Privacy Policy

Last updated

This Privacy Policy was last updated on May 23, 2026. It applies to Cendance websites, dashboard accounts, support, sales, billing, and product workflows unless a signed customer agreement or data processing addendum says otherwise.

Scope and roles

Cendance, Inc. acts as a controller or business for information we collect for our own websites, accounts, billing, sales, support, security, and product administration. When an organization uses Cendance to manage member, donor, volunteer, ministry, finance, form, communication, or media records, that organization is usually the controller or business and Cendance acts as its processor, service provider, or contractor.

• Website visitors, demo requesters, newsletter subscribers, and support contacts
• Customer administrators, staff, volunteers, contractors, and account users
• People whose records are uploaded, entered, or processed by a Cendance customer

Personal information we collect

The personal information we collect depends on how you interact with Cendance and what a customer chooses to store in the platform. We collect only information that is reasonably needed for disclosed business, product, security, legal, or customer-directed purposes.

• Identifiers and contact details such as name, email, phone, organization, role, account ID, and login information
• Customer content such as people, household, volunteer, donor, giving, form, communication, event, task, media, attachment, note, and workflow records
• Billing and transaction details such as plan, invoice, payment status, donation or giving metadata, and payment processor references
• Device, usage, and cookie data such as IP address, browser, operating system, pages visited, features used, diagnostic logs, approximate location, and analytics events
• Support, sales, and communication data such as messages, recordings, preferences, feedback, questionnaire responses, and implementation notes
• Sensitive personal information only when provided by you or a customer, such as religious affiliation, giving history, prayer or care details, accessibility notes, or similar customer-directed records

Sources of information

We collect information directly from you, from customer administrators and authorized users, from devices and browsers, from support and sales interactions, from payment processors and integration partners, and from public or commercially available sources when used for ordinary business contact and account administration.

How we use information

We use personal information to provide, secure, improve, support, bill for, and communicate about Cendance. For GDPR purposes, our legal bases may include contract performance, legitimate interests, consent, and legal obligations. For customer data, the customer is responsible for identifying its lawful basis or consent where required.

• Provide dashboard access, authentication, organization workspaces, workflows, reporting, storage, communications, integrations, and customer-requested services
• Secure accounts, prevent fraud, debug incidents, monitor abuse, enforce terms, and maintain audit trails
• Respond to support requests, demos, procurement reviews, questionnaires, notices, and privacy requests
• Process billing, subscriptions, invoices, donations, giving records, and payment processor reconciliation
• Improve product performance, reliability, accessibility, user experience, and operational reporting
• Send service, security, transactional, product, and marketing communications where permitted by law or consent
• Comply with legal, tax, accounting, regulatory, law enforcement, dispute, and contract obligations

Customer data instructions

For customer data, Cendance processes personal information according to the customer's agreement, configuration, and documented instructions. If you are a member, donor, volunteer, guest, child, parent, guardian, or other individual connected to a Cendance customer, please contact that organization first for access, correction, deletion, consent, or restriction requests. We will support the customer in responding as required by applicable law.

How we disclose information

We disclose personal information only as needed for the purposes described in this policy, customer instructions, or applicable law. Cendance does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not use customer data to train models for third parties.

• Customer administrators and authorized users within the relevant organization workspace
• Service providers, subprocessors, contractors, and professional advisers that help host, secure, support, analyze, bill for, or operate Cendance
• Customer-enabled integrations such as accounting, email, automation, payment, communications, storage, or reporting tools
• Payment processors and financial institutions for transactions, invoices, donations, refunds, fraud checks, and reconciliation
• Authorities, courts, regulators, law enforcement, or other parties when required by law or needed to protect rights, safety, security, or enforce agreements
• Successors in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate privacy commitments

Cookies and analytics

We use cookies, local storage, pixels, and similar technologies for authentication, security, preferences, analytics, diagnostics, and marketing measurement. You can control cookies through your browser settings and any available consent tools. Where legally required, we honor Global Privacy Control and other opt-out preference signals as requests to opt out of sale or sharing.

Retention

We keep personal information for the maximum period permitted by applicable law when it is needed for the purposes described in this policy, customer instructions, contracts, retention settings, backups, audits, legal obligations, dispute resolution, security, and legitimate business records, unless a shorter period is required by law, customer agreement, or product controls. Customer data is retained, exported, deleted, or returned according to the customer agreement and product controls.

Security safeguards

We maintain administrative, technical, and physical safeguards designed to protect personal information relative to its sensitivity, including encrypted transport, encryption-backed managed storage, authentication, access controls, logging, monitoring, vendor review, and security response practices. No system is perfectly secure, so we also maintain incident review and notification processes.

International transfers

Cendance is based in Canada, and data is processed in North American data centres by Cendance and our infrastructure or processing partners, including AWS, Railway, Stripe, and Cloudflare where applicable. When required for GDPR, UK GDPR, Swiss, Canadian, or similar transfer rules, we use appropriate safeguards such as data processing terms, standard contractual clauses, vendor review, and transfer assessments.

Your privacy rights

Depending on where you live and the role Cendance plays, you may have rights to request access, confirmation, portability, correction, deletion, restriction, objection, withdrawal of consent, information about disclosures, and a complaint or challenge to our privacy practices. We will verify and respond to requests within the time required by applicable law.

• GDPR and similar laws: access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority
• California CCPA/CPRA: know, access, delete, correct, opt out of sale or sharing, limit sensitive personal information, non-discrimination, and authorized agent requests
• Canada PIPEDA: access to personal information, correction where appropriate, information about use and disclosure, and the ability to challenge compliance

California notice

For California residents, the categories of personal information we collect, sources, purposes, retention approach, disclosures, and rights are described in the sections above. We do not sell personal information or share it for cross-context behavioral advertising. We do not knowingly sell or share the personal information of consumers under 16. We use sensitive personal information only for permitted business purposes, to provide requested services, for security, or as directed by a customer.

Children and minors

Cendance websites and self-service accounts are not directed to children under 13, and we do not knowingly collect personal information from children under 13 for our own marketing site or self-service signup. Customers may use Cendance to maintain records about children, students, families, or guardians; in those cases, the customer is responsible for required notices, consents, permissions, and instructions.

Changes to this policy

We may update this Privacy Policy as our services, vendors, legal obligations, or privacy practices change. Material changes will be posted on this page and, when appropriate, communicated by email, dashboard notice, or customer administrator notice before they take effect.

Contact us

Questions, privacy requests, accessibility needs, data protection questionnaires, and compliance challenges can be sent to Cendance Privacy. If your request involves customer data, include the organization name so we can route the request to the right customer administrator or support path.