Privacy Policy

Last updated: March 27, 2026

1. Overview

CallToGive ("we," "us," or "the Service") enables nonprofits to accept donations over the phone through an automated IVR (Interactive Voice Response) system. This Privacy Policy explains how we collect, use, and protect information when you use our platform.

2. Information We Collect

When you interact with CallToGive, the following information may be processed:

Payment card data: Card numbers, expiration dates, and security codes entered during a donation call are captured directly by Twilio's PCI DSS Level 1 certified infrastructure and tokenized through Stripe. This data never passes through or is stored on CallToGive's servers or your nonprofit's servers. The entire payment capture pathway is PCI compliant end-to-end.
Donation amounts: The dollar amounts entered are sent to Twilio's servers solely to process the charge through Stripe on behalf of the nonprofit.
Contact information: If you purchase CallToGive, we collect your email address through Stripe to provide access to your setup dashboard.
Standard web logs: Our hosting provider may automatically collect IP addresses, browser type, and access timestamps as part of standard server operation.

3. How We Use Information

Information is used to process donations and respond to inquiries. We do not:

Store credit card numbers, expiration dates, or security codes on our servers
Use donor data for marketing, advertising, or profiling purposes
Sell, rent, or share personal information with third parties beyond what is necessary to process payments

4. Third-Party Services

Twilio: Phone calls and payment data capture are handled by Twilio, Inc. using their PCI DSS Level 1 certified Programmable Voice platform and the <Pay> verb. Twilio captures card data via DTMF (phone keypad) tones on their infrastructure — card numbers never reach your nonprofit's servers. Twilio's handling of this data is governed by the Twilio Privacy Policy.

Stripe: Payment tokenization and charges are processed by Stripe, Inc. via the Twilio Stripe Pay Connector. Stripe's handling of this data is governed by the Stripe Privacy Policy.

5. PCI Compliance

CallToGive is designed to keep your nonprofit completely out of PCI scope. The payment capture flow works as follows:

A donor calls your toll-free number, which is routed through Twilio's PCI DSS Level 1 certified infrastructure.
The donor enters their card details using their phone keypad (DTMF tones).
Twilio's <Pay> verb captures and tokenizes the card data directly through the Stripe Pay Connector.
Only an opaque payment token is sent to your action URL — never raw card data.
PCI Mode is enabled on your Twilio account, ensuring all sensitive payment details are permanently redacted from call logs.

At no point does your nonprofit's server, CallToGive's server, or any system you control receive, process, or store raw credit card numbers, expiration dates, or security codes.

6. Data Security

We implement the following measures to protect data:

All payment data is captured by Twilio's PCI DSS Level 1 certified platform and tokenized through Stripe — raw card data never touches any server you control
All communication between Twilio & Stripe is encrypted via HTTPS/TLS
PCI Mode permanently redacts all sensitive payment information from Twilio call logs
Your nonprofit's server only receives opaque Stripe tokens, not actual card details

7. Cookies

CallToGive does not set any first-party cookies. Third-party services (such as Stripe) may set their own cookies as described in their respective privacy policies.

8. Children's Privacy

This Service is not directed to individuals under the age of 13 and we do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page.

10. Contact

If you have questions about this Privacy Policy, please contact us at: