Privacy Policy | PassItOn.To

Your privacy matters. Here's exactly what we collect, why we collect it, and what we do with it.

1. Introduction

PassItOn.To ("we," "us," "our") operates a platform that connects professionals (Contributors) with individuals seeking advice (Members), where 100% of consultation fees benefit verified nonprofit organizations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at passiton.to.

2. Information We Collect

2.1 Information You Provide

When you use PassItOn.To, you may provide us with:

Account Information: Name, email address, password, profile photo
Profile Information: Bio, expertise areas, professional background, LinkedIn profile, website URL
Payment Information: Credit card details, billing address (processed securely through Stripe)
Nonprofit Information: Organization name, EIN, mission statement, verification documents
Communication Data: Messages sent through our platform, consultation notes, feedback and reviews
Calendar Information: Availability schedules, time zone preferences, and calendar sync tokens (encrypted) for Google Calendar, Microsoft Outlook, and Apple Calendar (CalDAV) integrations

2.2 Information Collected Automatically

When you access our platform, we automatically collect:

Device Information: IP address, browser type, operating system, device identifiers
Usage Data: Pages viewed, features used, time spent on platform, click patterns
Location Data: General geographic location based on IP address
Cookies & Tracking: Session data, authentication tokens, preference settings

2.3 Video Consultation Data

During video consultations powered by Daily.co:

We create temporary meeting rooms with unique access links
Daily.co may collect video/audio data during sessions (see Daily.co Privacy Policy)
Session recordings are optional and require explicit consent from all participants
We store consultation metadata (date, duration, participants) but not video recordings unless explicitly authorized
All video data is encrypted in transit and at rest

Important: No information provided during consultation sessions will ever be used for marketing purposes without your explicit consent.

3. How We Use Your Information

3.1 Platform Operations

Create and manage your account
Process consultation bookings and payments
Facilitate video consultations between Members and Contributors
Distribute consultation fees to nonprofit organizations
Send transactional emails (booking confirmations, reminders, receipts)
Verify nonprofit organization eligibility and status

3.2 Platform Improvement

Analyze usage patterns to improve user experience
Develop new features and functionality
Conduct research and analytics
Monitor platform performance and security

3.3 Communication

Respond to your inquiries and support requests
Send important updates about our Terms of Service or Privacy Policy
Provide customer support and technical assistance
Send promotional emails (with your consent, which you can withdraw anytime)

3.4 Legal Compliance

Comply with legal obligations and regulatory requirements
Enforce our Terms of Service and platform policies
Protect against fraud, abuse, and security threats
Resolve disputes and enforce agreements

3.5 De-identified and Aggregated Data

We may create de-identified and/or aggregated information from your personal data. If we create or receive de-identified information, we will not attempt to re-identify such information, unless required to comply with applicable laws. De-identified and aggregated data may be used for analytics, research, and platform improvement.

3.6 Automated Decision Making

We may use automated decision-making processes, including algorithms and analytics, to improve our Services, match Members with Contributors, and provide personalized recommendations. If you have questions about our automated decision-making practices, please contact us at [email protected]

4. How We Share Your Information

4.1 With Other Users

Public Profiles: Contributor profiles (name, bio, expertise, rates) are publicly visible
Booking Information: Members and Contributors see each other's names and consultation details
Reviews: Member reviews of Contributors are publicly visible

4.2 Service Providers

We share data with trusted third-party services:

Supabase: Database hosting, authentication, and user management
Stripe: Payment processing for consultation fees and platform fees
Daily.co: Video consultation infrastructure and meeting rooms
Resend: Transactional email delivery
Cloudflare Turnstile: Bot protection on contact and request forms (privacy-preserving CAPTCHA alternative)
Google Analytics: Usage analytics and platform metrics
Advertising Partners: Meta (Facebook/Instagram), LinkedIn, Microsoft/Bing, Reddit, and Google Ads for conversion tracking and advertising optimization

4.3 Legal Requirements

We may disclose your information if required by law or to:

Comply with legal process (subpoenas, court orders)
Enforce our Terms of Service
Protect rights, property, or safety of PassItOn.To, our users, or the public
Prevent fraud or security threats

4.4 Business Transfers

If PassItOn.To is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or platform notice before your data becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption: All data transmitted over HTTPS with TLS encryption
Authentication: Secure password hashing and session management via Supabase
Payment Security: PCI-DSS compliant payment processing through Stripe
Access Controls: Role-based access with minimum necessary privileges
Calendar Token Encryption: Calendar sync tokens encrypted at rest

However, no method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

Provide our services and maintain your account
Comply with legal obligations (tax records, payment history)
Resolve disputes and enforce agreements
Prevent fraud and maintain platform security

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we must retain data for legal compliance.

7. Your Privacy Rights

7.1 Access & Portability

Request a copy of your personal data
Export your data in a machine-readable format

7.2 Correction & Updates

Update your profile information anytime through account settings
Request corrections to inaccurate data

7.3 Deletion

Delete your account and associated data
Request removal of specific information (subject to legal retention requirements)

7.4 Marketing Opt-Out

Email Communications: Unsubscribe from promotional emails via the link in any marketing message. You will still receive transactional emails (booking confirmations, receipts).
Text Messages: If you receive unwanted text messages from us, you may opt out by following the instructions in the text message or by contacting us at [email protected]

7.5 California Residents (CCPA) - Do Not Sell My Personal Information

California residents have additional rights under the California Consumer Privacy Act:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of sale of personal information
Right to non-discrimination for exercising your rights

We do not sell your personal information. However, we use analytics and advertising tools that may constitute "sharing" under CCPA. To opt out, you can:

Reject cookies when prompted on your first visit
Use browser settings to block third-party cookies
Email us at [email protected] to request opt-out

7.6 European Residents (GDPR)

European Economic Area residents have rights under the General Data Protection Regulation:

Right to access, rectification, erasure, and data portability
Right to restrict or object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

To exercise any of these rights, email us at [email protected]

8. Cookies & Tracking Technologies

8.1 Cookie Consent Management

PassItOn.To uses Cloudflare Zaraz to manage cookies and tracking technologies. When you first visit our site, you'll see a cookie consent banner where you can accept or reject different cookie categories.

How consent works based on your location:

EU/EEA Visitors (GDPR): You will see a consent modal requiring explicit opt-in before any non-essential cookies are set. Analytics and marketing cookies are OFF by default and require your affirmative consent.
US and Other Visitors: You will see a consent banner with analytics and marketing cookies enabled by default (opt-out model). You can decline these cookies or customize your preferences at any time.

Regardless of your location, essential cookies required for basic platform functionality cannot be disabled.

8.2 Types of Cookies We Use

We use the following categories of cookies and tracking technologies:

Essential Cookies (Always Active): These cookies are necessary for our platform to function and cannot be disabled. They include:
- Authentication tokens to keep you logged in
- Session management and security
- Load balancing and performance optimization
- CSRF protection tokens
Analytics Cookies (Optional): With your consent, we use Google Analytics 4 (via Cloudflare Zaraz) to understand how visitors interact with our platform. This helps us:
- Measure website traffic and user engagement
- Identify popular features and content
- Detect and fix technical issues
- Improve overall user experience
Analytics data is aggregated and anonymized. We never sell this data to third parties.
Functional Cookies (Optional): These cookies enable enhanced functionality and personalization:
- Remember your language and region preferences
- Save your dashboard customization settings
- Store your timezone for accurate scheduling
Marketing/Advertising Cookies: We use advertising pixels and tracking technologies from the following platforms to measure ad effectiveness and deliver relevant advertisements:
- Meta Pixel (Facebook/Instagram): Tracks conversions and enables retargeting for Meta advertising platforms
- Google Ads: Measures conversions from Google advertising campaigns
- LinkedIn Insight Tag: Tracks conversions and enables B2B advertising on LinkedIn
- Microsoft/Bing UET: Tracks conversions from Microsoft Advertising (Bing, Yahoo, DuckDuckGo)
- Reddit Pixel: Tracks conversions from Reddit advertising campaigns
These platforms may use the data collected to show you personalized ads on their networks. We also use server-side conversion APIs for more accurate tracking. You can opt out of personalized advertising through each platform's privacy settings or by using browser extensions like uBlock Origin.

8.3 Third-Party Services & Their Privacy Policies

We use the following third-party services that may set cookies:

Cloudflare: Content delivery, security, and analytics - Privacy Policy
Google Analytics 4: Website analytics - Privacy Policy
Stripe: Payment processing - Privacy Policy
Supabase: Database and authentication - Privacy Policy

Advertising partners:

Meta (Facebook/Instagram): Privacy Policy | Ad Preferences
Google Ads: Privacy Policy | Ad Settings
LinkedIn: Privacy Policy | Ad Preferences
Microsoft/Bing: Privacy Policy | Ad Settings
Reddit: Privacy Policy | Ad Preferences

8.4 Managing Your Cookie Preferences

You have control over your cookie preferences:

Via Our Cookie Settings: Click the "Cookie Settings" link in our website footer at any time to reopen the consent banner and change your preferences. You can also withdraw consent entirely.
Via Browser Settings: Most browsers allow you to block or delete cookies through their settings menu. Note that blocking essential cookies may prevent you from using certain features of our platform.
Via Ad Platform Settings: You can opt out of personalized advertising through each platform's ad preferences (links provided above).
Browser Extensions: Tools like uBlock Origin or Privacy Badger can block tracking cookies.
Do Not Track: We respect browser "Do Not Track" signals where technically feasible.

Your consent preferences are stored in a cookie on your device for 12 months. After this period, or if you clear your cookies, you will be prompted to make your choice again.

Popular browser cookie settings:

8.5 Cookie Retention

Different cookies have different lifespans:

Session Cookies: Deleted when you close your browser
Consent Cookie: Stored for 12 months to remember your preferences
Authentication Cookies: Expire after 7 days of inactivity or when you log out
Analytics Cookies: Typically expire after 2 years (managed by Google Analytics)

9. Children's Privacy

PassItOn.To is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 18, we will delete it immediately. If you believe we have collected information from a child, contact us at [email protected]

10. Health Information

Important: Contributors on PassItOn.To provide professional advice and consultation, but this is not therapy, medical treatment, or mental health services. Contributors are not acting as licensed therapists, psychologists, or other medical professionals through our platform.

We are not a "Covered Entity" or "Business Associate" as defined under the Health Insurance Portability and Accountability Act ("HIPAA"), and we do not intentionally collect or solicit "Protected Health Information" as defined by HIPAA. The information you share during consultations should not include sensitive medical or health information that requires HIPAA protection.

Always seek advice from qualified healthcare providers for medical, mental health, or therapeutic needs. Do not disregard or delay seeking medical advice because of information received through our Services.

11. Third-Party Links

Our platform may contain links to third-party websites (e.g., Contributor LinkedIn profiles, nonprofit websites). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. By using PassItOn.To, you consent to the transfer of your information to the United States and other countries where we operate.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated policy on this page with a new "Last Updated" date
Sending an email notification for significant changes
Displaying a prominent notice on the platform

Your continued use of PassItOn.To after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

[email protected]

General Inquiries

[email protected]

By using PassItOn.To, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Your privacy matters. Here's exactly what we collect, why we collect it, and what we do with it.

1. Introduction

2. Information We Collect

2.1 Information You Provide

When you use PassItOn.To, you may provide us with:

Account Information: Name, email address, password, profile photo
Profile Information: Bio, expertise areas, professional background, LinkedIn profile, website URL
Payment Information: Credit card details, billing address (processed securely through Stripe)
Nonprofit Information: Organization name, EIN, mission statement, verification documents
Communication Data: Messages sent through our platform, consultation notes, feedback and reviews
Calendar Information: Availability schedules, time zone preferences, and calendar sync tokens (encrypted) for Google Calendar, Microsoft Outlook, and Apple Calendar (CalDAV) integrations

2.2 Information Collected Automatically

When you access our platform, we automatically collect:

Device Information: IP address, browser type, operating system, device identifiers
Usage Data: Pages viewed, features used, time spent on platform, click patterns
Location Data: General geographic location based on IP address
Cookies & Tracking: Session data, authentication tokens, preference settings

2.3 Video Consultation Data

During video consultations powered by Daily.co:

We create temporary meeting rooms with unique access links
Daily.co may collect video/audio data during sessions (see Daily.co Privacy Policy)
Session recordings are optional and require explicit consent from all participants
We store consultation metadata (date, duration, participants) but not video recordings unless explicitly authorized
All video data is encrypted in transit and at rest

Important: No information provided during consultation sessions will ever be used for marketing purposes without your explicit consent.

3. How We Use Your Information

3.1 Platform Operations

Create and manage your account
Process consultation bookings and payments
Facilitate video consultations between Members and Contributors
Distribute consultation fees to nonprofit organizations
Send transactional emails (booking confirmations, reminders, receipts)
Verify nonprofit organization eligibility and status

3.2 Platform Improvement

Analyze usage patterns to improve user experience
Develop new features and functionality
Conduct research and analytics
Monitor platform performance and security

3.3 Communication

Respond to your inquiries and support requests
Send important updates about our Terms of Service or Privacy Policy
Provide customer support and technical assistance
Send promotional emails (with your consent, which you can withdraw anytime)

3.4 Legal Compliance

Comply with legal obligations and regulatory requirements
Enforce our Terms of Service and platform policies
Protect against fraud, abuse, and security threats
Resolve disputes and enforce agreements

3.5 De-identified and Aggregated Data

3.6 Automated Decision Making

4. How We Share Your Information

4.1 With Other Users

Public Profiles: Contributor profiles (name, bio, expertise, rates) are publicly visible
Booking Information: Members and Contributors see each other's names and consultation details
Reviews: Member reviews of Contributors are publicly visible

4.2 Service Providers

We share data with trusted third-party services:

Supabase: Database hosting, authentication, and user management
Stripe: Payment processing for consultation fees and platform fees
Daily.co: Video consultation infrastructure and meeting rooms
Resend: Transactional email delivery
Cloudflare Turnstile: Bot protection on contact and request forms (privacy-preserving CAPTCHA alternative)
Google Analytics: Usage analytics and platform metrics
Advertising Partners: Meta (Facebook/Instagram), LinkedIn, Microsoft/Bing, Reddit, and Google Ads for conversion tracking and advertising optimization

4.3 Legal Requirements

We may disclose your information if required by law or to:

Comply with legal process (subpoenas, court orders)
Enforce our Terms of Service
Protect rights, property, or safety of PassItOn.To, our users, or the public
Prevent fraud or security threats

4.4 Business Transfers

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption: All data transmitted over HTTPS with TLS encryption
Authentication: Secure password hashing and session management via Supabase
Payment Security: PCI-DSS compliant payment processing through Stripe
Access Controls: Role-based access with minimum necessary privileges
Calendar Token Encryption: Calendar sync tokens encrypted at rest

However, no method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

Provide our services and maintain your account
Comply with legal obligations (tax records, payment history)
Resolve disputes and enforce agreements
Prevent fraud and maintain platform security

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we must retain data for legal compliance.

7. Your Privacy Rights

7.1 Access & Portability

Request a copy of your personal data
Export your data in a machine-readable format

7.2 Correction & Updates

Update your profile information anytime through account settings
Request corrections to inaccurate data

7.3 Deletion

Delete your account and associated data
Request removal of specific information (subject to legal retention requirements)

7.4 Marketing Opt-Out

Email Communications: Unsubscribe from promotional emails via the link in any marketing message. You will still receive transactional emails (booking confirmations, receipts).
Text Messages: If you receive unwanted text messages from us, you may opt out by following the instructions in the text message or by contacting us at [email protected]

7.5 California Residents (CCPA) - Do Not Sell My Personal Information

California residents have additional rights under the California Consumer Privacy Act:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of sale of personal information
Right to non-discrimination for exercising your rights

We do not sell your personal information. However, we use analytics and advertising tools that may constitute "sharing" under CCPA. To opt out, you can:

Reject cookies when prompted on your first visit
Use browser settings to block third-party cookies
Email us at [email protected] to request opt-out

7.6 European Residents (GDPR)

European Economic Area residents have rights under the General Data Protection Regulation:

Right to access, rectification, erasure, and data portability
Right to restrict or object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

To exercise any of these rights, email us at [email protected]

8. Cookies & Tracking Technologies

8.1 Cookie Consent Management

How consent works based on your location:

EU/EEA Visitors (GDPR): You will see a consent modal requiring explicit opt-in before any non-essential cookies are set. Analytics and marketing cookies are OFF by default and require your affirmative consent.
US and Other Visitors: You will see a consent banner with analytics and marketing cookies enabled by default (opt-out model). You can decline these cookies or customize your preferences at any time.

Regardless of your location, essential cookies required for basic platform functionality cannot be disabled.

8.2 Types of Cookies We Use

We use the following categories of cookies and tracking technologies:

Essential Cookies (Always Active): These cookies are necessary for our platform to function and cannot be disabled. They include:
- Authentication tokens to keep you logged in
- Session management and security
- Load balancing and performance optimization
- CSRF protection tokens
Analytics Cookies (Optional): With your consent, we use Google Analytics 4 (via Cloudflare Zaraz) to understand how visitors interact with our platform. This helps us:
- Measure website traffic and user engagement
- Identify popular features and content
- Detect and fix technical issues
- Improve overall user experience
Analytics data is aggregated and anonymized. We never sell this data to third parties.
Functional Cookies (Optional): These cookies enable enhanced functionality and personalization:
- Remember your language and region preferences
- Save your dashboard customization settings
- Store your timezone for accurate scheduling
Marketing/Advertising Cookies: We use advertising pixels and tracking technologies from the following platforms to measure ad effectiveness and deliver relevant advertisements:
- Meta Pixel (Facebook/Instagram): Tracks conversions and enables retargeting for Meta advertising platforms
- Google Ads: Measures conversions from Google advertising campaigns
- LinkedIn Insight Tag: Tracks conversions and enables B2B advertising on LinkedIn
- Microsoft/Bing UET: Tracks conversions from Microsoft Advertising (Bing, Yahoo, DuckDuckGo)
- Reddit Pixel: Tracks conversions from Reddit advertising campaigns
These platforms may use the data collected to show you personalized ads on their networks. We also use server-side conversion APIs for more accurate tracking. You can opt out of personalized advertising through each platform's privacy settings or by using browser extensions like uBlock Origin.

8.3 Third-Party Services & Their Privacy Policies

We use the following third-party services that may set cookies:

Cloudflare: Content delivery, security, and analytics - Privacy Policy
Google Analytics 4: Website analytics - Privacy Policy
Stripe: Payment processing - Privacy Policy
Supabase: Database and authentication - Privacy Policy

Advertising partners:

Meta (Facebook/Instagram): Privacy Policy | Ad Preferences
Google Ads: Privacy Policy | Ad Settings
LinkedIn: Privacy Policy | Ad Preferences
Microsoft/Bing: Privacy Policy | Ad Settings
Reddit: Privacy Policy | Ad Preferences

8.4 Managing Your Cookie Preferences

You have control over your cookie preferences:

Via Our Cookie Settings: Click the "Cookie Settings" link in our website footer at any time to reopen the consent banner and change your preferences. You can also withdraw consent entirely.
Via Browser Settings: Most browsers allow you to block or delete cookies through their settings menu. Note that blocking essential cookies may prevent you from using certain features of our platform.
Via Ad Platform Settings: You can opt out of personalized advertising through each platform's ad preferences (links provided above).
Browser Extensions: Tools like uBlock Origin or Privacy Badger can block tracking cookies.
Do Not Track: We respect browser "Do Not Track" signals where technically feasible.

Your consent preferences are stored in a cookie on your device for 12 months. After this period, or if you clear your cookies, you will be prompted to make your choice again.

Popular browser cookie settings:

8.5 Cookie Retention

Different cookies have different lifespans:

Session Cookies: Deleted when you close your browser
Consent Cookie: Stored for 12 months to remember your preferences
Authentication Cookies: Expire after 7 days of inactivity or when you log out
Analytics Cookies: Typically expire after 2 years (managed by Google Analytics)

9. Children's Privacy

10. Health Information

11. Third-Party Links

12. International Data Transfers

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated policy on this page with a new "Last Updated" date
Sending an email notification for significant changes
Displaying a prominent notice on the platform

Your continued use of PassItOn.To after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

[email protected]

General Inquiries

[email protected]

By using PassItOn.To, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.