Privacy Policy
Last updated
In plain terms: This policy explains what personal information MapleGather handles, why, and what your rights are. It’s written for two audiences: the organizations that use MapleGather to manage their members, and the members of those organizations whose data we process on the organization’s behalf. We don’t sell personal information, and we only process member data to run the service for the organization.
Who this policy is for
MapleGather processes personal information about two groups of people, and your rights differ slightly depending on which you are:
- Organization admins and account holders — the people at an Organization who sign up for and run MapleGather. We are the business that decides how your account data is handled, so for this data we act as the business under the CCPA.
- Members — the individuals an Organization manages in MapleGather (its members, prospective members, donors, event registrants, and similar contacts). For Member Data, the Organization decides why and how the data is used; MapleGather processes it on the Organization’s behalf as the Organization’s service provider under the CCPA. If you are a Member, the Organization is your first point of contact for privacy requests (see Your privacy rights).
Our role under the CCPA
In plain terms: For members’ data, we’re the “service provider” — we work for the organization, follow its instructions, and don’t use members’ data for our own purposes.
MapleGather is a service provider to Organizations under the California Consumer Privacy Act (CCPA/CPRA). This means, for Member Data, we:
- process it only to provide and support the Service, on the Organization’s documented instructions;
- do not sell it and do not share it for cross-context behavioral advertising;
- do not retain, use, or disclose it outside the direct business relationship with the Organization or for any purpose other than providing the Service; and
- do not combine it with personal information from other sources except as permitted by the CCPA.
The full service-provider terms are set out in our Data Processing Addendum.
Scope. MapleGather is a United States service, written to comply with US state comprehensive
privacy laws — such as California’s CCPA and Colorado’s CPA — and other applicable US state privacy laws. We do not offer EU/EEA data residency and do not knowingly serve EU-resident
data subjects. Your primary records — Member data, uploaded files, and our production database
— are stored in the United States (Google Cloud us-central1). Some of our sub-processors operate
global infrastructure; for example, edge/content-delivery security and AI inference may be processed
outside the United States. Each sub-processor, and the data it touches, is listed in our
Sub-Processor List.
Categories of personal information we process
In plain terms: Here’s the actual list of what we handle — mostly the contact and membership details an organization keeps about its members.
The categories below come from what the product is built to store. Sensitivity varies by field.
| Category | Examples | For whom |
|---|---|---|
| Identifiers & contact info | Name, email address, phone number, mailing address | Members; admins |
| Profile & membership data | Membership status and level, join/renewal dates, member photo, custom-field values, profile metadata | Members |
| Communication history | Emails sent/received through the Service, communication preferences, event RSVPs, community posts and messages | Members |
| Financial records (identity + amount) | Member-identifiable payment and donation history, invoices, tax-receipt records | Members |
| Consent records | Timestamped per-Member, per-policy-version consent records | Members |
| Authentication artifacts | Password hashes, session tokens, multi-factor-authentication secrets/credentials, single-use magic-link/reset tokens (managed by our authentication system) | Members; admins |
| Audit-log data | Records of admin actions and structural data changes | Generated by the Service |
| Account & billing data (admins) | Organization registration details, contact-count/usage, plan status, billing records | Admins |
Payment-card data. MapleGather does not collect or store payment-card numbers. Members enter card data directly into Stripe; card data never touches MapleGather servers (PCI DSS SAQ-A posture).
Sensitive fields. MapleGather does not collect Social Security numbers, government IDs, or bank account numbers by default. If an Organization admin creates a custom field marked “sensitive,” those values are encrypted at rest with org-level key isolation and masked by default (admin click-to-reveal generates an audit-log entry).
Why we process it (purposes)
In plain terms: We use the data to run the features the organization signed up for — nothing sneaky.
We process personal information to:
- provide the membership-management Service to the Organization (member records, billing, events, email, payments, donations, community, reporting, and admin functions);
- authenticate users and secure accounts;
- send transactional messages (receipts, renewal reminders, event confirmations, password resets) and — where the Organization directs and the Member has not opted out — bulk/broadcast email on the Organization’s behalf;
- provide AI-assisted features (see AI features);
- maintain audit logs and meet legal, security, and compliance obligations; and
- provide support and maintain and improve the reliability of the Service.
We do not sell or share personal information
In plain terms: We don’t sell your data, and we don’t share it for ad targeting. Full stop.
MapleGather does not sell personal information and does not share it for cross-context behavioral advertising. We have not done so and have no such program. If this ever changes, we will update this policy and provide any legally required opt-out.
How we share information with sub-processors
We share personal information only with the vendors we rely on to run the Service (hosting, email delivery, payments, and similar), each bound by contract to protect it. The current list — provider, service, data touched, and region — is at Sub-Processor List. Our authentication system is self-hosted on our own infrastructure and is not a third-party sub-processor.
We may also disclose personal information to comply with legal and compliance obligations and to respond to legal process — for example, in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement — and to protect the rights, safety, and property of MapleGather, our Organizations, Members, or the public. We may also disclose personal information as part of a business transaction (for example, a merger, acquisition, financing, bankruptcy, or other similar transaction), subject to appropriate confidentiality protections.
Website analytics (marketing and help sites only)
In plain terms: our public websites count visits without cookies or tracking — no consent banner needed, and nothing follows you around the web.
We use Plausible Analytics, a privacy-friendly, cookie-free web analytics service, to measure aggregate traffic and campaign performance on our public marketing and help websites (maplegather.com and help.maplegather.com). Plausible does not use cookies, does not collect or store personal information or IP addresses, and does not track visitors across websites. It does not run inside the Service (the application at app.maplegather.com).
AI-assisted features
In plain terms: Some features use AI. Before we send anything to the AI, we strip out personal details. The AI provider doesn’t train on your data.
Some MapleGather features use the Anthropic Claude API to provide AI-assisted in-app guidance, support drafting, and migration assistance. When these features run:
-
Prompts exclude raw personal information. The Service sends structural descriptions (for example, “5 members in the Annual level due in 7 days”), not Member names, emails, or payment data.
-
No training on your data. Anthropic does not use data sent to its commercial API to train its models. Anthropic may retain API inputs and outputs for a short period for operational and abuse-monitoring purposes; it does not use them for model training absent an affirmative opt-in.
-
Anthropic (a US company, Anthropic, PBC) is a sub-processor listed at Sub-Processor List; see that list for the processing region.
-
First-use notice. Before an AI-assisted feature is first used, the Service presents a notice that the feature uses a generative AI system, and an Organization controls AI features through its org-level AI policy. We do not display a separate disclaimer on every individual AI response.
-
AI conversations are retained by MapleGather for a limited period (defaults vary by surface — for example, member-facing chat is retained 30 days by default) and are included in a Member’s data export.
Your privacy rights
In plain terms: You can ask to see, export, or delete your data. If you’re a member, the fastest path is through your organization — but we help.
Depending on your state, you may have the right to know what personal information is processed about you, to access or receive a copy of it, to request its deletion, and to opt out of any sale of personal information (we do not sell personal information).
How requests route:
- Members: Because MapleGather processes Member Data on the Organization’s behalf, the
Organization is the first point of contact for a Member’s access, export, or deletion request.
MapleGather provides the Organization with the tools to respond:
-
Self-service data export — a Member’s data can be exported as a downloadable archive (including profile, communications, and AI-conversation history).
-
Deletion — on an approved deletion request, the Member’s data is processed under the Organization’s single-mode anonymization policy: identifying fields are replaced with synthetic identifiers (for example, name → “Anonymized Member,” email → an
@example.invalidplaceholder; address and custom fields cleared) uniformly across the Member’s records. MapleGather anonymizes rather than hard-deletes so that transactional and audit records required for tax and compliance purposes are preserved without retaining identifying data — an approach CCPA permits where such records are needed. -
Organizations aim to respond within the 45-day CCPA response window.
-
- Admins: Organization admins can exercise rights over their own account data by contacting us at the support address below.
- Our support path: If you are a Member and cannot reach your Organization, contact us at support@maplegather.com and we will help route your request to the Organization or assist as the Organization’s service provider.
Verifying your request. We (or the Organization, where it is the controller) will take steps to verify your identity by matching the information you provide against our records. In some cases we may request additional information to verify your identity or to process your request. If we cannot verify your identity after a good-faith attempt, we may deny the request and will explain the basis for the denial.
Authorized agents. You may designate an authorized agent to submit a request on your behalf. An authorized agent must provide proof of authorization on first contact, and we may require you to directly verify your own identity and confirm the agent’s authority.
Appeals. If we deny your request, you may appeal by contacting privacy@maplegather.com. We will respond to your appeal within the period required by applicable US state law.
Retention
In plain terms: We keep data while the organization uses the service, and delete it after the account closes. Some records (like financial and audit logs) are kept longer because the law expects it.
- Organization data is retained while the Organization uses the Service. After cancellation, data is retained for a 30-day grace period and then purged (see Terms of Service §9).
- Audit logs are retained per the Organization’s configured policy, defaulting to 7 years (a financial-compliance baseline).
- AI conversations are retained per surface-specific defaults (see AI features).
- Backups retain data for a limited period after deletion before aging out; deleted data is removed from backups within 12 months, and backups are used only for disaster recovery.
How we protect your information
In plain terms: We encrypt data, isolate each organization’s data from every other organization’s, log admin actions, and offer strong login security.
Our security measures, as built, include:
- Encryption — data encrypted in transit (TLS 1.2+; TLS 1.3 preferred; HSTS enforced) and at rest; sensitive custom fields encrypted with org-level key isolation.
- Tenant isolation — each Organization’s data is logically isolated using PostgreSQL row-level security; cross-tenant data exposure is treated as a top-severity incident and is tested against.
- Audit logging — admin actions and structural data changes are recorded in an append-only audit log.
- Strong authentication — support for multi-factor authentication (authenticator apps, passkeys) and uniform tokenized auth flows; no plaintext credentials.
- Backups & recovery — automated daily backups with a recovery-point objective of ≤ 1 hour and a recovery-time objective of ≤ 4 hours.
No system is perfectly secure, and we cannot guarantee absolute security.
Data breach notification
In plain terms: If a breach affects your data, we aim to tell you fast — typically within 24 hours of confirming a breach — in plain language, with what happened and what to do. That’s our operational practice, and it’s stricter than most state laws require.
If MapleGather confirms a security breach involving personal information, then as a matter of operational practice we aim to notify the affected Organization’s primary admin (and compliance contact, if configured) with an initial notification within 24 hours of confirmation, followed by a fuller disclosure within 72 hours covering scope, timeline, and remediation, delivered by in-app banner, email, and our status page. These timeframes are operational targets, not a contractual guarantee, and are intentionally stricter than most state breach-notification laws’ 30–60-day windows. The Organization, as the business, remains responsible for notifying its Members and regulators as required by applicable law; MapleGather provides the information the Organization needs to do so.
Email and your choices (CAN-SPAM)
In plain terms: Every bulk email we send on an organization’s behalf has a working unsubscribe link. Click it and you’re off the list — automatically and for good. Transactional messages (like receipts and password resets) still come through.
- Every bulk or broadcast email sent through the Service includes a working unsubscribe link and the sending Organization’s physical postal address, as required by CAN-SPAM.
- When you unsubscribe, the Service suppresses future commercial email to you automatically at send time — the Organization cannot override the suppression.
- Transactional messages (receipts, renewal reminders, event confirmations, password resets) are not marketing and are sent regardless of marketing opt-out.
- New Members are opt-out by default for marketing/newsletter subscriptions (you must affirmatively opt in), per our permissive default settings.
Children’s privacy
In plain terms: MapleGather isn’t built to collect data directly from kids. If an organization manages youth-member data, that organization is responsible for any required parental consent.
The Service is not designed to collect personal information directly from children. MapleGather does not knowingly collect personal information from children under 13. Organizations that manage data about members under 13 are responsible under their agreement with us for obtaining any parental consent required by COPPA and applicable law.
Changes to this policy
We may update this policy; the “last-updated” date reflects the current version, and we will provide notice of material changes to Organizations’ primary admin contacts.
Contact us
Questions or requests about this policy or your data:
- Privacy contact: privacy@maplegather.com
- General support: support@maplegather.com
- Mailing address: Browncoat Software LLC, 77 S Jackson St, Denver, CO 80209, USA