Privacy policy

Last updated: 17 April 2026

On this page

  1. Who we are
  2. What information we collect
  3. How and why we use it
  4. When we share information
  5. Cookies and tracking
  6. How long we keep it
  7. Your rights
  8. Contact us

1. Who we are

Givegood (“we”, “us”, “our”) operates a donation management platform that allows individuals in the United Kingdom to set up a single donation and split it across multiple registered UK charities. This policy explains what personal data we collect, how we use it, and the rights you have over it.

This policy is written to meet our obligations under the UK GDPR and the Data Protection Act 2018. Givegood is the data controller for the personal information described below.

2. What information we collect

Information you give us

  • Account details: your email address, display name, and an encrypted password hash.
  • Donation details: the amount, frequency, and charity split you configure.
  • Charity suggestions: if you propose a new charity, the details you supply (name, website, description, contact email).
  • Payment details: card information is collected and processed by our payment provider. Givegood never stores full card numbers on its own systems.

Information collected automatically

  • Session data: a session cookie to keep you logged in.
  • Guest token: if you start a donation before registering, we issue a short-lived cookie so your draft can be merged into your account when you sign up.
  • Technical logs: basic server logs (IP address, browser, timestamps) used to run the service securely and diagnose issues.

3. How and why we use it

We only use your information for the purposes explained here. Our lawful bases under the UK GDPR are:

  • Performance of a contract — to run your account and process the donations you configure.
  • Legitimate interests — to keep the service secure, prevent fraud, and improve how it works.
  • Consent — where we ask for it explicitly (for example, optional marketing emails).
  • Legal obligations — to comply with UK tax, charity, and financial regulations.

4. When we share information

We share personal information only when it is necessary to run the service, and only with parties that are bound by appropriate confidentiality and data-protection obligations. This includes:

  • The charities you choose: the charity receives the funds allocated to them; we may share your name and the donation amount where required for their records or Gift Aid processing.
  • Our payment provider to process card payments.
  • Our hosting and infrastructure providers, who keep the service running.
  • Regulators or law enforcement where we are legally required to do so.

We never sell your information.

5. Cookies and tracking

We use a small number of strictly necessary cookies:

  • gg_sid — your session cookie, required to keep you signed in.
  • gg_guest — a token that links an in-progress donation to your future account. Expires after 30 days or when you register.

We do not use third-party advertising or tracking cookies. If we introduce analytics cookies in future, we will ask for your consent first.

6. How long we keep it

We keep personal data only for as long as needed for the purposes above. Donation records are retained for at least seven years to meet tax and accounting requirements. If you close your account, we will delete or anonymise information that is no longer required.

7. Your rights

You have rights under the UK GDPR, including:

  • access to your personal data;
  • correction of inaccurate data;
  • deletion where there is no lawful reason to keep it;
  • restriction or objection to certain processing;
  • portability of the data you've given us;
  • withdrawal of consent where processing relies on consent.

You can exercise most of these rights directly from your account settings, or by contacting us. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Contact us

Privacy questions or requests? Email privacy@givegood.local. We aim to respond within 30 days.