A plain-English summary, followed by the binding text. We treat your data like we treat money on Bequest: with custody.
We collect what's required to move money safely: name, email, identity documents for KYC where required, and the transaction details themselves. We use that information to operate Bequest and meet our regulatory obligations — nothing else. We never sell personal data. We never use your donor records to advertise to your donors.
Service providers under contract (cloud infrastructure, KYC vendors, payment processors), regulators when legally required, and the recipient of a transaction (since they need to know who sent it). We do not sell personal data, and we don't share it for cross-context behavioral advertising.
Depending on your jurisdiction, you may have the right to access, correct, port, or delete your data. Send requests to privacy@bequest.org. We'll verify your identity and respond inside the legal window (30 days CCPA, 30 days GDPR with a 60-day extension allowed).
We keep transaction and identity data as long as required by financial-services law (typically seven years after account closure for U.S. AML obligations). Account data we don't need legally is deleted on request.
Bequest is U.S.-based. Data from outside the U.S. is transferred under standard contractual clauses or other approved mechanisms.
Questions, requests, or complaints: privacy@bequest.org. For EU/UK residents, you may also lodge a complaint with your local supervisory authority.