Back

Privacy Policy

Last updated: 11/30/2025

Privacy Policy

Introduction

Banyan Labs LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our donation management platform and services.

Effective Date: [Document date to be added]

Company Information: Company: Banyan Labs LLC
Address: 4147 Willow Lake Blvd, Memphis, TN 38118 Phone: (877) 260-7299
Support: support@banyanlabs.io

Information We Collect

Personal Information

  • Account Information: Name, email address, phone number, organization details
  • Profile Data: User preferences, dashboard settings, notification preferences
  • Financial Information: Payment processing data (handled by Stripe, not stored by us)
  • Communication Data: Support tickets, correspondence, feedback

Usage Information

  • Platform Analytics: Pages visited, features used, time spent on platform
  • Technical Data: IP address, browser type, device information, session data
  • Widget Performance: Donation widget usage, conversion rates, performance metrics

Automatically Collected Information

  • Cookies and Tracking: Session cookies, preference cookies, analytics cookies
  • Log Data: Server logs, error logs, security logs
  • Device Information: Operating system, browser version, screen resolution

How We Use Your Information

Service Delivery

  • Provide and maintain the Upcurve platform
  • Process transactions and manage donations
  • Deliver customer support and resolve issues
  • Send service-related communications

Platform Improvement

  • Analyze usage patterns to improve features
  • Conduct research and development
  • Optimize platform performance and user experience
  • Develop new features and services

Legal and Security

  • Comply with legal obligations
  • Protect against fraud and security threats
  • Enforce our Terms of Service
  • Respond to legal requests and prevent harm

Information Sharing and Disclosure

Service Providers

We share information with trusted third-party service providers:

  • Payment Processing: Stripe for secure payment handling
  • Analytics: Analytics providers for usage insights
  • Customer Support: Support tools for ticket management
  • Infrastructure: Cloud hosting and database providers

Legal Requirements

We may disclose information when required by law:

  • Court orders or legal process
  • Government investigations
  • Protection of rights and safety
  • Compliance with regulations

Business Transfers

In case of merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction, subject to equivalent privacy protections.

With Your Consent

We may share information with your explicit consent for specific purposes not covered in this policy.

Data Security

Technical Safeguards

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Role-based access to personal information
  • Regular Audits: Security assessments and vulnerability testing
  • Secure Infrastructure: Industry-standard hosting and database security

Organizational Measures

  • Employee Training: Regular privacy and security training
  • Access Limitations: Need-to-know basis for accessing personal data
  • Incident Response: Procedures for handling security incidents
  • Vendor Management: Due diligence on third-party service providers

Your Privacy Rights

Access and Portability

  • Request copies of your personal information
  • Export your data in a structured format
  • Understand how your information is being used

Correction and Updates

  • Update your account information
  • Correct inaccurate personal data
  • Modify privacy preferences

Deletion and Restriction

  • Request deletion of your personal information
  • Restrict processing of your data
  • Close your account and remove associated data

Objection and Withdrawal

  • Object to certain types of data processing
  • Withdraw consent for specific uses
  • Opt out of marketing communications

Data Retention

Retention Periods

  • Account Data: Retained while account is active plus 3 years
  • Transaction Data: 7 years for financial and tax compliance
  • Support Data: 2 years after issue resolution
  • Analytics Data: Aggregated data retained indefinitely

Deletion Process

When data is deleted:

  • Removed from active systems within 30 days
  • Backup systems purged within 90 days
  • Some data may be retained for legal compliance

International Data Transfers

Cross-Border Processing

Your information may be processed in countries other than your residence, including the United States, where our servers and service providers are located.

Safeguards

We implement appropriate safeguards for international transfers:

  • Standard Contractual Clauses with service providers
  • Adequacy decisions where applicable
  • Additional security measures for sensitive data

Cookies and Tracking Technologies

Types of Cookies

  • Essential Cookies: Required for platform functionality
  • Performance Cookies: Analytics and performance monitoring
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Advertising and promotional content (with consent)

Cookie Management

You can control cookies through:

  • Browser settings to block or delete cookies
  • Platform preferences for marketing cookies
  • Third-party opt-out tools for advertising cookies

Children's Privacy

Age Restrictions

Our services are not intended for children under 13 years old. We do not knowingly collect personal information from children under 13.

Parental Rights

If we become aware that we have collected information from a child under 13:

  • We will delete the information promptly
  • Parents can contact us to request deletion
  • We will take steps to prevent future collection

Third-Party Links and Services

External Links

Our platform may contain links to third-party websites and services. This Privacy Policy does not apply to those external sites.

Integration Partners

When you use integrated services (like payment processors), their privacy policies apply to information they collect.

Privacy Policy Updates

Notification Process

  • Material changes will be communicated via email
  • Minor updates posted with effective date
  • Continued use constitutes acceptance of changes
  • Previous versions available upon request

Review Schedule

We review and update this Privacy Policy annually or as needed for legal compliance and business changes.

Contact Information

Privacy Inquiries

For questions about this Privacy Policy or your privacy rights:

Email: privacy@upcurve.com
Address: [Privacy Officer Address]
Phone: [Privacy Contact Phone]

Data Protection Officer

For EU residents, contact our Data Protection Officer: Email: dpo@upcurve.com

Response Time

We will respond to privacy inquiries within 30 days of receipt.

Jurisdiction-Specific Rights

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt out of sale of personal information
  • Right to non-discrimination for exercising privacy rights

European Residents (GDPR)

EU residents have rights under the General Data Protection Regulation:

  • Legal basis for processing personal data
  • Right to data portability
  • Right to lodge complaints with supervisory authorities
  • Enhanced consent requirements

Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate and will provide additional rights as required by local law.

For the most current version of this Privacy Policy, please visit our website or contact our privacy team.