Privacy Policy

Last updated: May 28, 2026 · Version 1.0

This Privacy Policy describes how MayeleOS Inc. ("Freely Give," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use our digital giving services. By using Freely Give, you agree to the practices described here.

Contents
  1. Introduction
  2. Our Services
  3. Information We Collect
  4. How We Collect Information
  5. How We Use Information
  6. How We Disclose Information
  7. International Transfers
  8. Security & Retention
  9. Your Rights
  10. GDPR-Specific Provisions
  11. US State Privacy Rights
  12. Contact
  13. Definitions

1. Introduction

This Privacy Policy applies to all individuals and organizations that interact with Freely Give, including donors, church administrators, and visitors to our websites and mobile apps. We may update this policy from time to time; the "Last updated" date above reflects the most recent revision, and continued use of our services after a change indicates acceptance of the updated policy.

Freely Give is operated by MayeleOS Inc., located at 407 W. Imperial Hwy, Suite H #769, Brea, CA 92821.

2. Our Services

Freely Give provides digital giving infrastructure for churches and religious organizations, including one-time and recurring online gifts, fund-targeted contributions, Round-Up giving from connected bank transactions, guest giving via QR code or shareable link, a donor mobile application, and a church administrator web panel. We do not provide church management software, event ticketing, websites, messaging services, media hosting, or check-scanning services. We reserve the right to modify our service offerings; material changes will be communicated to affected customers.

3. Information We Collect

3.1 Church (Customer) Information

When a church creates an account with Freely Give, we collect information about the organization and the individuals who administer it on the church's behalf, including:

  • Name, email address, and phone number of each church administrator
  • Church name, mailing address, and (where provided) Employer Identification Number (EIN)
  • Fund definitions, giving page settings, and other configuration data
  • IP address and basic device information used to access the admin panel
  • Payout banking details for the church's designated receiving account (held by our payment processor — see §6.2)

3.2 Donor (Individual) Information

When an individual makes a gift through Freely Give — whether as an authenticated donor or as a guest — we collect:

  • Name and email address (always); phone number (optional, used to help your church reach you about your giving)
  • Gift history: amount, fund, date, payment rail (card or ACH), associated church
  • Fund preferences, recurring-gift schedules, and Round-Up settings
  • References (tokens) to the donor's payment instruments — see §6.2

Freely Give does not collect or store credit card numbers, bank account credentials, or full bank account numbers. Card numbers are entered directly into Stripe's hosted Payment Element; bank logins occur inside Stripe's hosted Financial Connections flow. In each case, we receive only a single-use or long-lived token that lets us reference the instrument through Stripe — never the underlying data itself.

3.3 Customer-Collected Information

Church administrators may view and manage information about donors through the Freely Give admin panel — for example, updating contact details or marking a donor as a church member. When we process such data, Freely Give acts as a data processor on behalf of the church, which is the data controller. The church is responsible for ensuring any updates are accurate and that appropriate consents have been provided by the individuals concerned.

3.4 Sensitive Data

By its nature, giving to a religious organization may reveal information about a donor's religious affiliation. Under the EU General Data Protection Regulation (GDPR) Article 9 and comparable laws in other jurisdictions, this is classified as a special category of personal data. We treat such information as sensitive and rely on the donor's explicit consent (manifested by the act of opening an account and making a gift to a specific religious organization) as our lawful basis for processing. You may withdraw this consent at any time by closing your donor account or by emailing help@freelygive.app. Withdrawal does not affect the lawfulness of processing carried out before withdrawal; gift records required for IRS and accounting purposes will be retained as described in §8.4.

3.5 Cookies and Similar Technologies

Freely Give uses a minimal set of cookies and local-storage entries required for the service to function:

  • Authentication tokens — issued by Supabase Auth on successful sign-in, stored in browser localStorage on web and in encrypted device storage on native mobile.
  • Session cookies — used by our hosting provider (Vercel) for routing and basic security functions.

We do not use advertising cookies, third-party tracking pixels, or cross-site behavioral profiling tools. We do not participate in any advertising networks. Server-side request logs maintained by our hosting and database providers may include IP addresses and request metadata for operational and security purposes.

3.6 Aggregate, Non-Identifying Data

We may compute statistics about service usage — total gifts per platform per month, average gift size, percentage of givers using each payment rail, and similar aggregates. These aggregates are calculated in a way that does not identify any individual donor or church, and may be used for product improvement, fundraising sector benchmarking, and external publication. We do not sell individual personal information to any third party.

3.7 Children

Freely Give is not directed to children. We do not knowingly collect personal information from individuals under the age of 13 (or 16 for individuals in the European Economic Area or United Kingdom, where GDPR applies). If we learn that we have collected personal information from a child without verified parental consent, we will delete that information promptly. Parents or guardians who believe their child has provided us with personal information may contact us at help@freelygive.app.

4. How We Collect Information

We collect personal information through several channels:

  • Directly from you — when you create an account, enter giving details, configure fund settings, or contact our support team
  • Through Stripe — when you complete card entry or bank-account linking in Stripe's hosted interfaces, Stripe returns tokens and limited metadata (e.g., card brand, last four digits, bank institution name) for our records
  • From your church — when a church administrator updates your contact information or membership status through the admin panel
  • Automatically — server-side logs of authenticated requests capture IP, timestamp, and endpoint accessed; this is used for security investigations and abuse prevention

5. How We Use Information

5.1 To Deliver the Service

We use personal information to create and maintain your account, process gifts, send receipts and giving statements, manage recurring gifts and Round-Ups, surface giving history to donors and church administrators, prevent fraud, secure the service, and provide customer support.

5.2 Marketing Communications

With your consent, we may send periodic emails about new features, generosity research, and product updates. You may unsubscribe at any time using the link in any marketing email or by contacting help@freelygive.app. Transactional communications — gift receipts, recurring-gift confirmations, account-security notifications — are required for the operation of the service and are not subject to opt-out.

5.3 Product Improvement & Research

We use de-identified, aggregated data (see §3.6) to understand how our service is used and to inform product decisions.

5.4 What We Don't Do

We do not sell personal information to any third party. We do not share donor identity or giving history with advertising networks, data brokers, or other churches. We do not use donor data to train external advertising systems.

6. How We Disclose Information

6.1 Service Providers & Sub-processors

We rely on the following third-party service providers, each of whom processes personal information solely on our instructions and under a contractual obligation of confidentiality:

  • Stripe, Inc. — payment processing for cards and ACH; bank-account linking and verification via Stripe Financial Connections (for ACH giving and Round-Up transaction data); storage of card and bank tokens; fraud screening (Stripe Privacy Policy)
  • Supabase, Inc. — managed PostgreSQL database, authentication services, and file storage; underlying infrastructure operated by Amazon Web Services (Supabase Privacy Policy)
  • Vercel Inc. — web application hosting and edge serving (Vercel Privacy Policy)

Each provider receives only the minimum data needed to perform its function. We will update this list when sub-processors change; significant changes will be communicated to customer churches in advance where reasonably practicable.

6.2 Financial Information

Freely Give does not collect, hold, or disburse gift funds at any point. All gifts are collected by Stripe directly from the donor's payment instrument and disbursed by Stripe to the church's receiving account. Funds never pass through or rest in a Freely Give-controlled account.

Card numbers, full bank account numbers, and bank login credentials never reach Freely Give servers. They are entered directly into Stripe-hosted interfaces — cards via the Stripe Payment Element, banks via Stripe Financial Connections — and stored by Stripe. We hold only tokens that reference these instruments through Stripe's APIs.

6.3 Legal Requests

We may disclose personal information when required to do so by law, court order, subpoena, or other valid legal process, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Freely Give, our customers, or the public. Where legally permitted, we will notify the affected customer of the request before disclosure.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of all or substantially all of our assets, or bankruptcy, personal information may be transferred to the acquiring or successor entity, subject to the same protections described in this Policy. We will notify customers of any such change in ownership or control of personal information.

7. International Transfers of Personal Information

Freely Give and most of our sub-processors are located in the United States. If you access Freely Give from outside the United States — for example, from the European Economic Area, the United Kingdom, Switzerland, or Australia — your personal information will be transferred to, stored in, and processed in the United States.

For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable) as the legal mechanism for international transfer. A copy of our Data Processing Addendum, including the executed SCCs, is available to churches upon request to help@freelygive.app.

8. Security and Retention

8.1 Account Security

Donors and church administrators are responsible for maintaining the security of their account credentials. We require sign-in via email one-time passcode; we do not store user-set passwords for donor accounts. If you believe your account has been compromised, contact us immediately at help@freelygive.app.

8.2 Data Security

We take commercially reasonable measures to protect personal information: TLS encryption in transit, AWS-managed encryption at rest, row-level security policies enforced at the database layer (so a church administrator cannot query another church's data), cryptographic verification of all webhook traffic from Stripe, and least-privilege access controls for our personnel. For a full technical overview, see our Security page.

8.3 Data Breach Notification

No system is perfectly secure. If we become aware of a security incident affecting personal information, we will investigate promptly, take appropriate remediation steps, and notify affected individuals and applicable regulators without undue delay, in accordance with applicable breach-notification laws.

8.4 Retention

We retain personal information for as long as necessary to provide the service and to fulfill our legal, accounting, and regulatory obligations:

  • Gift records are retained for the duration of the church's account plus a minimum of seven (7) years thereafter, consistent with IRS recordkeeping requirements for charitable contributions.
  • Donor account information is retained while the account is active. Inactive accounts (no activity for 24 months) may be deactivated; the underlying gift record is preserved per the rule above, but identifying contact details may be minimized.
  • Authentication logs are retained for up to twelve (12) months for security investigation purposes.
  • Sub-processor records follow each provider's own retention policy.

Upon valid deletion request, we will delete personal information not subject to a legal retention obligation. Records subject to retention obligations may be redacted or pseudonymized but not deleted in full.

9. Your Rights

9.1 Access and Correction

You may access and update most of your information directly through your account. For information not editable in the app, or for a copy of all personal information we hold about you, contact help@freelygive.app.

9.2 Deletion

You may request deletion of your personal information at any time. As noted in §8.4, certain gift records must be retained for IRS and accounting purposes; in those cases we will minimize identifying detail and delete what we are not legally required to keep.

9.3 Opt-Out of Marketing

You may opt out of marketing emails using the unsubscribe link in any such email, or by emailing help@freelygive.app. Transactional messages required to operate the service are not subject to opt-out while your account is active.

9.4 Account Closure

You may close your donor account at any time through the app or by contacting help@freelygive.app. Church administrators may close a church account by contacting help@freelygive.app.

10. GDPR-Specific Provisions

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following additional terms apply.

10.1 Lawful Bases for Processing

  • Contract performance — most processing of donor and church-administrator data is necessary to provide the giving services you have requested.
  • Legitimate interests — fraud prevention, security monitoring, service improvement, and direct outreach to existing customer churches about substantially similar services. We weigh our interests against your fundamental rights and provide opt-outs where appropriate.
  • Consent — for marketing communications to new prospects, for sensitive data revealing religious affiliation (see §3.4), and for any other processing where consent is the appropriate basis under applicable law.
  • Legal obligations — financial recordkeeping, anti-money-laundering screening, and responses to lawful requests.

10.2 Your GDPR Rights

In addition to the rights described in §9, you have the right to: object to processing based on legitimate interests; restrict processing in certain circumstances; data portability (receive your data in a machine-readable format); and lodge a complaint with your local supervisory authority.

10.3 Data Protection Officer / Representative

Freely Give currently operates exclusively in the United States and does not target individuals in the European Economic Area or United Kingdom. We have determined that appointment of a Data Protection Officer is not required at this time. If we expand to serve EU or UK users, we will reassess this requirement and appoint an EU/UK Representative as required by applicable law.

10.4 Automated Decision-Making

We use Stripe's fraud-screening tools (Stripe Radar), which process transaction data automatically to assess fraud risk and may result in a gift being blocked or flagged without human review. This constitutes automated decision-making within the meaning of GDPR Article 22. If a transaction is declined due to automated fraud screening and you believe this was in error, you may contact us at help@freelygive.app to request human review of the decision.

11. US State Privacy Rights

Depending on your state of residence, you may have additional privacy rights beyond those described in §9. This section covers rights under the California Consumer Privacy Act (CCPA/CPRA) and comparable laws in Colorado, Virginia, Connecticut, Texas, and other US states with active consumer privacy legislation.

11.1 Categories of Personal Information Collected

In the past twelve months, Freely Give has collected the categories of personal information described in §3 above: identifiers (name, email, IP address), financial information (gift history, tokens referencing payment instruments — but not card numbers themselves), commercial information (gift transactions), internet activity information (basic server logs), and inferences drawn from giving patterns for service improvement.

11.2 Sensitive Personal Information

Information revealing religious affiliation is classified as sensitive personal information under California (CPRA), Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), Texas (TDPSA), and comparable state laws. We collect this category only with your consent (see §3.4) and do not use it for purposes beyond delivering the giving service you have requested. You have the right to limit our use of your sensitive personal information to those purposes — to exercise this right, contact help@freelygive.app.

11.3 Sale and Sharing

Freely Give does not sell personal information and does not share personal information for cross-context behavioral advertising or targeted advertising, as those terms are defined under applicable state laws.

11.4 Your Rights

Depending on your state, you may have the right to: know what personal information we have collected about you; request a portable copy of your data; request correction of inaccurate information; request deletion of your personal information (subject to retention exceptions in §8.4); opt out of any sale or sharing of your data (we do not sell or share); and appeal a denial of any of the foregoing rights. California residents additionally have the right to limit use of sensitive personal information. To exercise any of these rights, contact help@freelygive.app — we will verify your identity and respond within the timeframe required by your state's law. We will not discriminate against you for exercising these rights.

12. Contact

For privacy-related questions, requests, or complaints, contact us at:

  • Email: help@freelygive.app (privacy requests, legal notices, all other inquiries)
  • Mailing address: 407 W. Imperial Hwy, Suite H #769, Brea, CA 92821

13. Definitions

  • Church (Customer) — the religious organization that establishes an account with Freely Give to receive gifts.
  • Church Administrator — an individual authorized by a Church to manage the Church's Freely Give account.
  • Donor — an individual who makes one or more gifts through Freely Give to a Church.
  • Member — an individual associated with a Church (typically a congregant), whose information may be entered by a Church Administrator or by the Member directly.
  • Personal Data / Personal Information — information that identifies, relates to, or could reasonably be linked to a particular individual or household, as defined under applicable law (GDPR, CCPA, etc.).
  • Service — the Freely Give digital giving platform, including the donor mobile app, the church admin web panel, and all related websites and APIs.
  • Sub-processor — a third party engaged by Freely Give to process personal information on our behalf, as listed in §6.1.