HelloFund Data Protection Policy
Last Updated: July 2021
Summary
This document outlines the data collected by HelloFund Inc. (HelloFund hereafter) for the purpose of running online auction services. Questions or comments can be directed to our technical support team at support@hellofund.com.
​
Personal Data Collected by HelloFund
Bidder Personal Data: HelloFund collects identifiable data from Organization donors (Bidders) and stores it securely in our Virtual Private Cloud (VPC) service provided by Amazon Web Services (AWS). This data may include the following information:
-
First Name
-
Last Name
-
Phone (mobile) Number
-
Email Address
-
Address
-
City
-
State Zip
-
Password
-
Phone & Email Notification Preferences
-
Credit Card Token
-
Last 4 Digits of Credit Card
HelloFund maintains this data within their database and one-way encrypts password information. This data is available to the Bidder so long as they are required to provide a password to bid on auction items. If no password is required, the ability to view and change personal information is not available. This data is also available to the Organization conducting the event and HelloFund Administration.
​
Bidder Bid Data: HelloFund collects bid information from registered Bidders and stores it securely in the same manner as Bidder Personal Data. This data may include the following information:
-
Bidder Identification ID
-
Auction Item Identification ID
-
Desired Bid Amount
-
Desired Maximum Bid Amount
-
Time Bid was Placed
This data is available to a bidder who is successfully logged into the platform. It is also available to the Organization conducting the event and HelloFund Administration.
Bidder Receipt/Invoice Data: HelloFund collects and processes winning bids, donation and purchases from an auction. This data may include the following information:
-
Winning Bid Amount
-
Bidder Identification ID
-
Payment Type ID
-
Payment Date
This data is available to a bidder who is successfully logged into the platform. It is also available to the Organization conducting the event and HelloFund Administration.
Organization Data: HelloFund collects information from an Organization who wishes to use HelloFund Mobile Bidding. We store this data in the same manner as listed above. This data may include the following:
-
Organization Name
-
Contact First Name
-
Contact Last Name
-
Event Name
-
Event Keyword
-
Signup Date
-
Address
-
City
-
State
-
Zip
-
Organization Phone
-
Organization Email
-
Password (one-way encrypted)
-
Event ID
-
Software Purchase Record(s)
-
Software Add-on Record(s)
-
Checking Account Routing Number
-
Checking Account Number
This data is available to the Organization conducting the event and HelloFund Administration.
Purpose of Data Collected by HelloFund
Bidder Personal Data: HelloFund captures this data to assist the Organization in keeping accurate data on their donors. This data also allows a bidder to receive important updates from the software via automated alerts and from the Organization. Bidders who provide this information agree to HelloFund terms and conditions.
Bidder Bid Data: HelloFund captures this data to manage bid histories and current bids on silent auction items created by the charity. These histories allow HelloFund to determine winners, and items necessary for payment. This data is also available to the Organization so that they can see Bidder histories, statistics across the entire event to help build better auctions.
Bidder Receipt/Invoice Data: HelloFund captures this data to show the Bidder that they have yet to pay or have paid for their auction totals. This data is a list of auction items, donations and purchases that the Bidder has made during the auction. The Organization can also use this data to check on the status of a Bidder in the payment process as well as pull statistics on the entire event to see where there was success and potential improvements for future events.
Organization Data: HelloFund captures this data to assist in overall communication with the Organization using HelloFund. The data is used to send emails, invoices, ACH payments (where applicable) and link to external services like payment processors. This data is also used to organize auction items, Bidders, bids and other data relevant to the Organization.
Third Parties Access to User Data
BidKit Payments (powered by Stripe): HelloFund will provide Stripe with bidder name, phone and email data in addition to organizational name, phone and email data. This data is then stored on Stripe vaults.
SendGrid: HelloFund will provide SendGrid email addresses and email content to this service for the purpose of sending emails through a reliable service. In some of the cases the content of the email will contain names, bidder numbers, address information, etc.
Twilio: HelloFund will provide Twilio phone numbers and sms content to this service for the purpose of sending text messages through a reliable service. In some of the cases the content of the message will contain names, bidder numbers, address information, etc.
A note on credit card numbers: In an effort to maintain the highest level of security, HelloFund leverages hosted fields in iFrames. This means that credit card data is never transmitted through HelloFund’s network. Data is sent directly to the credit processor and token data is sent back to HelloFund for storage. Therefore, a Bidder or Organization entering credit card data on any HelloFund site is transmitting it directly to the card processor and bypassing any HelloFund web service.
User Consent Processes
All Organizations and Bidders must agree to our terms and conditions which include data consent. If a record is on file in our platform, they have agreed to and consented with our terms and conditions.
Data Protection Strategies
To protect all data at HelloFund, we leverage Virtual Private Cloud (VPC) services from Amazon Web Services. In the case of our data, we do not allow outside access to our database layer. Only approved machines are allowed access along with services located within the VPC. Data is also encrypted at rest to ensure privacy protection in the event of a breach.
In addition, all our data is organized using indexes to avoid data corruption or data duplication. We also employ data filtering methods on our web layer to avoid malicious data from being executed on our database and compromising information.
At any time, a Bidder or Organization can request to have their information removed from our system and we will comply within 1 business day of the request. Upon request, we will remove the data from our system and it will no longer be available to be presented within our platform.