At Endaoment, we treat your privacy and personal information with the utmost care and seriousness.
We've employed thorough data management & encryption practices while also employing techniques novel to blockchains to secure required personal information in the safest way possible. No system is perfect, but we're committed to leading the way in protecting your identity while providing compliant, tax deductible philanthropic services and transparent data management practices.
How is my personal information used by Endaoment?
We collect your name, Ethereum wallet address, email address, and mailing address whether you're creating a Donor-Advised Fund or claiming an organization.
None of your personal information is ever stored onchain.
We use this identifying data to serve two key purposes:
1) To be able to communicate with you about product updates, services, issues, or other communications necessary to provide you with the services outlined in our Terms and Conditions, and
2) To be able to comply with required due diligence procedures surrounding "No Donor Benefit" and our Organization Funding policy.
We will never sell your information, or pass along any of your personal information to a third party outside of the uses/circumstances outlined above and in our Terms & Conditions.
How is my data protected?
Your data is encrypted on our private database. Additionally, we use special authentication mechanisms that works together with your Ethereum wallet to secure your account.
All Endaoment users must be able to prove they hold the private keys to their supplied Ethereum wallet address in order to access personal information assocaited with their fund(s).
When you sign our Terms & Conditions, you sign a message using your Ethereum wallet. This signed message proves that you control the wallet address specified in the message. It also holds a statement whereby you agree to the policies found in our Governance Documents.
We use this message to create & store a cookie locally on your device which holds the value of your signed message. Every request to our database must be accompanied by the message inside this cookie. If a user attempts to request any personal information without our cookie proving control over a given wallet, no data is returned. If you visit app.endaoment.org from a new browser and connect a previously-connected account, you'll be prompted to re-sign the message with your Ethereum wallet before any personal information is passed from our database (after generating a new cookie).
We're excited to be leveraging message signatures to help us eliminate the need to store passwords on our database. This creates a more secure and seamless experience for users and demonstrates how companies in the decentralized finance space can find a balance between regulatory compliance and user-empowering privacy.
How long do we store personal information?
In compliance with the California Attorney General's statute of limitations on charitable trusts, we must hold all information pertaining to our Donor-Advised Funds for a minimum of 10 years.
Data will always remain securely stored on our encrypted server, backed up regularly and protected with our advanced cryptographic signature-powered access controls.
Can I have my data deleted?
Should you cease to be an Endaoment customer and wish to have your data deleted, you may request a purge of your personal information by emailing [email protected].
We will review the activity of your account and will promptly delete any information deemed not necessary to comply with regulatory oversight requirements.