Legal

Privacy Policy

Last updated: 19 June 2026

This policy explains what personal data EveryDrop collects, why, and the choices you have. It covers the EveryDrop mobile app and this website. EveryDrop is a Scottish Charitable Incorporated Organisation (SCIO), Scottish Charity No. SC055401, regulated by the Scottish Charity Regulator (OSCR), and the data controller for your information.

Questions or requests about your data? Email [email protected].

The short version

  • We collect what we need to run your 30-day giving journey — your account details, your progress, and your giving record.
  • We don't sell your data, and we don't share it for advertising.
  • Payments are handled by a regulated payment provider; we never see or store your full card details. (In the current preview/demo, no real payments are taken.)
  • You can ask us to show you, correct, or delete your data at any time.

What we collect

Account information. When you create an account we collect your email address and password (handled by our authentication provider), the display name you choose, and your selected avatar.

Your journey and giving activity. We store your progress through the journey (which days you've completed), the charities you've supported, donation amounts and dates, and the cards and badges you earn.

Reminders. If you turn on daily reminders, we store a notification token so we can send them. You can turn this off at any time in your device settings.

Diagnostics and usage. To keep the app working and improve it, we collect crash reports and basic, aggregated usage analytics (for example, which screens are used). This data is about how the app performs, not about identifying you personally.

Payment information. When live donations are enabled, card payments are processed by our payment provider (Stripe). Your card details are entered with and held by Stripe; EveryDrop does not receive or store your full card number. We keep a record of the donation (amount, charity, date) for accounting and Gift Aid purposes. During the current preview, donations are simulated and no money is taken.

Website. If you join our waitlist we store the email address you give us. Our website uses minimal, privacy-respecting analytics and does not use advertising cookies.

Why we use it (and our legal basis)

  • To provide the service — creating your account, saving your progress, and processing donations (performance of a contract).
  • To send reminders and updates you've asked for (your consent — withdrawable any time).
  • To keep the service secure and improve it — diagnostics and aggregated analytics (our legitimate interests).
  • To meet legal and regulatory duties — charity, tax (including Gift Aid) and accounting obligations (legal obligation).

Who we share it with

We use a small number of trusted providers who process data on our behalf:

  • Google Firebase — authentication, database, crash reporting, analytics and push notifications.
  • Stripe — payment processing (when live donations are enabled).
  • Cloudflare — website and app hosting, and the waitlist.
  • Apple and Google — app distribution, where you install the app from their stores.

We do not sell your personal data or share it with advertisers. We may disclose information if required by law or to protect the rights and safety of our users and the charity.

International transfers

Some of our providers process data outside the UK (including in the United States). Where they do, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.

How long we keep it

We keep your account and giving data for as long as your account is active. If you ask us to delete your account, we remove your personal data within a reasonable period, except where we must retain certain records (for example, donation and Gift Aid records) to meet legal obligations.

Your rights

Under UK data protection law you have the right to access, correct, delete, or restrict the use of your personal data, to object to certain processing, and to data portability. To exercise any of these, email [email protected] and we'll respond within one month. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

Children

EveryDrop is not directed at children and is intended for users aged 16 and over. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Security

We use industry-standard measures — including encrypted connections and access controls — to protect your data. No system is perfectly secure, but we work to keep your information safe and will notify you and the regulator of any breach as required by law.

Changes to this policy

We'll update this page when our practices change and revise the "last updated" date above. Significant changes will be highlighted in the app or by email where appropriate.

Contact

EveryDrop SCIO (Scottish Charity No. SC055401)
Email: [email protected]