Skip to main content
Glass Register
Powered bySociet
Glass Register

Privacy Policy

Last updated: February 26, 2026  ·  Terms of Service

Societ Inc. (“Societ,” “we,” “our,” or “us”) operates Glass Register. This Privacy Policy explains how we collect, use, and protect personal information when you use Glass Register — whether you're a nonprofit organization administrator or a donor.

1. Data We Collect

We collect the following categories of personal information:

CategoryExamplesPurpose
Organization DataName, email, charity number, address, Stripe account IDAccount management, Stripe Connect, tax receipt generation
Donor DataFirst name, last name, email, mailing addressDonation processing, tax receipt generation, fraud prevention
Payment DataPayment method type, last 4 digits, Stripe Payment Intent IDPayment processing (full card data handled exclusively by Stripe)
Usage DataPages visited, time on page, browser type, IP addressAnalytics, performance improvement, fraud detection
CommunicationsSupport emails, contact form submissionsResponding to inquiries and support requests

2. How We Use Your Data

We use personal information for the following purposes:

  • Providing and operating the Glass Register platform
  • Processing donations and disbursing funds to organizations via Stripe
  • Generating and emailing official tax receipts to donors
  • Sending transactional emails (donation confirmations, receipt delivery)
  • Fraud prevention and security monitoring
  • Product analytics and platform improvement (via Mixpanel)
  • Responding to support requests
  • Complying with applicable laws and regulations

We do not sell personal information to third parties. We do not use donor data for marketing purposes on behalf of organizations.

3. Stripe & Payment Data

All payment processing is handled by Stripe, Inc. Glass Register never stores full credit card numbers, CVV codes, or other sensitive payment credentials.

When a donor makes a payment, Stripe processes the transaction and returns a Payment Intent ID and payment method summary (type, last 4 digits) which we store for reconciliation and receipt purposes.

Stripe's handling of payment data is governed by Stripe's Privacy Policy. Stripe is PCI DSS Level 1 compliant.

4. Cookies & Analytics

Glass Register uses the following cookies and tracking technologies:

  • Authentication cookies (Clerk): Session tokens required to keep you logged in to the dashboard. These are essential and cannot be disabled.
  • Analytics (Mixpanel): We use Mixpanel to understand how users interact with the platform. Mixpanel collects anonymized usage data. You may opt out of Mixpanel tracking by contacting us.

We do not use third-party advertising cookies or tracking pixels.

5. Third Parties

We share personal information with the following third-party service providers, only as necessary to operate the platform:

ProviderPurposeData Shared
StripePayment processing, Connected AccountsDonor payment data, org bank account info
ClerkUser authentication and session managementEmail address, user ID
Amazon Web Services (AWS)Cloud infrastructure, file storage (S3), email (SES)Hosted data (donor records, org files, receipt PDFs)
MixpanelProduct analyticsAnonymized usage events, session metadata

All third-party providers are bound by data processing agreements and are required to protect personal information in accordance with applicable law.

6. Data Retention

We retain personal information for the following periods:

  • Donor records and donation data: Retained for 7 years from the date of donation, to support charity audit requirements under Canadian and US tax law.
  • Tax receipts: Retained indefinitely (or until explicitly deleted by the organization) to support donor inquiries.
  • Organization account data: Retained for 90 days after account termination, then deleted.
  • Analytics data (Mixpanel): Retained per Mixpanel's data retention policy (typically 12–24 months).

7. Your Rights

For donors (and organizations) in Canada — PIPEDA:

  • Right to access your personal information
  • Right to correct inaccurate information
  • Right to withdraw consent (where consent is the basis for processing)
  • Right to complain to the Office of the Privacy Commissioner of Canada

For donors (and organizations) in the United States:

  • California residents have rights under CCPA/CPRA, including the right to know, delete, and opt out of sale (we do not sell data)
  • Other applicable state privacy rights may apply depending on your state of residence

To exercise any of these rights, contact us at privacy@societ.com. We will respond within 30 days.

8. Security

We take security seriously. Our security measures include:

  • TLS/HTTPS encryption for all data in transit
  • Encryption at rest for data stored in AWS S3 and RDS
  • PCI-compliant payment processing via Stripe
  • Regular security reviews and penetration testing
  • Role-based access controls limiting employee access to customer data

Despite our efforts, no system is completely secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and notify organization administrators by email. Your continued use of Glass Register after changes become effective constitutes your acceptance of the updated policy.

10. Contact

For privacy inquiries or to exercise your rights, contact:

Societ Inc. — Privacy Officer
Email: privacy@societ.com
Website: societ.com
Terms of ServiceGlass Register Home