Privacy Policy

Version 1.0 · Effective Date: April 1, 2026 · Last Updated: March 7, 2026

      Our commitment: SomeDo.Org is built on transparency and doing good. That extends to how we handle your data. We collect only what we need, we never sell your personal information, and we give you control over your data.
    

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Name, email address, and password (stored securely using one-way hashing)
Profile information you choose to provide (bio, location, profile photo)
Account type (Doer, Sponsor, or Charity)

1.2 Deed Information

When you log a good deed, we collect:

Deed type, description, and date performed
Photos or proof you choose to upload
Charity designation for fund direction

1.3 Payment Information

Payment processing is handled by Stripe, our PCI-compliant payment partner. We do not store your full credit card number, CVV, or bank account details on our servers. We retain only:

Card brand and last 4 digits (for display purposes)
Stripe customer and payment method identifiers
Transaction history (amounts, dates, status)

For charities, banking information (routing and account numbers) is encrypted at rest using AES-256 encryption.

1.4 Charity Application Data

Organization name, EIN/tax ID, contact information
Mission description and category
Verification documentation

1.5 Usage Data

We automatically collect:

IP address and approximate location
Browser type, device type, and operating system
Pages visited and time spent on the platform
Referring URLs

2. How We Use Your Information

We use your information to:

Provide the service — display deeds, process sponsorships, distribute funds
Process payments — charge sponsors and pay out to charities
Verify deeds — prevent fraud and ensure platform integrity
Communicate — send deed notifications, payment receipts, and service updates
Improve the platform — analyze usage patterns to enhance features
Ensure safety — detect and prevent fraudulent or harmful activity

3. Information Sharing

3.1 Public Information

The following information is publicly visible on the platform:

Your first name and last initial on the Discover feed and deed detail pages
Deed descriptions, types, dates, and verification status
Aggregate impact statistics (total raised, deeds completed)
Public profile information you've chosen to share

3.2 Shared with Other Users

Sponsors can see deeds completed by doers they sponsor
Charities can see deeds and doer names for deeds directed to them
Sponsor names (first name or business name) are visible to doers they support

3.3 Third-Party Service Providers

Stripe — payment processing (Stripe Privacy Policy)
Email service provider — transactional emails (deed notifications, receipts)
Hosting provider — infrastructure and data storage

3.4 We Never

      We never sell your personal information to advertisers, data brokers, or any third parties. Your data is used solely to operate SomeDo.Org and improve your experience.
    

3.5 Legal Requirements

We may disclose information when required by law, court order, or to protect the rights, safety, or property of SomeDo, our users, or the public.

4. Data Security

We take data security seriously and implement industry-standard measures including:

HTTPS/TLS encryption for all data in transit
AES-256 encryption for sensitive data at rest (banking details)
Password hashing using bcrypt (we cannot see your password)
Access controls limiting employee access to personal data
Regular security reviews and updates

No system is 100% secure. If we become aware of a data breach, we will notify affected users within 72 hours.

5. Your Rights & Choices

You have the right to:

Access your personal data — view your profile, deeds, and transaction history through your dashboard
Correct inaccurate data — update your profile information at any time
Delete your account — request account deletion through your dashboard or by emailing us; we will remove your data within 30 days (some transaction records may be retained for legal/financial compliance)
Export your data — request a copy of your data in a portable format
Opt out of non-essential emails — manage notification preferences in your dashboard settings

6. Cookies & Tracking

We use minimal cookies:

Session cookies — required to keep you logged in (essential, cannot be disabled)
Preference cookies — remember your settings and choices
Analytics — basic, privacy-respecting usage analytics to improve the platform

We do not use third-party advertising cookies or cross-site tracking.

7. Children's Privacy

SomeDo.Org is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to know what personal information we collect and how we use it
Right to delete your personal information
Right to opt out of the sale of personal information (we do not sell data)
Right to non-discrimination for exercising your privacy rights

9. European Users (GDPR)

If you are located in the European Economic Area, you have additional rights including:

Data portability — receive your data in a structured, machine-readable format
Right to be forgotten — request complete deletion of your data
Restrict processing — limit how we use your data
Object to processing — opt out of certain data uses
Lodge a complaint with your local data protection authority

Our legal basis for processing your data is: consent (when you create an account), contract performance (providing the service), and legitimate interests (platform security and improvement).

10. Data Retention

We retain your data for as long as your account is active. After account deletion:

Profile and deed data: deleted within 30 days
Transaction records: retained for 7 years (financial/legal compliance)
Server logs: retained for 90 days

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you via email and/or a prominent notice on the platform at least 14 days before material changes take effect. The "Last Updated" date at the top will reflect the most recent revision.

12. Contact Us

For privacy-related questions, requests, or concerns:

Email: privacy@somedo.org
General support: support@somedo.org
Website: somedo.org