Tythe Privacy Policy

Version 1.1 (current version)

This policy has been in effect since 7 Dec 2022. Click here for the old policy.


The privacy of your data is a big deal to us. We'll only ever access your account to help you with a problem or squash a software bug.

Cookies

Cookies are small snippets of information associated with a particular website that can be stored in your web browser. They have many uses, including keeping you logged in as you navigate around a website.

Essential cookies

Some cookies are necessary for the website to function normally, so we always use them. Some examples of their uses are:

  • Keeping you signed in as you navigate around the website (after signing in).
  • Remembering your cookie preferences, so you don't see a cookie banner on every page.

Optional Cookies

If you give your permission by clicking "Ok" in the cookie consent banner, we'll also use the following cookies.

  • Functional cookies allow your device to remember your preferences and settings on the site. For example, your preferred currency of payment.
  • Analytics cookies give us anonymous statistical information about how the site is being used. This helps us improve Tythe, for example by re-designing certain pages to make them clearer.
  • Marketing cookies help us understand which adverts are successful at raising donations. Tythe occasionally runs ads to reach more donors. For example, as a nonprofit we get a certain number of free ads to show at the top of Google search results each month.

Identity & access

When you sign up for Tythe, we ask for your name, email address, home address, tax status and we also ask you to choose a username. That allows you to personalise your new account, and means we can send you important updates as well as claim Gift Aid on your donations. If you choose to sign in with your Google account, we'll store your name, email address and profile picture from that account.

Your username and profile picture may appear publicly alongside your actions on the site, including donations you've made.

We'll never sell your personal information to third parties without your permission, and we won't use your name in marketing statements without your permission either.

When you donate on Tythe, we'll ask for your credit/debit card details, billing address or bank details. Your card details and/or bank details are passed directly to our payment processor and don't ever go through our servers. We store your billing details to detect fraudulent behaviour, and to pre-fill the Gift Aid form so you don't have to enter the same information twice.

When you write to Tythe with a question or to ask for help, we'll keep that correspondence, and the email address, for future reference. We also store any information you volunteer, like surveys, for as long as it makes sense.

The only times we'll ever share your info:

  • To provide products or services you've requested, with your permission.
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
  • If Tythe transfers to or merges with another charity we'll notify you before any information about you is transferred and becomes subject to a different privacy policy.

Your rights with respect to your information

You may have heard about the General Data Protection Regulation (GDPR) in Europe. GDPR gives people under its protection certain rights with respect to their personal information collected by us on the site. Accordingly, Tythe recognises and will comply with GDPR and those rights, except as limited by applicable law. The rights under GDPR include:

  • Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
  • Right to Correction. This is your right to request correction of your personal information.
  • Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the "Right to be forgotten").
  • Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.
  • Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed.
  • Right to Object. This is your right, in certain situations, to object to how or why your personal information is processed.
  • Right to Portability. This is your right to receive the personal information we have about you and the right to transmit it to another party.
  • Right to not be subject to Automated Decision-Making. This is your right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable European law, or is based on your explicit consent.

If you have questions about exercising these rights or need assistance, please contact us at support@tythe.org.

Processors we use

As part of the services we provide, and only to the extent necessary, we may use certain third party processors to process some or all of your personal information.

Tythe uses third party subprocessors, such as payments services and cloud computing providers, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed. Our subprocessors:

We only ever use third party processors who are GDPR compliant and have an awareness of data protection, security and confidentiality.

Law enforcement

Tythe won't hand your data over to law enforcement unless a court order says we have to. And unless we're legally prevented from it, we'll always inform you when such requests are made.

Security & encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. All stored data is encrypted at rest using the industry standard AES-256 encryption algorithm.

Deleted data

To fulfil our obligations to HMRC, we must keep records of your donations and Gift Aid declarations for at least 6 years after the end of the accounting period they relate to. When you delete your account, we'll ensure that no other personal information is stored on our servers past 30 days, except where required by law.

Location of site and data

This website is operated in Europe and our data is held and processed in Europe.

Changes & questions

Tythe may update this policy once in a blue moon - we'll notify you about significant changes by email or by placing a prominent notice on our site. You can access your personal information at any time by emailing support@tythe.org.

Questions about this privacy policy? Please get in touch and we'll be happy to answer them!