Privacy policy

LAST UPDATED: September 5, 2023

‍Bonterra LLC (“Bonterra,” “we,” “us,” or “our”) is an online, cloud-based service platform that provides individuals and organizations the ability to contribute to, organize, and manage their causes (collectively, the “Services”). Bonterra Services include EveryAction, Mobilize, NGP VAN, CyberGrants, Network for Good, Social Solutions and the respective individualized service offerings thereunder. This Privacy Policy is intended to comply with all applicable United States federal and individual state data protection laws (including without limitation, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act, and the Texas Data d Privacy and Security Act) as well as the national laws of Canada, Australia, United Kingdom, and the European Union (except, please note that the services offered through Mobilize and NGP VAN are offered only in the United States, and as such, are not subject to foreign data protection laws).

This Privacy Policy details how we collect, use and share personal information in providing our Services.
‍
For Bonterra’s Data Processing Addendum (“DPA”), please click here.

For purposes of this Privacy Policy, we break down our users into three categories that align with how we handle their personal information:

How we refer to these individuals in the Privacy Policy	How these individuals interact with Bonterra	Examples	Our relationship with these individuals
Bonterra Users	Individuals who interact directly with our Services	A volunteer who signs up for an event on Mobilize A donor who uses the FastAction portal to donate to a cause through EveryAction An individual who signs up with Mobilize to learn about opportunities to participate in political campaigns An individual who uses the ActionID Single Sign-On application to learn about the opportunities available across our Services	We have our own, direct relationship with Bonterra Users
Customers	Representatives of our prospective and existing Customers	A representative of an organization that uses Network for Good to manage donations A company representative who requests a demo from CyberGrants for a corporate philanthropy campaign A representative of a public sector agency who uses Social Solutions to measure the impact of a community engagement project	We have our own, direct relationship with Customers
Customer End Users	Individuals who are our Customers’ users	An individual, such as a company’s employee, who donates to a nonprofit through CyberGrants or EveryAction A volunteer who signs up for a political campaign that uses Mobilize to organize An individual who participates in a nonprofit’s charity auction run by Network for Good	Bonterra processes the personal information of Customer End Users pursuant to agreements with our Customers – as a “services provider” or “processor.” Our Customers’ use and sharing of this information is governed by their own privacy policies.

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Services or otherwise includes:

Contact information, such as your first and last name, professional title, business affiliation and address, email address, and phone number. First and last name, and email address, are required to access Bonterra’s Services.
Biographical information, such as your age and gender, political and professional affiliations, interests in charitable causes, and occupation. This information is not required to access Bonterra’s Services.
Event information, including where and when the event you sign up for through our Services is taking place, when you signed up for the event, the organizations affiliated with the event, the organization promoting the event, whether or not you actually attended the event, and any feedback you provide about the event.
Payment and transaction data that our payment service providers collect to process your payments, such as your donations or contributions to the political candidate or nonprofit cause of your choice. We do not store payment card numbers on our systems. The information you provide in connection with your purchases is handled by our third-party payment processors, such as Stripe or Plaid, in accordance with their terms of service and privacy policies.
Transaction history, including your donations or other engagement history.
Communications that we retain from any support requests you submit, and questions you may send us about marketing, job opportunities, etc.
Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with those communications.
Information from cookies and other automated technologies, such as information about the devices you use to engage with our Services, and online activity data. For more details about the technologies we use, the categories of information we collect, and how we use this information, please review our Cookie Policy.
Other information about Customer End Users that we may collect which is not specifically listed here, but which we contractually agreed to collect with each Customer. If applicable, please contact your employer or the organization that contracts with Bonterra to request a full list of personal information that we collect on their behalf, in addition to the information described above.

Third party sources. In certain cases, we combine personal information we receive from you with personal information we obtain from other sources, including:

Third parties, such as business data providers and public databases. For example, we may obtain information from corporate partners if you are using our Services through a corporate partner program, or from advocacy organizations that use our Services to manage their events. We also may obtain information from public records in order to conduct due diligence or fraud prevention checks, or to supplement your profile (i.e., to complete your zip code).
Distribution lists. To engage in an email, SMS, or calling campaign, our Customers may upload a distribution list that provides us information about their donors or constituents (such as their names, email addresses, and mobile phone numbers). We use and process this information to provide the requested services in accordance with our Customer agreement and this Privacy Policy.
Social media platforms. We may receive information about your activity when you follow us on social media and networking platforms such as Facebook or Twitter. Additionally, if you access our Services through a social networking site or a third-party login service (such as Single Sign-On (SSO) or Google), we may collect information about you from that third party that you have made available via your privacy settings.
Third-party integrations. Should you choose to integrate a third-party product within our Services, such as Google Sheets or Google Drive, we will ask you to grant us permission to view and/or download, as applicable, your Google Sheets or Google Drive. This allows us to configure your integration(s) in accordance with your preferences. We do not use this information for any other purpose.

How we use personal information

Below is a description of all the possibilities of how Bonterra Services use personal information, which may be limited under the applicable agreements signed directly by Bonterra with its Customers.

A. Bonterra Users

To fulfill our contractual obligations to you, we use personal information to:

Facilitate your engagement with us and our organizations; and
Process your donations and complete your other transactions.

We may also use personal information for the following legitimate business interests:

Recommend opportunities to engage with organizations and campaigns that use our Services;
Communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages;
Personalize your experiences within the Services; and
Provide support, and respond to requests, questions, and feedback.

B. Customers

To fulfill our contractual obligations to you, we use personal information to:

Provide you with our Services; and
Complete your transactions.

We may also use personal information for the following legitimate business interests:

Recommend opportunities to engage with other organizations and campaigns that use our Services;
Communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages; and
Provide support, and respond to requests, questions, and feedback.

C. Customer End Users

On behalf of our Customers, we use personal information to:

Enable our Customers to recruit and engage with Bonterra Users;
Provide our Customers with information relating to our products, events, or other business information;
Enable Customer End Users to complete transactions and make donations through the Services;
Communicate with Customers and Customer End Users about our Services and your account, including by sending announcements, updates, security alerts, and support and administrative messages;
Provide support, and respond to requests, questions, and feedback;
Provide marketing and advertising on behalf of our Customers, including interest-based online advertising; and
Build donor profiles for our Customers’ internal use through our Social Matching Feature. As directed by our Customers, we enrich our Customers’ email contact lists by appending Customer End Users’ email addresses with social media account information that we obtain from third-party data providers.

D. Marketing and advertising, including for:

Direct marketing. We use personal information to market our Services to you, and we can do so through websites, events, programs, and other means. We may send you direct marketing communications promoting our Services, events, programs, or other services that we believe are of interest. Recipients can opt out of our marketing communications as described in the Opt out of marketing communications section below.

Where required by law, we will only send users marketing communications with your consent. Otherwise, we will market and advertise our Services on the basis of our legitimate business interests.
Interest-based advertising. We use cookies and similar technologies to engage in interest-based advertising. Please review our Cookie Policy for more information. Where required by applicable law, we will engage in interest-based advertising only with your consent.

E. Research and development. It is in our legitimate business interests to engage in research and development, including to:

Develop new features, products, and services; and
Create aggregated, de-identified, or other anonymous data or analytics.

F. Compliance with law, including to:

Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims);
Audit our internal processes for compliance with legal and contractual requirements and internal policies;
Enforce the terms and conditions that govern our Services; and
Prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.

Disclosure of personal information

How we disclose personal information. Below is a description of all the possibilities of how and to whom Bonterra Services disclose personal information, which may be limited under the applicable agreements signed directly by Bonterra with its Customers.

We may disclose personal information to:

Affiliates. All the platforms affiliated with Bonterra for purposes consistent with this Privacy Policy. You can opt out of this disclosure as described in the Privacy Rights and Choices section below.
Organizations and campaigns. Charities, nonprofits, and other organizations, including when you seek to engage with opportunities on our platform or when you engage with a specific organization that uses our platform for its causes.
Advertising vendors. Third-party advertising companies, including for the interest-based advertising purposes described above, that can collect information on our website through cookies and other automated technologies. Please review our Cookie Policy for more information.
Service providers. Companies and individuals that provide services on our behalf or help us operate our Services (such as hosting, information technology, customer support, email delivery, and website analytics services).
Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, Bonterra, our subsidiaries or our affiliates (including in connection with a bankruptcy or similar proceedings). Acquirees will be subject to the same terms under this Privacy Policy.

How Customers may direct us to disclose social media matching data.

As directed by our Customers, we enrich our Customers’ email contact lists by appending Customer End Users’ email addresses with social media account information that we obtain from third-party data providers. In addition, Customers and Customer End Users may direct us to make the donor profiles that we build using this feature available to other Customers. Customer End Users who do not want their information to be disclosed to other Customers through this feature can opt out by canceling the Social Matching Feature.

How you may disclose personal information through the Services. You may disclose personal information to:

The public. If you decide to participate in one of our Services’ features, such as our online blogs, you make this information available to other Bonterra Users, Customer End Users, and/or the general public.

Privacy rights and choices

Access to account information. You may update, correct, or delete your account information by accessing the account you have established with us on the Services.
Opt out of marketing communications. You can opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the emails you receive from us. If you do so, you will continue to receive service-related and other non-marketing emails until you cease using our Services linked to those service updates. Please note that Bonterra is not responsible for our Customers’ communications sent to you; to opt out of communications you receive from our Customers, please follow the opt-out or unsubscribe options contained in our Customers’ communications.
Opt out of data sharing among Bonterra affiliates. You may opt out of data sharing among our affiliate organizations (such as EveryAction and CyberGrants) by contacting us at [email protected].

Privacy rights. You have the right to submit requests about your personal information, depending on your location and the nature of your interactions with our Services:

Information about how we have collected and used personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.
Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
Correction of personal information that is inaccurate or out of date.
Deletion of personal information that we no longer need to provide the services or for other lawful purposes.
Opt out of the processing or sharing of your personal information for targeted advertising. We share personal information with advertising partners that display targeted advertisements to users around the web. You can limit online tracking as described in our Cookie Policy or by contacting us at [email protected].
Opt out of the processing or sharing of your personal information for targeted advertising. We share personal information with advertising partners that display targeted advertisements to users around the web. You can limit online tracking as described in our Cookie Policy or by clicking on the “Your privacy choices” link on our website footer.
Appeal our denial of your personal information request by contacting us as set out below.
Additional rights, such as to object to and request that we restrict our use of personal information.

NOTE: WE DO NOT SELL YOUR PERSONAL INFORMATION.

To make privacy-related requests, please contact us at [email protected]. We reserve the right to confirm the identity of the individual making a request before we respond to the request and to assess whether these rights apply to you.

To enable us to match our records with your personal information to respond to your request, you must include the following details in your request. If you do not include this information, we may be unable to complete your request:‍‍

The name of the Bonterra Services you have used — EveryAction, Mobilize, NGP VAN, CyberGrants, Network for Good, and/or Social Solutions
The first and last name you used to access the Services
The email address you used to access the Services

California residents can empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws.

Additionally, applicable law can limit these rights, for example, by prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request. If we decline a request, we will explain why we took that action, subject to legal restrictions.

You are entitled to exercise all rights described in the Privacy Rights and Choices section free from discrimination.‍‍

Third-party services

Our Services can contain links to websites and other online services operated by third parties. In addition, our content can be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of or representation that we are affiliated with any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Information Security

We employ current industry standard and legally required technical, organizational, and physical safeguards designed to protect the personal information we collect.

Data Privacy Framework

Bonterra complies with the EU-U.S. Data Privacy Framework and the UK Extension of the EU-U.S. DataPrivacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the DPF Frameworks”) asset forth by the U.S. Department of Commerce and the European Commission regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to Bonterra’s subsidiaries CyberGrants LLC and EveryAction Inc. in the United States. For more information regarding Bonterra’s adherence to the General Data Protection Regulation (“GDPR”) and other Data Protection Laws of the European Union, the European Economic Area (“EEA”), and their respective Member States, Switzerland, and the United Kingdom (“UK”), please see Bonterra’s Data Processing Addendum (“DPA”) at here.

Bonterra has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles (the “Principles”) with respect to such information. If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Pursuant to the DPF Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF Frameworks, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents or Customers, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a request as set out in the Privacy Rights and Choices section above or by written request to [email protected].

Bonterra may transfer personal information to third parties as described in this Privacy Policy. Bonterra maintains contracts with its third-party service providers restricting their access, use, and disclosure of personal information in compliance with our obligations under the DPF Frameworks. Bonterra may be liable if these third parties fail to meet those obligations and we are responsible for the event giving rise to the damage.

In compliance with the Principles, we commit to resolve complaints about our collection or use of your personal information. European individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact us at: [email protected]

We have further committed to refer unresolved privacy complaints under the Principles to an independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Data Privacy Framework Panel. Additional information on the arbitration process is available on the Data Privacy Framework website at https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Bonterra may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Bonterra’s commitments under the Principles are subject to the investigatory and enforcement powers of the
Federal Trade Commission.

Children’s privacy

Our Services are not intended for use by children under 13 years of age in the U.S., and under 16 years of age in the EEA/UK. If we learn that we or a Customer has collected personal information through our Services from a child under 13 in the U.S. or under 16 in the EEA/UK without the consent of the child’s parent or guardian as required by law, we will delete it.

Job applicants

When you visit the Careers portion of the website, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information on the basis of our legitimate business interests to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, to monitor recruitment statistics and to respond to surveys. We may also use this information to provide improved administration of the services and as otherwise necessary (i) to comply with relevant laws or to respond to subpoenas or warrants served on us, (ii) to protect and defend our or others’ rights or property, (iii) in connection with a legal investigation and (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy or our Terms of Use.

Retention

We retain personal information for as long as appropriate to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. If applicable, we will retain personal information as agreed upon in the Customer’s signed agreement.

Cross-border processing of personal information

If you provide us with your personal information when using the Services, then please note that we are headquartered in the United States. To provide and operate our Services, it is necessary for us to process personal information in the United States.

If we transfer personal information across borders such that we are required to apply appropriate safeguards to personal information under applicable data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you (for example, by posting the Privacy Policy on our Services).

How to contact us

You can reach us by email at [email protected] or at the following mailing address:

Bonterra, LLC.
‍10801 North MoPac Expressway, Suite 400
Austin, TX 78759 USA

Notice to EU, UK and Swiss residents

EU and UK Representatives.

We have appointed a representative in the EU and the UK. For the EU, please contact our representative by email at [email protected]. In the UK, please contact our representative by email at [email protected]. Visit www.VeraSafe.com for more information.

If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you can contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

This Cookie Policy explains how Bonterra uses cookies and similar technologies in connection with our Services.

What are cookies and similar technologies?

Cookies are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand activity and patterns, and facilitating online advertising.
Local storage technologies, like HTML5, provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How do we use cookies and other similar technologies?

We, our service providers, and our advertising partners automatically log information about individuals’ interactions with our Services and communications, such as:

Device information, such as computer or mobile device operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state, or geographic area.
Online activity information, such as pages or screens viewed, how long individuals spend on a page or screen, the website they visited before browsing to our website, navigation paths between pages or screens, information about activity on a page or screen, access times and duration of access, and whether individuals open our marketing emails or click links within them.

We may also allow our advertising partners to collect this information through our website.

This Cookie Policy refers to all these technologies collectively as “cookies.”

What types of cookies and similar technologies does Bonterra use?

We use the following categories of cookies:

Essential. These cookies are necessary to allow the technical operation of our Services (e.g., they enable you to move around on a website and to use its features).

Functionality / performance. We use these cookies to enhance the functionality and performance of the Services.

Analytics. We use these cookies to help us understand how our Services are performing and being used. For example, we use Google Analytics to collect information about how users use our Services, which we then use to compile reports that disclose trends without identifying individual visitors, and help us improve our Services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.

Advertising. We and our third-party advertising partners use these cookies to collect information about how you use our website and use that information to serve online ads that may be relevant to your interests. Please find examples of the third-party advertising cookies we use and links to their platform opt-out pages in the following section.

‍How can you control the use of cookies?

‍Other than “essential cookies,” which are required to allow our Services to operate, you can control our use of cookies through our Cookie Settings.

You can also limit online tracking by:

Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. Use the following links to learn more about how to control cookies and online tracking through your browser:
- Firefox; Chrome; Microsoft Edge; Safari
Blocking advertising ID use in your mobile settings. Your mobile device settings can provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers.
Advertising industry opt out tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
- Digital Advertising Alliance for Websites: https://youradchoices.com/control
- Network Advertising Initiative: optout.networkadvertising.org

Platform opt-outs. Some third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:
- Google
- LinkedIn
- Bing
- Facebook

Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers can be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit https://allaboutdnt.com/.