Privacy Policy

“Let’s Raise It”, “we”, “our”, or “us” refers to the operator of letsraiseit.com, a sole proprietorship based in the United States. Contact for privacy questions: privacy@letsraiseit.com.

We collect the following categories of personal information, depending on how you use the service:

• Account information (name, email, password hash, optional phone number, optional profile photo, role) when you sign up as an organization admin, team manager, or player.
• Player profile information (display name, optional avatar, optional bio, chosen visual theme, public “@handle”) when a player builds or claims a profile.
• Donation information (donor name, donor email, optional donor phone, donation amount, optional message, optional anonymous flag) when you make a donation. Card numbers and bank details are sent directly to Stripe and never touch our servers.
• Communications you send to us, including support emails and any free-text messages or stories you write inside campaign pages.
• Phone verifications and SMS consent records (E.164 phone number, the verbatim consent copy you saw, the timestamp, IP address, and user agent) when you opt in to SMS.
• Device, log, and usage data (IP address, browser type, pages viewed, referrer, timestamps) collected automatically by our hosting and analytics vendors.
• Cookies and similar technologies — strictly necessary cookies for authentication and session management, plus analytics cookies (PostHog) that you can disable in your browser without breaking the core service.

We use personal information to:

• Authenticate you and protect your account.
• Process donations, calculate fees, issue receipts, and remit funds to organizations.
• Let players run, share, and personalize their fundraising campaigns.
• Send transactional messages: donation receipts, password resets, campaign launch notifications, payout updates, and security alerts. These are not marketing.
• Send SMS only after you have given express opt-in consent on a specific opt-in form, and only for the purposes disclosed at that moment (donor confirmation, parent share kit).
• Comply with our legal obligations including tax reporting, fraud prevention, and TCPA / COPPA / CAN-SPAM rules.
• Improve the service through aggregated, de-identified analytics.

If you are in the EEA or UK, we rely on the following lawful bases under GDPR: (a) performance of a contract for account creation, donations, and core service delivery; (b) consent for SMS messages, marketing email, and non-essential analytics cookies; (c) legitimate interests for fraud prevention and product improvement; and (d) legal obligation for tax reporting and law enforcement requests. You can withdraw consent at any time without affecting prior processing.

We do not sell personal information and we do not share it for cross-context behavioral advertising. We share information only with these categories of recipients:

• Service providers who operate the platform under written contracts:
  • Stripe — payment processing and Connect payouts.
  • Resend — transactional email delivery.
  • Twilio — phone verification and SMS delivery.
  • Supabase — database, authentication, and file storage.
  • Vercel — application hosting and edge delivery.
  • PostHog — first-party product analytics.
  • OpenAI — generation of suggested invite copy. Prompts and outputs are not used to train OpenAI’s general models per our enterprise terms.
• Organizations and team managers who have administrative access to a player’s campaign data within their organization.
• Public viewers — campaign pages, player profiles, donation amounts, donor display names, and donor messages are intentionally public unless the donor checks “Anonymous”. Anonymous donations still appear in totals but the donor name is hidden.
• Authorities in response to valid legal process, or to protect rights, safety, and property.
• Business successors in the event of a merger, acquisition, or asset sale. Any successor must honor this Privacy Policy or notify you of changes.

When you provide a mobile phone number to receive SMS, we ask for a separate, express opt-in checkbox that is not pre-checked. The checkbox text we present at opt-in is the legally binding disclosure; we store a verbatim copy of that text along with the timestamp, IP address, and user agent at the moment you consented.

• Message frequency varies. Standard message and data rates may apply.
• Reply STOP to any message to opt out. Reply HELP for help or email us at privacy@letsraiseit.com.
• SMS opt-in is per-campaign. Opting in for one campaign does not opt you in to others.
• We do not share mobile opt-in information or consent records with third parties or affiliates for marketing.

The service is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If a parent or guardian believes a child under 13 has provided personal information, please email privacy@letsraiseit.com and we will delete it promptly. Organizations that include athletes under 13 must obtain verifiable parental consent before adding those athletes as players, and must use the platform’s parent share kit (which sends the parent the consent + privacy disclosures) rather than entering child contact information directly.

We keep personal information only as long as necessary for the purpose it was collected:

• Account information — for the life of the account, plus 30 days after deletion request.
• Donation records, receipts, and tax records — at least 7 years to meet IRS and state recordkeeping obligations.
• SMS consent records — for the life of the consent, plus 4 years (TCPA statute of limitations).
• Server logs — 30 days, then aggregated.
• Analytics events — 12 months at the user level, then aggregated.

We use TLS in transit, encryption at rest for the database, role-based access control with row-level security in the database, hashed passwords, short-lived session tokens, and time-limited claim tokens for player onboarding. No system is perfectly secure; please use a strong, unique password and enable any available security features on your account.

Depending on where you live, you may have the right to access, correct, delete, restrict, port, or object to our processing of your personal information; to withdraw consent; and to lodge a complaint with a regulator. To exercise any of these rights, email privacy@letsraiseit.com. We will respond within the time required by applicable law (typically 30–45 days).

California residents have additional rights under the CCPA / CPRA, including the right to know what personal information we collect, the right to delete, the right to correct, the right to opt out of “sharing” for cross-context behavioral advertising (we do not share for that purpose), and the right not to be discriminated against for exercising these rights.

We are based in the United States and our service providers operate primarily in the United States. If you access the service from outside the United States, your information will be transferred to and processed in the United States.

When we make material changes we will update the “Last updated” date and, when required, notify you by email or in-app notice before the change takes effect. Continued use after the effective date constitutes acceptance.

Privacy questions, requests, and complaints: privacy@letsraiseit.com.