Privacy Policy for FundGen

Last updated: March 2026

This Privacy Policy explains how FundGen ("Company", "we", "our", or "us") collects, uses, stores, and shares your personal information when you use our Ambassador App and related services (the "Service"). Please read this policy to understand how we handle your data.

FundGen operates in two capacities: as a data processor when following a nonprofit organization's instructions, and as a data controller for its own analytics and service improvement. In practice, the nonprofit you're fundraising for is responsible for why your data is in the system; FundGen is responsible for how it's handled.

1. Company Information

Legal Entity: FundGen.ai

Address: Moshav Revacha 57, Israel

Domain: fundgen.ai

FundGen processes personal data of individuals in the European Union. At our current scale, we have determined that a formal EU representative under Article 27 GDPR is not required. This determination will be reviewed as our user base grows.

2. Information We Collect

Account Information

  • Phone number — Required to create your account and verify your identity via one-time passcode (OTP).
  • Name — Your display name, as provided by you or by the nonprofit organization running your campaign.

Campaign & Activity Data

  • Campaign membership — Which campaign(s) you are part of, your role (ambassador, team leader, admin), and your team assignment.
  • Contacts you work with — Names, phone numbers, and email addresses of contacts assigned to you or added by you for campaign outreach. This includes contacts provided by the nonprofit ("global leads") and contacts you choose to share from your device's address book.
  • Donation data — Donation amounts, donor names, currency, and related details synced from the fundraising platform for tracking purposes. We do not process donations directly.
  • Activity and interaction history — Records of outreach actions you take (calls, messages, status updates, comments) and their timestamps.
  • Message templates — Templates you create or use for campaign outreach.

Device Permissions (only when you grant them)

  • Contacts — If you grant permission, the app reads your device's address book to help identify contacts relevant to your campaign. See Section 9 for full details on how contact data is handled.
  • Bluetooth — Used only for Stripe contactless payment terminal functionality, if enabled for your campaign. On some Android devices, enabling Bluetooth may require the location permission as a system requirement; we do not use or store your location.
  • Camera — Used if your campaign supports profile photo uploads or QR code scanning. This permission is only requested when you use those specific features.
  • Push Notifications — We store a device token to send you campaign notifications such as new donations or messages.

AI-Powered Features

We use AI-powered features to enhance your campaign experience. This includes personalized guidance, smart suggestions, content generation, and other intelligent features designed to improve your outreach effectiveness. These features process information you provide through the app as described in this policy. Data used by AI features is handled by the third-party services listed in Section 5.

Automatically Collected Data

  • Analytics — We use Google Firebase Analytics to understand how the app is used. This includes screen views, feature usage patterns, and campaign context (campaign ID, user role). Analytics data is associated with an anonymous identifier, not your name or phone number directly.
  • Error and Performance Monitoring — We use a third-party service to capture crash reports and performance data. This may include device type, operating system version, and app state at the time of an error.
  • A/B Testing — We use Firebase Remote Config to test improvements to the app. This involves assigning your device to experiment groups and tracking which version of a feature you see.

3. Payment Information

FundGen does not directly process or store payment card information. For campaigns that use tap-to-pay donations, payments are processed entirely by Stripe. Stripe's own privacy policy governs how your payment information is handled. FundGen only receives confirmation of payment amounts for campaign tracking.

4. How We Use Your Information

We use your information for the following purposes:

  • To operate the Ambassador App and provide campaign management features.
  • To enable nonprofit organizations to manage their campaign ambassadors and track fundraising progress.
  • To send you push notifications about campaign events (new donations, messages, etc.).
  • To verify your identity during sign-in via one-time passcode.
  • To improve the Service through analytics and A/B testing.
  • To monitor and fix errors and performance issues.
  • To personalize your experience through AI-powered features (when you choose to use them).

We do not use your information for advertising, remarketing, or third-party marketing.

5. Third-Party Services

We use the following categories of third-party services to operate the app:

  • Google Firebase — Database, authentication, analytics, push notifications, and hosting. Account data, campaign data, and analytics events are processed by Google.
  • Stripe — Contactless payment processing for eligible campaigns. Payment data is handled directly by Stripe.
  • Messaging providers — We use third-party providers to deliver one-time passcodes (OTP) via SMS, WhatsApp, or voice call. Only your phone number is shared for this purpose.
  • Error monitoring — We use a third-party service to capture crash reports and performance data, helping us identify and fix issues.
  • Deep linking — We use a third-party service for app download links.
  • AI service providers — We use trusted AI service providers to power intelligent features within the app. These currently include Google (Gemini API) and Anthropic (Claude AI). Each provider processes only the data necessary for the specific feature, under contractual data protection terms that include Standard Contractual Clauses for transfers outside the EU where applicable.

These services have their own privacy policies and are used only as needed to provide the Service.

6. Sharing of Data

With Nonprofit Organizations: Ambassadors' names, phone numbers, activity data, and donation tracking information are shared with the nonprofit organization managing the campaign you are part of. This is core to how the Service works.

With Other Ambassadors: Within a campaign, limited contact information (such as names of shared leads) may be visible to other ambassadors or team leaders, depending on campaign settings.

With Service Providers: Only as described in Section 5 above.

We do not sell your personal data to third parties.

7. Data Storage and Infrastructure

Your data is stored and processed using Google Firebase infrastructure. Our database and backend services are hosted entirely within the European Union.

We implement standard security measures including app integrity verification, encrypted connections (HTTPS/TLS), phone number hashing for authentication sessions, and rate limiting on authentication endpoints.

Where any sub-processors operate outside the European Union, we rely on appropriate transfer safeguards such as the European Commission's Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

8. Legal Basis for Processing

When FundGen acts as a data controller (for service improvement, aggregated analytics, service optimization, cross-platform insights, and its own website operations), we process personal data on the following legal bases:

  • Contract performance — Processing necessary to provide the Service you or your organization signed up for.
  • Legitimate interest — Processing for purposes such as improving our Service, developing aggregated benchmarks across the platform (such as campaign effectiveness patterns — these do not identify individual users), ensuring security, and preventing fraud, where these interests are not overridden by your rights.
  • Consent — Where you have given specific consent, such as for optional features like AI assistant usage or contact book access. You may withdraw consent at any time.

When FundGen acts as a data processor on behalf of an organization, the legal basis for processing is determined by that organization as the data controller. If you would like to understand the basis for your data being shared with us, please refer to that organization's privacy policy or contact them directly.

9. Contacts and Address Book

If you grant contact access permission, the app reads your device's address book to identify contacts relevant to your campaign. Your phonebook is not uploaded — matching is done on your device by comparing your contacts against the campaign's lead list, which is downloaded to your device.

If you choose to share a contact with your campaign, that contact's name, phone number, and email are stored on our servers so they can be tracked for outreach and coordinated with your campaign team.

When you choose to hide a contact, their phone number is saved to your account to remember that preference across sessions and devices.

When AI contact features are enabled, contact names only (not phone numbers or email addresses) may be sent to one of our AI providers — on our behalf, under contractual data protection terms — to clean names, classify contacts by relevance, and surface the most relevant contacts first. Only contacts with no prior campaign activity are included in this step. You can deny or revoke contact permission at any time through your device settings.

10. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children. If a nonprofit organization enrolls minors as ambassadors, the organization is responsible for obtaining appropriate parental consent.

11. Contracts with Organizations

Organizations that use FundGen sign a data processing agreement with us. Under this agreement, the organization is responsible for the data it provides — including ambassador and contact details — and must ensure it has a valid legal basis for sharing that data with us.

FundGen also processes certain platform data as an independent data controller — for example, aggregated analytics, service optimization, and cross-platform insights. FundGen does not share identifiable donor or contact data between organizations. This processing is governed by our own legitimate interests as described in Section 8, and is conducted independently of the organization's instructions.

Organizations using FundGen are required by their agreement with us to have privacy notices in place that disclose the use of FundGen as their data processor and independent data controller.

12. Data Retention

Personal data is retained for the duration of the active service relationship. An organization is considered inactive if it has had no campaign activity or account usage for 24 consecutive months. FundGen will notify the organization 30 days before deletion of its data. If the organization responds or resumes activity, retention continues.

Ambassador account data (name, phone number, and activity history) is retained for as long as your account is active, or for up to 24 months after your last campaign activity. You may request earlier deletion at any time.

Contact and lead data (names, phone numbers, and email addresses of individuals you reached out to) is retained for the duration of the campaign and for up to 12 months thereafter, unless the organization requests earlier deletion.

Analytics and error data is retained in aggregated or anonymized form and is not subject to individual deletion timelines.

Authentication session data is automatically deleted within 24 hours after expiration.

13. Your Rights

Under applicable data protection laws, including the GDPR, you have the following rights regarding your personal data:

  • Right of access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate or incomplete data.
  • Right to erasure — Request deletion of your personal data and account.
  • Right to restriction — Request that we limit how we process your data in certain circumstances.
  • Right to data portability — Request your data in a structured, commonly used format.
  • Right to object — Object to processing based on legitimate interest.
  • Right to withdraw consent — Withdraw consent for optional features (e.g., contact access, AI assistant) at any time, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — If you believe your personal data has not been handled in accordance with applicable law, you have the right to lodge a complaint with the supervisory authority in your country. In the EU, this is your Member State's data protection authority. You can also contact the Israeli Privacy Protection Authority (PPA).

Donors who wish to opt out of receiving outreach through the platform may contact the organization running the campaign, or contact us directly.

To submit a request, contact us at the address in Section 15. If your data is processed by FundGen on behalf of an organization, we may direct your request to that organization. All requests are handled free of charge.

We will respond to all valid requests within 30 days. In complex cases we may extend this by up to two additional months and will notify you within the initial 30-day period.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by other direct means before they take effect. The revised "Last updated" date will always appear at the top of this page.

15. Contact Us

If you have any questions about this Privacy Policy, you can contact us at:

support@fundgen.ai