Privacy Policy

CryptoWidget.io ("CryptoWidget," "we," "our," or "us") is a 501(c)(3) nonprofit organization committed to protecting the privacy of everyone who uses our platform — including donors, nonprofit organizations, and website visitors. This Privacy Policy explains what information we collect, how we use it, and what choices you have.

By using our website, widget, or services, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account, make a donation, or contact us, we may collect:

• Identity information: name, email address, mailing address
• Organization information: nonprofit name, EIN/tax ID, 501(c)(3) determination letter, website URL
• Financial information: bank account details (stored securely by our payment processor), cryptocurrency wallet addresses used for transactions
• Donation information: donation amounts, selected cryptocurrencies, transaction identifiers, and timestamps
• Communications: messages you send to our support team

1.2 Information Collected Automatically

When you visit our website or use the widget, we automatically collect:

• Device and browser information: IP address, browser type and version, operating system
• Usage data: pages viewed, time spent, links clicked, referring URLs
• Cookie data: session identifiers, preference settings, analytics identifiers (see Section 6)
• Widget interaction data: which donation widget was used, amount selected, currency chosen (no personal identifiers unless you complete a donation)

1.3 Blockchain Data

Cryptocurrency transactions are recorded on public blockchains and are inherently visible to anyone. We do not control the public blockchain record, but we associate your on-chain transaction with your account solely for receipt generation and accounting purposes.

2. How We Use Your Information

We use the information we collect to:

• Process cryptocurrency donations and transfer funds to recipient organizations
• Generate and deliver IRS-compliant tax receipts to donors
• Verify nonprofit organizations and maintain our public directory (for organizations that opt in)
• Operate and maintain the donation widget and associated dashboard
• Communicate with you about your account, transactions, and support requests
• Send transactional emails (receipts, withdrawal confirmations, security alerts)
• Send marketing communications, only if you have opted in
• Detect fraud, prevent abuse, and comply with legal obligations
• Improve our services through aggregate analytics

We do not sell your personal information. We do not use your information for targeted advertising.

3. How We Share Your Information

3.1 With Recipient Organizations

When you make a donation, we share your name and email address with the recipient organization for their records and acknowledgment purposes, unless you donate anonymously (an option available at checkout).

3.2 With Service Providers

We share data with trusted third-party processors that help us operate the platform:

• Payment processing: bank account and withdrawal services
• Cloud infrastructure: hosting and data storage (SOC 2 Type II certified providers)
• Email delivery: for receipts and transactional notifications
• Analytics: aggregated, anonymized usage data only
• Compliance / KYC: identity verification for organizations as required by FinCEN

All service providers are bound by data processing agreements that prohibit them from using your data for their own purposes.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect the rights, property, or safety of CryptoWidget, our users, or the public.

3.4 Business Transfers

If CryptoWidget merges with or transfers assets to another nonprofit or organization, your information may be transferred. We will notify you before any such transfer and explain your rights.

4. Data Security

We implement industry-standard security measures including:

• Encryption at rest: AES-256 encryption for all stored personal and financial data
• Encryption in transit: TLS 1.3 for all data transmitted between your browser and our servers
• Hardware Security Modules (HSM): all cryptographic keys are stored in FIPS 140-2 Level 3 certified HSMs
• Access controls: role-based access with multi-factor authentication required for all staff
• SOC 2 Type II: we undergo annual third-party security audits
• Penetration testing: bi-annual third-party penetration tests

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at security@cryptowidget.io.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. For tax and legal compliance purposes:

• Donation records and tax receipts are retained for a minimum of 7 years as required by IRS regulations
• Bank account information is deleted within 30 days of account closure
• Log and analytics data is purged after 24 months
• You may request deletion of other personal data subject to legal retention requirements (see Section 7)

6. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: required for authentication and session management
• Functional cookies: remember your preferences (e.g., selected currencies, theme)
• Analytics cookies: understand aggregate usage patterns using privacy-preserving analytics (no cross-site tracking)

You can control cookies through your browser settings. Disabling essential cookies may impair functionality. We do not use third-party advertising cookies.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate data
• Deletion: request deletion of your data (subject to legal retention obligations)
• Portability: receive your data in a machine-readable format
• Objection: object to certain uses of your data
• Opt-out of marketing: unsubscribe at any time via the link in any marketing email

To exercise these rights, email us at privacy@cryptowidget.io. We will respond within 30 days. California residents have additional rights under CCPA; EU/UK residents have rights under GDPR.

8. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

9. International Data Transfers

CryptoWidget is based in the United States. If you are located outside the US, your information may be transferred to and processed in the US, which may have different data protection laws. By using our services, you consent to this transfer. We rely on Standard Contractual Clauses for transfers from the EU/EEA.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting a prominent notice on our website. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

• Email: privacy@cryptowidget.io
• Mail: CryptoWidget.io, Privacy Officer, [Address], United States
• Response time: We aim to respond to all privacy inquiries within 5 business days