Legal
Privacy Policy
Last Modified 28 April 2026 · ChipIn LLC · 221 Main St Ste N, Nashua, NH 03060 · legal@chipinpro.com
1. Who We Are and What This Policy Covers
ChipIn LLC ("ChipIn," "we," "us," or "our") operates the ChipIn platform, a charity event management software product accessible at chipinpro.com, which includes all software, tools, event microsites, registration and donation management features, auction tools, communication tools, payment facilitation, and all other platform features and services (collectively, the "Platform"). We are a New Hampshire limited liability company.
This Privacy Policy explains how we collect, use, store, and share personal information in two distinct contexts:
ChipIn as a data controller — when we collect and use information about you as a Customer ("Customer" means an organization or individual who has registered for a ChipIn account) or as a visitor to our website. In this context, we determine the purposes and means of processing data and this Privacy Policy applies directly to you.
ChipIn as a data processor — when we process personal information submitted by End Users ("End Users" means the individuals who interact with your events through the Platform, including, but not limited to, participants, donors, sponsors, bidders, and other attendees) through event microsites hosted on our Platform on behalf of our Customers. In this context, our Customer is the data controller and we act under their instructions. If you are an End User who interacted with a ChipIn-powered event microsite and have questions about how your data was used, you should contact the organization or individual that ran the event directly. Their privacy practices govern that processing; ours are described in our Data Processing Agreement with that organization.
This Policy does not apply to third-party websites, services, or platforms linked to or from our Platform.
2. Information We Collect About Customers and Website Visitors
Information you provide directly
When you create an account, subscribe to the Platform, or contact us, we may collect:
- Contact information: name, email address, phone number, job title, and organization name
- Account credentials: managed through our authentication provider — we do not store your password
- Organization information: legal name, mailing address, EIN or tax identification number, and nonprofit determination documentation where provided
- Payment and billing information: billing contact details — card and bank data is handled directly by third-party payment processors and is not stored by ChipIn
- Communications: the content of any messages, support requests, or feedback you send us
- Event and campaign configuration: the information you enter when setting up events, registration forms, auction items, sponsor packages, and related content
Information we collect automatically
When you visit our website or use the Platform, we automatically collect:
- Usage data: pages visited, features used, actions taken, session duration, and error logs
- Device and browser information: IP address, browser type, operating system, and device identifiers
- Authentication events: login timestamps and session activity, processed through our authentication provider
Information from third parties
We may receive information from our payment processors in connection with your payment account status, and from our authentication provider in connection with authentication events. We do not purchase or receive marketing data about you from data brokers.
3. How We Use Customer and Visitor Information
We use the information described above for the following purposes:
To provide the Platform. Operating your account, enabling event creation and management, processing your subscription, and delivering the services described in our Terms of Service.
To communicate with you. Responding to support requests, sending transactional emails about your account and events, notifying you of Platform updates, and sending service-related announcements. We use a third-party email delivery provider for these communications.
To improve the Platform. Analyzing usage patterns, diagnosing technical issues, and developing new features. Where we use analytics for this purpose, we do so on aggregated or de-identified data where practicable. Customers may configure third-party analytics tools on their event microsites. ChipIn is not responsible for data collected by Customer-configured analytics tools and Customers are solely responsible for compliance with applicable law regarding such tools.
To enforce our Terms. Investigating suspected violations of our Terms of Service, preventing fraud, and protecting the security of the Platform and its users.
To comply with legal obligations. Responding to lawful requests from courts, regulators, and law enforcement; maintaining records required by applicable law; and exercising or defending legal claims.
For marketing communications. Where you have opted in or where permitted by applicable law, we may send you information about new features, product updates, and relevant content. You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or contacting us at legal@chipinpro.com.
4. Legal Bases for Processing (GDPR and UK GDPR)
If you are located in the European Economic Area or the United Kingdom, we process your personal information on the following legal bases:
Contract performance — processing necessary to provide the Platform and fulfill our obligations under the Terms of Service. This covers account management, event delivery, payment processing coordination, and customer support.
Legitimate interests — processing necessary for our legitimate business interests where those interests are not overridden by your rights. This covers Platform security, fraud prevention, usage analytics, product improvement, and direct marketing to existing Customers and End Users. Where we rely on legitimate interests you have the right to object; see Section 10.
Legal obligation — processing required to comply with applicable law, including responding to regulatory or law enforcement requests and maintaining required records.
Consent — where we rely on consent, for example for certain marketing communications, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
5. End User Data — Our Role as Data Processor
When our Customers use the Platform to run events, they collect personal information from their End Users, including participant names, email addresses, phone numbers, mailing addresses, payment metadata, golf handicaps, custom field responses, donation amounts, dedication messages, and auction bidding history.
In this context:
- The Customer is the data controller. They determine what data is collected, for what purpose, and how it is used.
- ChipIn is the data processor. We process this data only on the Customer's documented instructions and as necessary to operate the Platform on their behalf.
- We do not use End User data for our own marketing or commercial purposes.
- We do not sell End User data.
The terms governing our processing of End User data on behalf of customers are set out in the ChipIn Data Processing Agreement, available at chipinpro.com/legal/dpa. If you are an End User and wish to exercise rights over your personal data, please contact the organization or individual that ran the event you participated in.
6. How We Share Information
We do not sell personal information. We share information only in the following circumstances:
Subprocessors and service providers. We use third-party providers to operate the Platform. These providers process data only on our instructions and are subject to appropriate data protection obligations. Our current subprocessors are listed at chipinpro.com/legal/subprocessors.
Business transfers. If ChipIn LLC is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify you by email or prominent notice on the Platform before your information is transferred and becomes subject to a different privacy policy.
Legal requirements. We may disclose information where required by applicable law, court order, or regulatory request, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of ChipIn, our customers, or the public.
With your consent. We may share information in other circumstances with your explicit consent.
7. International Data Transfers
ChipIn is based in the United States. Our infrastructure is hosted in the United States. If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with data transfer restrictions, your personal information will be transferred to and processed in the United States.
We ensure appropriate safeguards are in place for such transfers. For transfers from the EEA or UK, we rely on the Standard Contractual Clauses approved by the European Commission (available at eur-lex.europa.eu) as the transfer mechanism with our subprocessors. Upon request, we can provide further information about the safeguards we have implemented.
8. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, to maintain your account, and to comply with our legal obligations. Factors that determine retention periods include:
- Whether your account remains active
- Our legal and contractual obligations, including tax and financial record-keeping requirements
- Whether retention is necessary to resolve disputes or enforce our agreements
- Applicable statutory limitation periods
Donation transaction records may be retained for longer periods reflecting the nonprofit sector's tax documentation requirements. When we no longer have a legitimate basis to retain information, we delete or anonymize it.
9. Cookies and Tracking Technologies
We use cookies and similar technologies on our website and Platform. These fall into the following categories:
Strictly necessary cookies — required for the Platform to function, including authentication session cookies managed through our authentication provider. You cannot opt out of these without preventing access to the Platform.
Analytics cookies — used to understand how the Platform is used and to identify issues.
No advertising or targeting cookies — we do not use cookies for advertising, retargeting, or tracking across third-party websites.
You can control non-essential cookies through your browser settings. Disabling cookies may affect Platform functionality.
10. Your Privacy Rights
Depending on where you are located, you may have some or all of the following rights regarding your personal information:
- Access — request a copy of the personal information we hold about you
- Correction — request that we correct inaccurate or incomplete information
- Deletion — request that we delete your personal information, subject to our legal retention obligations
- Portability — request that we provide your information in a structured, commonly used format
- Objection — object to processing based on legitimate interests or for direct marketing purposes
- Restriction — request that we restrict processing in certain circumstances
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at legal@chipinpro.com. We will respond within 30 days, or within any shorter period required by applicable law. We may ask you to verify your identity before processing your request.
If you are located in the EEA, you have the right to lodge a complaint with the supervisory authority in your member state. If you are in the United Kingdom, you may contact the ICO at ico.org.uk.
11. US State Privacy Rights
California residents
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA provides you with specific rights regarding your personal information.
Categories of personal information collected in the past 12 months:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, IP address, account ID | Yes |
| Customer records | Organization name, address, billing contact | Yes |
| Commercial information | Service subscription, transaction history | Yes |
| Internet activity | Platform usage, page views, session data | Yes |
| Professional information | Job title, organization role | Yes |
| Sensitive personal information | Account login credentials (managed by our authentication provider) | Yes |
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
Your California rights include: the right to know what personal information we collect and how we use it; the right to delete personal information subject to exceptions; the right to correct inaccurate information; the right to opt out of sale or sharing (not applicable — we do not sell or share); the right to limit use of sensitive personal information; and the right to non-discrimination for exercising these rights.
To exercise your California rights, contact us at legal@chipinpro.com with subject line "California Privacy Request."
Residents of other US states
If you are a resident of Colorado, Connecticut, Virginia, Texas, Oregon, or other states with comprehensive privacy laws, you may have rights similar to those described above including, but not limited to, rights of access, correction, deletion, portability, or opt-out of sale. To exercise these rights, contact us at legal@chipinpro.com.
We will respond to verified requests within the timeframe required by your state's applicable law. You may appeal a denied request by contacting us at the same address; if your appeal is unsuccessful you may contact your state attorney general.
12. Children's Privacy
The Platform is intended for use by organizations and adults. We do not knowingly collect personal information from individuals under the age of 18 through our account registration or Platform administration features. If you believe we have inadvertently collected information from a minor, please contact us at legal@chipinpro.com and we will delete it promptly.
Note that End Users of Customer-hosted event microsites may include minors participating in golf events or other activities. The Customer is responsible for compliance with applicable laws regarding collection of data from minors, including COPPA where applicable.
13. Security
We implement reasonable technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and loss. These include encryption in transit and at rest, access controls, authentication requirements, and vendor security assessments. However, no system is completely secure and we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.
14. Changes to This Policy
ChipIn may update this Privacy Policy at any time at its sole discretion by posting a revised version. The revised version will be effective when posted. Unless otherwise stated, your use of the Platform after the revised Privacy Policy is posted constitutes your acceptance of the revised Privacy Policy.
15. Contact Us
For questions about this Privacy Policy, to exercise your privacy rights, or to raise a concern about our data practices: