requests that Authorised Users provide sensitive information, that information is encrypted with industry standard encryption techniques. When you are viewing a secure page within the Website a locked padlock icon will appear at the bottom of web browsers such as Microsoft Internet Explorer. We currently use an encryption program known as "SSL," or "Secure Sockets Layer." Credit card authorisation requests are sent using the same encryption technology through Stripe. Furthermore, access to Personal Data is physically restricted within Believe.in’s own offices, so that only certain Believe.in employees are granted access to such information as appropriate to perform specific jobs and tasks (e.g., performing customer service). Some information is also stored in an encrypted form within Believe.in’s own databases.
Please be aware that, although we endeavour to provide reasonable security for information in our possession and control, no security system can prevent against all potential security breaches, and Believe.in bears no liability for uses or disclosures of Personal Data or Non Personal Data arising in connection with the theft thereof. Likewise, Authorised Users are responsible for safeguarding the confidentiality of passwords to the Website and Believe.in Tools, and Believe.in bears no liability for access to, or use or disclosure of, Personal Data, if such access, use or disclosure arises in connection with the theft or disclosure (whether intentional or negligent) of such Authorised User's password.
Tell a friend
When you provide a friend’s email address, or invite friends to join the Believe.in platform through social channels we guarantee that we will only use these details for this sole purpose. We will not send them further communication unless they opt in to receive regular information from us.
Although unlikely, Believe.in may be forced by law to provide personally identifiable information to the appropriate authorities.
If you are not satisfied with our response, you may contact the Data Commissioner via http://www.ico.gov.uk.
Your Believe.in team