DONORBOX TERMS OF SERVICE

Last Updated: 4/24/26

These Terms of Service (the “Terms,” “Agreement,” "Master Services Agreement,” or “Terms of Service”) govern access to and use of Donorbox’s websites, software, and services. By creating an account, clicking “accept,” or otherwise accessing or using the Services, you agree to our Services and Privacy Policy, incorporated herein by reference. Please read this Agreement carefully before you start to use our website and services. You also acknowledge and warrant, if applicable, that you have the authority to enter into this agreement on behalf of, and bind, the entity for which you will be using the Services as a registered user. The Services are offered only to persons 16 years of age or older, and you warrant and represent that you are at least 16 years of age by using these Services.

  1. PARTIES, DEFINITIONS, AND SCOPE

    1. Company
      Rebel Idealist Inc., a Delaware corporation, d/b/a Donorbox, with its main office located at 1520 Belle View Blvd #4106, Alexandria, VA 22307 (“Donorbox,” the “Company,” “we,” “our,” or “us”).
    2. Customer and Authorized Users
      “Customer” means the organization or individual registering for an account to use the Services. “Authorized Users” means employees, contractors, and agents Customer authorizes to use the Services on Customer’s behalf.
    3. Donors
      “Donor” means any individual or entity that contributes funds to Customer through the Services. Donors are not parties to this Agreement, and Customer is solely responsible for its relationship with Donors. Donorbox does not verify a Donor’s age, and Customer is responsible for complying with any age-related or minor-donor requirements applicable to its fundraising.
    4. Services
      “Services” means Donorbox’s software-as-a-service platform, donor management/CRM features, fundraising pages and tools, analytics, integrations, messaging features (including email/SMS features where enabled), APIs, support resources, and related websites and services.
    5. Customer Data
      “Customer Data” means data submitted to or processed in the Services by or on behalf of Customer, including Donor information and campaign content, excluding Donorbox’s aggregated/anonymized analytics and Donorbox’s Confidential Information.
    6. Applicable Data Protection Laws
      “Applicable Data Protection Laws” means all privacy, data protection, data security, and breach notification laws applicable to the Parties and the Services, including, where applicable:
      (i) the EU General Data Protection Regulation 2016/679 (“GDPR”);
      (ii) the UK GDPR and Data Protection Act 2018;
      (iii) the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”);
      (iv) Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and applicable provincial Canadian privacy laws; and
      (v) any substantially similar privacy, data protection, marketing, or data security laws in any other applicable jurisdiction.
    7. Personal Data
      “Personal Data” has the meaning given in Applicable Data Protection Laws (and includes “Personal Information” as defined under CCPA/CPRA where applicable).

  2. ACCEPTABLE USE; ACCOUNT RESPONSIBILITY

      Customer is responsible for all use of the Services under its account and for ensuring Authorized Users comply with this Agreement and any Donorbox acceptable use policies referenced by Donorbox.

      Customer must not use the Services to: (a) violate law; (b) facilitate fraud or deception; (c) infringe intellectual property; (d) transmit malware; (e) interfere with the Services; or (f) engage in abusive fundraising or prohibited content.

      Donorbox employs automated systems, including bot detection and abuse prevention technologies, to protect the Services. By using the Services, Customer acknowledges that such security measures are necessary for fraud prevention and system integrity.

  3. GRANT OF RIGHTS; LICENSE; RESTRICTIONS

    1. License Grant
      Subject to these Terms and payment of applicable fees, Donorbox grants Customer a limited, worldwide, non-exclusive, non-transferable (except as permitted in Section 22.3, Assignment), revocable license to access and use the Services during the Term solely for Customer’s lawful fundraising, donor management, and related nonprofit/organizational purposes.
    2. No Ownership
      Customer receives only a license. Donorbox retains all right, title, and interest in and to the Services, Documentation, and Donorbox Marks (defined below), including all associated intellectual property rights.
    3. Source Code / Reverse Engineering
      Customer agrees not to (and will not allow a third party to) attempt, directly or indirectly, to decompile, disassemble, reverse engineer or use any other similar process with respect to the code, logic or information embodied by our Services.
    4. Intellectual Property Notices
      Customer agrees not to remove, obscure, or alter any proprietary notices, legends, or Donorbox Marks appearing on or in connection with the Services, Documentation, or any copies thereof.

  4. FUNDRAISING-SPECIFIC TERMS AND DISCLAIMERS

    1. Customer Fundraising Responsibility
      Customer is solely responsible for: (a) campaign content and representations; (b) compliance with all fundraising, charitable solicitation, consumer protection, disclosure, and tax laws in all applicable jurisdictions; (c) donor communications and preferences; and (d) determining whether any donation is tax-deductible.
    2. No Verification; No Fiduciary Role
      Donorbox does not verify Customer’s nonprofit, charitable, or tax-exempt status; does not validate campaigns; and does not act as a fiduciary, escrow agent, or trustee of donated funds. Donor disputes are between Donor and Customer.
    3. Donor-Facing Disclosures
      Customer is responsible for ensuring fundraising pages and receipts contain required disclosures (e.g., legal name, registration numbers, refund policy, donor contact preferences, and any local statements required by law).

  5. EU & UK FUNDRAISING COMPLIANCE (WHERE APPLICABLE)

      If Customer solicits or accepts donations from individuals in the UK or EEA, Customer represents and warrants it complies with applicable charity/fundraising laws and guidance, including where applicable:

      • relevant charity regulator requirements (e.g., Charity Commission for England and Wales, OSCR, CCNI);
      • UK fundraising transparency and conduct expectations (including the Code of Fundraising Practice, where applicable);
      • donor preference and vulnerability safeguards;
      • marketing/electronic communications laws (including PECR in the UK and the EU ePrivacy regime).

      Donorbox is a technology provider and does not act as a professional fundraiser, commercial participator, fundraising counsel, or other regulated fundraising intermediary where such status would be triggered by Customer's activities.

  6. FEES, PAYMENTS & TAXES

    1. Fees
      Customer will pay Donorbox all applicable platform, subscription, and add-on fees as displayed on Donorbox’s pricing page or otherwise agreed in writing.
    2. Taxes
      Fees exclude all applicable sales, use, VAT, GST, or similar taxes (excluding taxes on Donorbox’s net income). Where Donorbox must collect taxes, Customer will pay them unless Customer provides a valid exemption certificate and promptly notifies Donorbox of any changes. Customer will hold Donorbox harmless for taxes resulting from invalid/withdrawn exemption certificates.
    3. Refunds (Platform Fees)
      Except as required by law or expressly stated in writing, fees paid to Donorbox are non-refundable. Any refunds are governed solely by Donorbox’s posted policies or a separate written agreement.
    4. Donor Refunds; Chargebacks; Disputes
      Customer is solely responsible for donor refunds and for all chargebacks, reversals, disputes, fines, penalties, and related fees arising from donations processed through the Services. Donorbox may pass through payment-processor chargeback/dispute fees to Customer. Payment processor fees are typically non-refundable even if a donation is refunded or charged back. Dispute and chargeback processes are governed by the applicable payment processor rules, and Customer must timely respond to processor requests.
    5. Currency and Foreign Exchange
      Fees and settlements may occur in one or more currencies depending on Customer settings and payment processor configuration. Currency conversion rates and foreign exchange fees are set by payment processors or financial institutions and are outside Donorbox’s control. Customer is responsible for all currency conversion costs and exchange rate fluctuations.

  7. PAYMENT PROCESSORS (STRIPE, PAYPAL, AND OTHERS)

      Donorbox is not a payment processor and does not act as a merchant of record. Payment processing services are provided by third-party processors selected by Customer under separate agreements (e.g., Stripe, PayPal). Donorbox may transmit transaction instructions to processors and receive transaction status, identifiers, and related metadata to provide the Services. Payment processors may process certain data as independent controllers for fraud prevention, compliance, and risk management under their own terms.

  8. DATA PROTECTION; PRIVACY; DPA INCORPORATION; PCI

      Donorbox complies with Applicable Data Protection Laws.

    1. Roles
      For purposes of GDPR, UK GDPR, and other applicable data protection laws, Customer is a Controller and Donorbox is a Processor for Personal Data processed on Customer’s behalf in the Services.
    2. DPA Incorporated; Order of Precedence
      Donorbox’s Data Processing Addendum (“DPA”) is incorporated by reference and applies to the extent Donorbox processes Personal Data on Customer’s behalf.
      Precedence: If there is a conflict between the DPA and these Terms regarding Personal Data processing obligations, the DPA controls only for that conflict. All other provisions of these Terms remain in effect, including limitations of liability, except to the extent the EU SCCs/UK & Swiss transfer documents require otherwise.
      Donorbox will process Personal Data in accordance with Applicable Data Protection Laws, including, where applicable, GDPR, UK GDPR, PIPEDA, applicable provincial Canadian privacy laws, CCPA/CPRA, and other applicable international data privacy and protection laws. Donorbox implements reasonable security safeguards appropriate to the sensitivity of Personal Data as required under such laws.
    3. California Consumer Privacy Rights Act, California Privacy Rights Act (CCPA/CPRA)
      Where CCPA/CPRA applies, Donorbox will process Personal Information as a service provider/contractor (as applicable) for business purposes, will not “sell” or “share” Personal Information as those terms are defined, and will impose appropriate restrictions on subprocessors consistent with applicable law.
    4. HIPAA/Protected Health Information (PHI) Restriction
      Donorbox is designed for general fundraising and donor management purposes and is not intended for the collection, storage, or processing of Protected Health Information (“PHI”) as defined under HIPAA.

      Customer is solely responsible for determining whether the information it collects through Donorbox constitutes PHI and for ensuring their use of the platform complies with applicable laws and regulations, including HIPAA. Customer should not use Donorbox’s platform to collect, store, or process Protected Health Information (PHI) or other health-related or patient data unless a Business Associate Agreement (BAA) has been executed.

      Donorbox does not represent or warrant that its services meet HIPAA requirements in the absence of a signed BAA. In the absence of a separate, signed BAA with Donorbox, Customer agrees that it will not upload, submit, or otherwise make available through the Services any PHI and agrees to indemnify, defend and hold harmless Donorbox from and against any and all claims, damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to Customer’s breach of this Section, including the submission of PHI or health-related data in violation of these Terms.

      Donorbox reserves the right to suspend or terminate Customer’s access to the Services if it reasonably determines that Customer is using the Services in violation of this Section.
    5. PCI Compliance
      Donorbox Responsibilities. Donorbox is responsible only for the security of the Service components and environments under its direct control. Donorbox does not store, process, or transmit cardholder data on behalf of Customer. All payment card data is collected and processed directly by third-party payment processors (such as Stripe or PayPal), and such data does not pass through or reside within Donorbox systems.

      Donorbox is responsible for maintaining the security of its application and infrastructure and for ensuring that its integrations with such third-party payment processors are implemented in a secure manner.

      Customer Responsibilities. Customer acknowledges and agrees that it is responsible for ensuring its own compliance with PCI-DSS requirements applicable to its environment outside of Donorbox’s systems and for maintaining the security of its own environment and use of the Services. Customer responsibilities include, but are not limited to:
      • Maintaining the confidentiality and security of account credentials, API keys, and authentication mechanisms
      • Implementing appropriate access controls and user management within their account
      • Securing systems and devices used to access the Services
      • Ensuring that transmission, processing, or storage of payment or account data within Customer-controlled systems complies with applicable security standards, including PCI-DSS, to the extent Customer handles cardholder data
      • Promptly notifying Donorbox of any suspected unauthorized access or security incident
      Customer acknowledges that Stripe, PayPal, or other applicable payment processors are responsible for the processing, transmission, and storage of cardholder data and for maintaining their own PCI-DSS compliance.

  9. SMS / TEXT MESSAGING TERMS (TCPA / CTIA)

      If Customer uses SMS or texting features (including “Text-to-Give” functionality), Customer is solely responsible for:

      • obtaining required prior express consent (or prior express written consent where required) from recipients;
      • ensuring consent is not a condition of donation;
      • maintaining records of consent and honoring opt-outs;
      • complying with TCPA, CTIA guidelines, and applicable international messaging, anti-spam and electronic marketing laws, including Canada’s Anti-Spam Legislation (CASL) and others, where applicable.
      Recipients may opt out by replying STOP and request help by replying HELP. Message and data rates may apply; message frequency varies.

      Customer will indemnify Donorbox for claims arising from Customer’s SMS campaigns, consent practices, or messaging content.

  10. INTELLECTUAL PROPERTY NOTICES & CONFIDENTIALITY

    1. Intellectual Property Notices
      Customer agrees not to remove and to retain all proprietary Marks, legends and IP notices that appear on or display in connection with the Services, documentation, and Confidential Information delivered to you by Donorbox, and all whole or partial copies thereof.
    2. Confidential Information
      “Confidential Information” means any non-public information disclosed by a party (“Discloser”) to the other party (“Recipient”) that is marked confidential or that a reasonable business person would understand to be confidential, including: (a) the Services, logic, designs, non-public features, roadmaps, pricing methods, and Documentation; (b) security and technical information; (c) business and product plans; and (d) any other proprietary information.

      Confidential Information does not include information that Recipient can demonstrate: (i) is public through no fault of Recipient; (ii) was lawfully known by Recipient before disclosure; (iii) is rightfully received from a third party without duty of confidentiality; or (iv) is independently developed without use of Discloser’s Confidential Information.
    3. Non-Use and Non-Disclosure
      Recipient will use Confidential Information only to perform under this Agreement and will protect it using no less than reasonable care. Recipient will not disclose Confidential Information to third parties except to Authorized Users/agents with a need to know who are bound by confidentiality obligations at least as protective as these Terms.
    4. Compelled Disclosure
      If legally required to disclose Confidential Information, Recipient will provide prompt notice (to the extent permitted) and reasonably cooperate with Discloser’s efforts to seek protective treatment.

  11. TRADEMARKS AND TRADE NAMES

    1. Limited Use
      During the Term, Customer may use Donorbox’s trademarks, logos, service marks, and trade names (“Donorbox Marks”) solely to identify that Customer’s donation program uses Donorbox, subject to Donorbox’s brand guidelines.
    2. Ownership; Non-Challenge
      Donorbox owns all rights in Donorbox Marks. Customer will not challenge or assist others in challenging Donorbox’s rights in the Donorbox Marks, or the registration thereof, or attempt to register confusingly similar marks. All uses and goodwill arising from Customer’s use of Donorbox Marks inures to Donorbox, and you hereby irrevocably assign to Donorbox all such right, title and interest, if any, in any such Marks and agree to provide Donorbox reasonable assistance in its registration of the Marks in those jurisdictions in which your activities will be carried out. Except for the limited rights provided for in this Section 11, nothing contained in this Agreement shall grant you any right, title or interest in Donorbox’s Marks.

  12. WARRANTIES AND DISCLAIMERS

    1. Limited Warranty
      Donorbox will provide the Services substantially as described for the purpose of enabling lawful fundraising and donor management. Donorbox may update and improve the Services from time to time.
    2. Disclaimers
      EXCEPT AS EXPRESSLY PROVIDED, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, DONORBOX DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

  13. INTELLECTUAL PROPERTY INFRINGEMENT FRAMEWORK (PATENTS/COPYRIGHT)

    1. Limitations (Customer-Caused Scenarios)
      Donorbox has no liability for any claim to the extent arising from: (i) combination of the Services with non-Donorbox products not approved by Donorbox; (ii) Customer modifications; (iii) failure to install mandatory updates; or (iv) misuse outside intended purpose.
    2. Notice and Control
      Customer will promptly notify Donorbox of any suspected infringement involving the Services. Donorbox has the exclusive right (but not obligation) to control the defense and settlement of any claim asserting the Services infringe third-party intellectual property rights, and Customer will reasonably cooperate at Donorbox’s expense for such cooperation.
    3. Exclusive Remedy
      THIS SECTION STATES DONORBOX’S ENTIRE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR INTELLECTUAL PROPERTY INFRINGEMENT CLAIMS RELATING TO THE SERVICES, TO THE MAXIMUM EXTENT PERMITTED BY LAW.

  14. INDEMNIFICATION

    1. Indemnification by Customer
      Customer will defend, indemnify, and hold harmless Donorbox and its affiliates, officers, directors, employees, and agents from and against any third-party claims, damages, liabilities, penalties, costs, and reasonable attorneys’ fees arising from or relating to:
      • Customer’s fundraising activities, campaign content, or representations;
      • Customer’s breach of these Terms;
      • Customer’s violation of law (including fundraising, privacy, marketing, TCPA/CTIA, sanctions/export, anti-corruption);
      • Customer Data, including allegations that Customer Data infringes third-party rights.
    2. Indemnification Procedure
      Donorbox will: (i) provide prompt written notice of the claim (failure to do so relieves Customer only to the extent materially prejudiced); (ii) allow Customer to control the defense and settlement; and (iii) provide reasonable cooperation at Customer’s expense. Customer may not settle any claim in a manner that imposes liability or obligations on Donorbox or admits wrongdoing by Donorbox without Donorbox’s written consent.

  15. LIMITATION OF LIABILITY

      TO THE MAXIMUM EXTENT PERMITTED BY LAW:

    1. No Consequential Damages
      NEITHER PARTY WILL BE LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR LOSS OF PROFITS, REVENUE, OR DATA, ARISING OUT OF OR RELATING TO THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY.
    2. Liability Cap
      DONORBOX’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT WILL NOT EXCEED THE AMOUNTS PAID BY CUSTOMER TO DONORBOX IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
    3. Exceptions
      Nothing limits liability for: (a) amounts Customer owes Donorbox; (b) Customer exceeding the scope of license; or (c) liability that cannot be limited under applicable law. EU SCCs/UK Addendum liability provisions apply where required for covered transfers.

  16. TERM; TERMINATION; DATA EXPORT/DELETION

    1. Term
      This Agreement begins when Customer registers an account or uses the Services and continues until terminated.
    2. Termination
      Either party may terminate at any time by notice. Donorbox may suspend or terminate for violations, legal risk, fraud, or suspected unlawful activity.
    3. Data Access and Export After Termination
      Following termination, Customer may, for thirty (30) days, access the Services solely to export Customer Data using standard export features, unless legally prohibited. After that period, Donorbox may delete or anonymize Customer Data consistent with its retention policies, the DPA, and applicable law, except where retention is required for legal, accounting, compliance, fraud prevention, or dispute resolution purposes.

  17. ACCESSIBILITY

      Donorbox endeavors to make the Services reasonably accessible and to align, where feasible, with WCAG 2.1 AA. Customer is responsible for accessibility of Customer-provided content, fundraising pages, and third-party embeds.

  18. INTERNATIONAL USE; EXPORT; SANCTIONS

      Customer will comply with applicable export control and sanctions laws and represents that it is not located in a prohibited jurisdiction (meaning any country/territory subject to comprehensive sanctions/embargoes imposed by the U.S., UK, EU, or other applicable authority such that providing the Services would be unlawful without authorization). Donorbox may suspend or terminate access if it reasonably believes continued use may violate such laws.

  19. ANTI-CORRUPTION (FCPA/UK BRIBERY)

      Customer represents and warrants it will comply with applicable anti-bribery and anti-corruption laws, including the U.S. FCPA and the UK Bribery Act. To Customer’s knowledge, neither Customer nor its officers, employees, agents, or contractors has engaged in conduct that would violate such laws in connection with the Services. Customer will not use the Services in any manner that would cause Donorbox to violate anti-corruption laws.

  20. CHANGES TO TERMS

      Donorbox may update these Terms from time to time. If changes are material, Donorbox will provide reasonable notice via the Services, dashboard, or email. Changes take effect on the date specified. Continued use after the effective date constitutes acceptance. If Customer does not agree, its sole remedy is to discontinue use.

  21. GOVERNING LAW; VENUE

      This Agreement is governed by the laws of the State of Delaware, excluding conflict-of-law rules. Any dispute will be brought exclusively in the state or federal courts located in Delaware, and the parties consent to jurisdiction and venue there.

  22. GENERAL TERMS

    1. Independent Contractors
      The parties are independent contractors. Nothing contained in this Agreement shall be construed to (i) give either Party the power to direct and control the day-to-day activities of the other, (ii) constitute the Parties as partners, joint-venturers, co-owners or otherwise as participants in a joint or common undertaking, or (iii) allow you to create or assume any obligation on behalf of Donorbox for any purpose whatsoever.
    2. Force Majeure
      Neither party is liable for delays beyond reasonable control, except payment obligations.
    3. Assignment
      Customer may not assign without Donorbox’s written consent, except to a successor in connection with merger/acquisition/all or substantially all assets.
    4. Severability
      If any provision is unenforceable, the remainder remains in effect.
    5. No Third-Party Beneficiaries
      Except as required by EU SCCs (data subject third-party beneficiary rights) or other applicable laws, there are no third-party beneficiaries.
    6. Notices
      Notices may be provided via email, dashboard, or other reasonable means unless a law requires otherwise.
    7. Legal Expenses
      The prevailing Party in any legal action brought by one Party against the other and arising out of this Agreement shall be entitled, in addition to any other rights and remedies it may have, to reimbursement for its expenses, including court costs and reasonable attorneys’ fees.
    8. Compliance with Laws
      Each Party shall comply with all applicable laws, including applicable tax, fundraising/charitable solicitation, sanctions/export, privacy, and anti-corruption laws.
    9. Specific Performance; Injunctive Relief
      Customer breach of any obligation under Section 10 of this Agreement or regarding the use, duplication, modification, transfer or confidentiality of any Confidential Information, documentation or otherwise shall entitle Donorbox to injunctive, specific performance or other equitable relief, all without need of bond or undertaking of any nature. Customer hereby specifically acknowledges that Donorbox’s remedies at law under such circumstances would be inadequate.