At Endaoment, we treat your privacy and personal information with the utmost care and seriousness.
We've employed thorough data management & encryption practices while also employing techniques novel to blockchains to secure required personal information in the safest way possible. No system is perfect, but we're committed to leading the way in protecting your identity while providing compliant, tax deductible philanthropic services and transparent data management practices.
We collect your name, Ethereum wallet address, email address, and a U.S. mailing address whether you're creating a Donor-Advised Fund or claiming an organization.
None of your personal information is ever stored on-chain.
We use this identifying data to serve two key purposes:
1) To be able to communicate with you about product updates, services, issues, or other communications necessary to provide you with the services outlined in our Terms and Conditions, and
2) To be able to comply with required due diligence procedures surrounding "No Donor Benefit" and our Organization Funding policy.
We will never sell your information, or pass along any of your personal information to a third party outside of the uses/circumstances outlined above and in our Terms & Conditions.
Your data is encrypted on our private database. Additionally, we use a special cookie-based authentication mechanism that works together with your Ethereum wallet to secure your account.
Any Endaoment user must be able to prove they hold the private keys to their supplied Ethereum wallet address in order to access their personal information.
When you sign our Terms & Conditions, you sign a message using your Ethereum wallet. This signed message proves that you control the wallet address specified in the message. It also holds a statement whereby you agree to the policies found in our Governance Documents.
We use this message to create & store a browser-specific, HTTP-only cookie locally on your device holding the value of your signed message. Every request to our database must be accompanied by the message inside this cookie. If a user attempts to request any personal information without our cookie proving control over a given wallet, no data is returned. If you visit app.endaoment.org from a new browser and connect a previously-connected account, you'll be prompted to re-sign the message with your Ethereum wallet before any personal information is passed from our database.
We're excited to be leveraging message signatures to help us eliminate the need to store passwords on our database. This creates a more secure and seamless experience for users and demonstrates how companies in the decentralized finance space can find a balance between regulatory compliance and user-empowering privacy.
In compliance with the California Attorney General's statute of limitations on charitable donation, we must hold all information pertaining to our Donor-Advised Funds for a minimum of 10 years.
Data will always remain securely stored on our encrypted server, backed up regularly and protected with our advanced cryptographic signature-powered access controls.
Should you cease to be an Endaoment customer and wish to have your data deleted, you may request a purge of your personal information by emailing firstname.lastname@example.org.
We will review the activity of your account and will promptly delete any information deemed not necessary to comply with regulatory oversight requirements.