Privacy Policy

Last updated: July 2026

⚠️ Working draft, pending legal review. This document is a starting point for our counsel and is not yet final. It does not constitute legal advice and should not be relied on until reviewed and published in final form.

This Privacy Policy explains how Menos Labs ("Menos Labs", "we", "us"), which provides the Monation service, collects, uses, and shares information when a nonprofit organization ("Customer") uses our donation widget and Campaign Pages, and when a donor gives through a Customer that uses Monation. Monation is a Menos Labs company; we intend to operate it through a wholly-owned subsidiary once that entity is formed. By using Monation you agree to the practices described here.

1. A note on the money

Monation is the donate button and the page around it. We do not hold, process, or route donation funds. Donations are handled by the Customer's own payment processor (for example Stripe or PayPal) or by a linked donation page, and go directly to the Customer. Because of this, we are not a party to the donation transaction and do not store donor card or bank numbers.

2. Information we collect

From Customers (nonprofit account holders):

From donors (people who give through a Customer):

From everyone: basic technical data such as IP address, browser type, and pages viewed, plus anything you submit through our contact, support, or research-feedback forms.

3. How we use information

We do not sell personal information, and we do not use donor data for our own advertising.

4. Service providers (subprocessors)

We share information with vetted providers only as needed to run the service:

ProviderPurpose
StripeSubscription billing and (where connected) donation processing
CloudflareHosting, content delivery, database, and security
ResendTransactional email delivery
ProPublica Nonprofit ExplorerPublic EIN / 501(c)(3) verification

We may also disclose information if required by law, to protect our rights or users' safety, or in connection with a merger or acquisition.

5. Cookies and analytics

We use a small number of strictly necessary cookies, primarily a signed session cookie to keep you logged in. We do not use third-party advertising cookies. The embeddable widget stores only what it needs to function on the Customer's site.

Analytics. We provide Customers with first-party analytics about their own widget and Campaign Pages, including impressions, opens, donations, traffic sources, and conversion rates. This is measured on our own servers without cookies and without any third-party trackers (no Meta Pixel, no Google Analytics) placed on Customer or donor devices. To estimate unique visitors we use a daily-rotating, one-way hash derived from technical signals; it is not a persistent identifier and is not used to track individuals across sites or over time. Analytics hold aggregate counts and low-cardinality context (such as device type, referring domain, and country), not donor names or contact details.

6. Data retention

We keep account and donor data for as long as the Customer's account is active and as needed to provide the service, then for a reasonable period to meet legal, tax, and accounting requirements. Sign-in codes expire within minutes. Customers can request deletion of their account data as described below.

7. Your choices and rights

Depending on where you live (for example under the EU/UK GDPR or the California CCPA/CPRA), you may have the right to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. Donors should direct requests to the nonprofit they gave to; where we act on a Customer's behalf, we will support that Customer in responding. To make a request to Monation directly, use the contact details below. We will not discriminate against you for exercising these rights.

8. Security

We use industry-standard measures including encryption in transit, hashed session tokens, scoped access, and reputable infrastructure providers. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify affected parties as required if a breach occurs.

9. Children

Monation is intended for organizations and adults. It is not directed to children under 13 (or the equivalent minimum age in your region), and we do not knowingly collect their personal information.

10. International transfers

We are based in the United States and our providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards for cross-border transfers.

11. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the "Last updated" date and, where appropriate, provide additional notice.

12. Contact us

Questions about privacy or a data request? Reach us through our contact form. We will update this section with a dedicated privacy contact and mailing address before launch.