Privacy Policy

Who we are

Jubily (“Jubily,” “we,” “us”) is operated by Jubily Global LLC, a Texas limited liability company. We run the website at jubily.org, which lets people donate to verified 501(c)(3) charities and appear on a public giving leaderboard.

What we collect

Account data: when you sign in, we collect your email address (used as your login). If you complete profile setup, we also collect your first and last name (or business name), an optional bio, optional location (city, state, country), an optional website (businesses only), and an optional avatar / corporate logo you upload. If you sign up immediately after making a guest donation and choose to claim that gift toward your new profile, we match the email on your Jubily account against the email on your Stripe Checkout session to attribute the donation; this attribution only succeeds when the emails match and the donation was made within the past 24 hours.

Donation data: when you donate, we record the amount, the charity you donated to, the cause category, whether you covered the fees, and an internal Stripe payment reference. We also receive from Stripe and store your billing address (city, state, postal code, country), your payment method type (e.g. Visa, Mastercard, ACH bank transfer) and the last four digits of your card or bank account. For donations of $10,000 or more, Stripe Checkout also asks for your phone number; if you provide it, we store it so a Jubily administrator can contact you to confirm intent before the gift is released to the charity. Card numbers and CVCs are neversent to or stored by Jubily — they are submitted directly to Stripe’s hosted checkout page.

Recurring-gift data: if you set up a monthly or annual recurring donation, we additionally record the billing interval (month or year), the duration you committed to (e.g. 12 months, 5 years, or indefinite), the Stripe subscription identifier, and the next-renewal date so we can manage your subscription. You can view, modify, or cancel recurring gifts at any time from Settings → My giving.

Business-donor data:if you choose to donate as a business (either by signing in to a business profile or by expanding the “donating on behalf of a business” section at checkout), we additionally record the business’s EIN and an optional reference label (e.g. a PO number) that you can provide for your own accounting purposes. These fields appear on the donor’s copy of the tax receipt.

Shipping address (plaque tier only):if your cumulative giving qualifies you for a physical recognition plaque, we ask you to provide a shipping address so we can mail it to you. Shipping addresses are only requested when you cross the relevant giving threshold, are visible only to the Jubily administrator handling fulfillment, and are not shared with the charities you’ve donated to or with any third party other than the shipping carrier.

Display-preference choices: at the time of each donation, you choose how that gift appears on public donor surfaces (public name, first name only, or anonymous). We record that choice on the donation row and honor it on the ticker, leaderboards, and per-charity donor lists.

Charity application data:if you apply on behalf of a nonprofit, we collect organization details (name, EIN, mission, impact story, website URL, contact information, banking details via Stripe Connect, and an optional copy of your IRS determination letter) required to verify and onboard your charity. Portions of this content are also analyzed by AI as part of our vetting process (see “Use of AI in charity vetting” below).

Automatically collected data:standard server logs (IP address, request times, user agent), used for debugging, security, and abuse prevention. If you’ve enabled cookies, we may also collect aggregate analytics about page views and interactions through Google Analytics, Google Tag Manager, and/or Meta Pixel.

How we use it

• To run the platform — show you charities, accept your donation, route the money, send confirmations.
• To display public profiles and leaderboards (only when you’ve set your profile to public).
• To send you transactional emails (sign-in links, donation thank-yous, charity application alerts).
• To maintain platform security and prevent fraud.
• To analyze aggregate usage and improve the service.

Use of AI in charity vetting

When a charity applies to be listed on Jubily, we send portions of the application — including the organization’s name, EIN, mission statement, impact story, contact information, and text extracted from the charity’s public website — to Anthropic, Inc. for analysis by their Claude AI model. Anthropic returns a structured vetting report (verdict, summary, strengths, concerns, and recommended next steps) that informs but does not replace a human admin review. A human Jubily administrator makes all final approval and rejection decisions.

Application content sent to Anthropic is processed under Anthropic’s commercial API terms, which do not permit use of submitted content for training their AI models. The vetting report is stored on the charity’s record in our database and is visible only to Jubily administrators. We do not send donor data, donation amounts, or donor identity information to Anthropic at any point.

If you are applying as a charity and would prefer your application not be analyzed by AI, email givejubily@gmail.com before or shortly after submitting and we will review your application manually.

Who we share it with

• Charities you donate to. When you donate, the charity sees your name (unless you choose to donate anonymously) and email address — exactly as if you donated on the charity’s own website.
• Stripe. All payments are processed by Stripe, Inc. Their privacy policy applies to data they collect.
• Anthropic, Inc. We send portions of charity application content to Anthropic for AI-assisted vetting analysis. See “Use of AI in charity vetting” above for details. Their privacy policy applies to data they receive.
• Resend. Our transactional email provider. Resend processes the email content and recipient address necessary to deliver donation receipts, sign-in links, charity application notifications, and other system emails on our behalf.
• Supabase. Our database and authentication provider. All account data, donation records, and charity records are stored in Supabase’s managed Postgres infrastructure under their contractual privacy and security obligations.
• Vercel. Our application hosting provider. Standard request logs (IP address, request times, user agent) pass through Vercel as part of normal web request handling.
• Analytics providers. If active: Google Analytics, Google Tag Manager, and/or Meta (Facebook) Pixel.

We do not sellyour personal data, and we don’t share it with anyone outside the categories above.

Public profiles and the leaderboard

By default, your profile is set to public — meaning your display name, location, avatar, and total non-anonymous donation amount may appear on the global leaderboard, on cause-specific leaderboards, in search results, and on charity profile pages. You can flip your profile to private at any time in settings.

At the time you donate, you choose how that specific gift appears on public donor lists and the home-page ticker:

• Public name — your full display name appears (for individuals, first name + last initial; for businesses, the full business name).
• First name only — only your first name appears next to the gift.
• Anonymous — no name appears, and the gift is excluded from your public total.

We do not display your name on any public donor surface unless you have selected one of the non-anonymous options for that specific gift. You can also email givejubily@gmail.com at any time to have a past gift removed from public donor lists.

Cookies and tracking technologies

Essential cookies. We use a session cookie for authentication so you stay signed in. This cookie is required for the Service to function and cannot be disabled without breaking sign-in.

Analytics.If active for your environment, we use Google Analytics, Google Tag Manager, and/or Meta’s pixel (also called the Facebook Pixel) to measure traffic, page views, and donation completions.

Meta Pixel and advertising.When the Meta Pixel is active, it sends event data (such as page views and donation completions) to Meta Platforms, Inc. for measurement and advertising. Under California law, this constitutes “sharing” of personal information for cross-context behavioral advertising. We have enabled Meta’s Limited Data Use mode for California users by default. You can opt out of Meta Pixel entirely on your browser by visiting Your Privacy Choices. We also automatically honor the Global Privacy Control (GPC) browser signal as a valid opt-out, so users on GPC-enabled browsers (Firefox, Brave, DuckDuckGo, and others) do not need to take any further action.

What is not shared with advertisers. We do not send Meta or any other advertising platform your name, email address, donation amount, charity selected, donor-covered-fee status, recurring-subscription details, tax-receipt content, billing address, payment method, or any free-form text you submit (bios, charity application content, etc.).

Your rights

You can access, correct, or delete your account data at any time:

• Edit your profile, name, location, avatar, etc. in settings.
• Permanently delete your account in the danger zone of settings. This removes your profile data; donation records remain on file with the receiving charities (which they need for their own tax/audit purposes).
• Email givejubily@gmail.com if you have any other privacy request.

Data retention

We keep different categories of data for different lengths of time, based on the purpose for which we collected it:

• Account and profile data: retained while your account is active. If you delete your account, profile data is removed within 30 days, except where we are required to keep it longer for legal or compliance reasons.
• Donation records: retained for at least 7 years to comply with IRS recordkeeping requirements and the recipient charities’ own audit obligations. Donation records are not deleted when an account is deleted.
• Server logs: retained for up to 90 days for debugging, security, and abuse prevention, then deleted or anonymized.
• Email delivery records: retained for up to 12 months by our email service provider for deliverability monitoring.
• Anonymized or aggregated analytics: may be retained indefinitely (no longer linked to you).

Data security and breach notification

We use industry-standard administrative, technical, and physical safeguards designed to protect your personal information, including encryption in transit (TLS), encryption at rest for sensitive fields, role-based access controls, and infrastructure hosted by reputable providers with their own security certifications. Payment card details are never transmitted to or stored by Jubily — they go directly to Stripe’s PCI-compliant checkout.

No system is perfectly secure.If we discover a security incident that compromises your personal information, we will notify you and any required regulatory authorities in accordance with applicable law (including state data-breach notification laws). Notification will be made by email or, if that’s not feasible, by prominent notice on the Service.

California privacy rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

• Right to know: what personal information we collect, the sources, the purposes, and to whom we disclose it. The categories we collect are described above under “What we collect.”
• Right to access: request a copy of the specific personal information we have about you.
• Right to delete: request deletion of personal information we have about you, subject to legal exceptions (such as donation records we’re required to retain).
• Right to correct: request correction of inaccurate personal information.
• Right to non-discrimination: we will not discriminate against you for exercising any of these rights.
• Right to limit use of sensitive personal information: we do not use sensitive personal information for purposes that would trigger this right.

Sales and sharing under California law. We do not sell personal information for money or other valuable consideration. We do share certain event data (page views, donation completions) with Meta through the Meta Pixel for cross-context behavioral advertising. We do not share your name, email, donation amount, charity selection, or any free-form content with Meta or any other advertiser. You can opt out of this sharing at any time by visiting Your Privacy Choices, and we automatically honor the Global Privacy Control browser signal as a valid opt-out request. We do not knowingly sell or share the personal information of consumers under 16.

To exercise any of these rights, email givejubily@gmail.com. We may need to verify your identity before responding.

Other state privacy rights

Residents of Colorado, Connecticut, Delaware, Iowa, Indiana, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia (and other states with comprehensive privacy laws) have rights similar to those described above for California residents — including the right to access, correct, delete, and port their personal information, and to opt out of targeted advertising and sales of personal information. Email givejubily@gmail.com to exercise any of these rights.

International users and data transfers

Jubily is operated from the United States, and any personal information you provide is processed and stored in the U.S. and other jurisdictions where our service providers operate. By using the Service from outside the United States, you consent to the transfer of your information to the U.S., which may have data-protection laws different from those of your home country. We have not designed the Service for compliance with the EU General Data Protection Regulation (GDPR) or the UK GDPR; if you are subject to those regimes, please consider whether the Service is appropriate for you.

“Do Not Track” signals

Our Service does not respond to browser “Do Not Track” signals because there is no consistent industry standard for compliance. You can control cookies and tracking through your browser settings.

Children

Jubily is intended for users aged 18 and over. We do not knowingly collect personal information from children under 13 (in compliance with the Children’s Online Privacy Protection Act) or from minors between 13 and 17. If you are a parent or guardian and believe your child has provided us with personal information, contact us at givejubily@gmail.com and we will delete it promptly.

Changes to this policy

If we make material changes, we’ll update the “Last updated” date at the top and notify users by email when appropriate.

Contact

Questions or requests? Email givejubily@gmail.com.