This Subscriber Agreement (“Agreement”) is a legal contract between Extensia, Inc. (“Extensia,” “we,” or “us”) and the person or entity that accesses or uses the Services (“Subscriber” or “you”). By creating an account, clicking “I Agree,” or using the Services, you accept this Agreement on behalf of yourself and, if applicable, your organization. If you do not agree, do not use the Services.
NOTICE OF ARBITRATION; CLASS ACTION WAIVER. This Agreement includes a binding arbitration provision and class action waiver. Please read Section 29 carefully.
Scope. These Terms govern your access to and use of Extensia websites, applications, tools, and services (the “Services”).
Authority. If you use the Services on behalf of an entity, you represent that you have authority to bind that entity.
Acceptance. You accept this Agreement electronically when you click to accept, create an account, or use the Services. Continued use after any update constitutes acceptance of the updated Agreement.
Electronic Signatures & Communications Consent
You agree to transact with us electronically. Clicking “I Agree,” checking a box, or using the Services constitutes your electronic signature and agreement to this Agreement and any policies referenced herein. You consent to receive notices and records electronically.
SMS Terms
Where you provide a phone number and explicitly opt-in via a designated unchecked checkbox, you consent to receive SMS messages from Extensia and our associated Subscriber organizations. SMS consent is never required to use the Services. By opting in you agree that: message and data rates may apply; you may opt out at any time by texting “STOP”; you may get support by texting “HELP” or emailing [email protected]; carriers are not liable for delayed or undelivered messages; and you are 18 years of age or older.
Definitions
“Subscriber” means any individual or legal entity that enters into an agreement with Extensia for the use of its platform, applications, or related services, whether on a paid or trial basis, and that is identified as the account holder in Extensia’s records. The Subscriber is legally responsible for all activities conducted through its account(s), compliance with applicable laws, and maintenance of account credential security.
“Object” means any distinct record, entry, posting, form, module, listing, event, campaign, or other unit of content or data created within any Extensia application by the Subscriber or any authorized user.
“Constituent,” “Donor,” or “Community Member” means an individual or organization who makes a payment or engages in any interaction with the Subscriber’s organization through the Services.
“User” means any individual or organization that utilizes or consumes the Services, with or without creating a user account.
“Authorized User” means any individual designated by the Subscriber to access and use the Services on the Subscriber’s behalf.
“Constituent Recognition Service” means Extensia’s proprietary capability that enables identification of returning constituents at the point of payment interaction across Extensia-powered events and organizations. This capability constitutes Extensia’s confidential trade secret and proprietary technology.
“Confidential Information” means any non-public information disclosed by one party to the other that is designated as confidential or that reasonably should be understood to be confidential, including Extensia’s platform architecture, pricing, source code, proprietary recognition capabilities, and customer data.
“Intellectual Property” means all patents, copyrights, trademarks, service marks, trade secrets, know-how, and other proprietary rights, including all platform software, algorithms, data models, and proprietary service capabilities.
Eligibility
To use the Services you must be, and represent that you are, of legal age (18 years of age or older, or of legal age in your jurisdiction, or 13 years of age with parental consent) and competent to agree to these Terms. If Extensia has previously prohibited you from accessing the Services, you are not permitted to access or use the Services.
Data Rights, Constituent Recognition & Perpetual Retention
4.1 Data Layer Structure
Subscriber-Scoped Data. Data specific to a Subscriber’s use of the platform — including internal administrative records and constituent data scoped to that organization — is processed by Extensia on behalf of the Subscriber. The Subscriber is the primary Data Controller for this data layer.
Extensia Identity Service. Constituent identity data collected through the Constituent Recognition Service — including payment identifiers, associated profile attributes, and consent records — is collected and controlled by Extensia as an independent Data Controller, separate from any Subscriber relationship. Extensia’s right to retain this data is derived from direct consent obtained from Constituents at the point of interaction, independent of the Subscriber. This data layer is not subject to deletion upon a Subscriber’s exit from the platform.
Aggregated Data. Extensia retains the perpetual, irrevocable right to de-identify, aggregate, and use all platform data for any purpose, including platform improvement, intelligence capability development, and commercial analytics. Once de-identified, such data is not subject to any deletion, portability, or restriction obligation.
4.2 Extensia as Independent Data Controller
By entering into this Agreement, Subscriber acknowledges that: (a) Extensia operates the Constituent Recognition Service as an independent Data Controller; (b) Extensia’s right to retain constituent identity data is derived from direct constituent consent, independent of the Subscriber relationship; (c) Subscriber’s termination of this Agreement does not require or authorize Extensia to delete constituent data in the Extensia Identity Service layer for Constituents who have separately consented; and (d) Subscriber has no authority to direct Extensia to delete, modify, or restrict constituent records in the Extensia Identity Service layer.
4.3 Constituent Consent — Recognition Enrollment
Extensia collects direct consent from Constituents for enrollment in the Constituent Recognition Service through a standalone, unchecked-by-default opt-in checkbox presented at the point of payment. The checkbox is independent of the transaction — Constituents may complete their donation without enrolling. Upon affirmative opt-in, Extensia records the Constituent’s consent, the date and time of enrollment, and the channel through which consent was obtained. A Constituent’s subsequent non-enrollment in a later session does not withdraw prior consent. Constituents may withdraw consent at any time through the opt-out process described in the Privacy Policy.
4.4 Subscriber Data Obligations
Subscriber represents and warrants that: (a) any Constituent data shared with Extensia is shared lawfully and with any required consent; (b) Subscriber has provided all required privacy notices to Constituents regarding data collection through the Services; (c) Subscriber will not instruct Extensia to process Constituent data in a manner that violates applicable law; and (d) Subscriber will execute a Data Processing Addendum if required by applicable law upon Extensia’s request.
Privacy & Regulatory Compliance
CCPA/CPRA. To the extent Extensia processes personal information of California residents, Extensia complies with applicable California privacy law. Extensia does not sell constituent personal information. Subscriber acknowledges its independent obligations as a Business under applicable California privacy law with respect to the personal information of its Constituents.
State Privacy Laws. Subscriber is responsible for determining whether additional state privacy laws apply to its use of the Services and ensuring its own compliance.
PCI-DSS. Extensia maintains PCI-DSS compliant payment infrastructure. Subscriber must not capture, store, or transmit raw cardholder data outside of the Services. Subscriber must not store full card numbers, CVV codes, or magnetic stripe data at any time.
COPPA. Subscriber shall not knowingly submit to the Services personal information of children under the age of 13 without verifiable parental consent in compliance with the Children’s Online Privacy Protection Act.
Additional Terms and Policies
Our Privacy Policy governs the collection and use of your information and is incorporated into this Agreement by reference. Certain features or services may have additional terms. If those terms conflict with this Agreement, the additional terms control for that feature or service.
Modifications
We may update this Agreement from time to time by posting the updated version on the Services. Updates are effective upon posting. If you do not agree to an update, you must stop using the Services.
Account Registration
You agree to provide accurate, complete, and current registration information and to maintain the confidentiality and security of your credentials. You are fully responsible for all activities that occur under your account. Notify us at [email protected] if you become aware of any unauthorized use of your account.
Intellectual Property and Proprietary Rights
The Services are owned and operated by Extensia and are protected by United States copyright laws, international treaty provisions, trademarks, service marks, and other intellectual property laws.
Trade Secrets. Extensia’s proprietary service capabilities — including the Constituent Recognition Service and related platform technologies — constitute Extensia’s confidential trade secrets under the Defend Trade Secrets Act (18 U.S.C. § 1836) and applicable state law. Subscriber shall not reverse engineer, decompile, disassemble, or attempt to derive the source code or underlying architecture of any Extensia service.
No Competitive Use. Subscriber shall not use the Services, or any information derived from the Services, to build, develop, market, or support any product or service that competes with Extensia.
Custom Development. Any custom features or functionality developed by Extensia at Subscriber’s request are and shall remain the sole and exclusive intellectual property of Extensia unless a signed written agreement expressly provides otherwise. Subscriber receives a limited, non-exclusive, non-transferable license to use such features within the Services during the term of this Agreement.
All present and future rights in and to trade secrets, patents, copyrights, trademarks, service marks, know-how, and other proprietary rights shall at all times be and remain the sole and exclusive property of Extensia.
Data Use for Improvements
We may collect and use aggregated or anonymized data derived from your use of the Services for analytics, benchmarking, and improving our services. Such data will not identify you or your organization.
Perpetual Data License. Subscriber hereby grants Extensia a perpetual, irrevocable, royalty-free, worldwide license to de-identify and aggregate all data generated through Subscriber’s use of the Services, and to use such data for any purpose including platform improvement, intelligence capability development, and commercial analytics. This license survives termination of this Agreement.
Confidentiality
Each party agrees to hold the other party’s Confidential Information in strict confidence, not disclose it to any third party without prior written consent, and use it only to the extent necessary to perform obligations under this Agreement.
Extensia’s Proprietary Information. Subscriber specifically acknowledges that all information related to Extensia’s proprietary service capabilities, platform architecture, pricing structures, and any unreleased product roadmap information constitutes Extensia Confidential Information and trade secrets. Subscriber shall not disclose, reproduce, or use such information for any purpose other than use of the Services.
Exceptions. Confidentiality obligations do not apply to information that: (a) becomes publicly known through no breach of this Agreement; (b) was rightfully known before disclosure; (c) is independently developed without use of Confidential Information; or (d) is required to be disclosed by law or court order, provided the disclosing party gives prompt written notice.
User Content
The Services may enable you to submit, post, upload, or otherwise make available content such as Objects, photographs, comments, and other content (“User Content”). When you post User Content, you grant Extensia a worldwide, perpetual, irrevocable, royalty-free, non-exclusive, and sublicensable license to use, copy, distribute, reproduce, modify, adapt, publicly perform, publicly display, translate, and create derivative works from such User Content solely for the purposes of providing, improving, and promoting the Services. We will not sell, lease, or otherwise commercially exploit your non-public User Content to third parties.
You represent that all User Content you post is your sole responsibility and that you have all required rights to post it. Subscribers that share personal data with us further represent and warrant that they may share such personal data with us under applicable law without restriction.
License to Use Services
Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-sublicensable, non-transferable, and revocable right to access and use the Services only for your own use and only in a manner that complies with all legal requirements. Extensia may revoke this license at any time, in its sole discretion.
Service Availability & Maintenance
We aim to provide the Services with minimal interruptions but do not guarantee continuous availability. The Services may be unavailable due to maintenance, upgrades, system or network failures, or events beyond our reasonable control. We are not liable for any downtime, loss of data, or inability to access the Services.
Fundraising Compliance
You are solely responsible for ensuring that your fundraising campaigns, solicitations, and activities comply with all applicable laws, regulations, and tax requirements, including charitable solicitation registration and reporting. We do not monitor your activities for compliance and do not provide legal, tax, or compliance advice. Extensia has no liability for your failure to comply with any such obligations.
Third-Party Services
The Services may integrate with or make available third-party services, including payment processors. We do not control and are not responsible for these third-party services. Your use of them is subject to their own terms and policies. We are not liable for any acts, omissions, errors, or failures of third-party services.
Chargebacks and Refunds
You are solely responsible for handling refunds, chargebacks, and disputes with your donors or other contributors. We may deduct or offset such amounts from your account balance or future payouts. You authorize Extensia to share relevant transaction data with payment processors and financial institutions as necessary to investigate or resolve such disputes.
Payments, Fees & Suspension
Platform fees and per-transaction fees may apply. Payment gateway processing fees apply for all charges, chargebacks, and refunds. Funds will be transferred to the Subscriber within 30 days after receipt of funds from the payment gateway, barring any unforeseen circumstances such as a possible violation of these Terms, inaccurate information, or a Hold as described in Section 22.
Late Fees. Amounts owed to Extensia that remain unpaid for more than thirty (30) days after the invoice date will accrue interest at 1.5% per month (or the maximum rate permitted by applicable law), compounded monthly from the due date.
Suspension for Non-Payment. Extensia may suspend access to the Services if any undisputed amount remains outstanding for more than fifteen (15) days after written notice. Suspension does not relieve Subscriber of payment obligations. Access will be restored within two (2) business days of receipt of full payment.
Unless otherwise stated in an order form, subscriptions automatically renew for successive terms equal to the initial subscription period, unless you cancel before the renewal date. We may change our fees upon at least thirty (30) days’ prior written notice. Your continued use of the Services after the effective date of any fee change constitutes acceptance of the updated fees.
Prohibited Uses
Use of the Services for any illegal purpose or any purpose not expressly permitted in these Terms is strictly prohibited. Without limitation, you will not:
- Post User Content that is polemic, sectarian, divisive, violent, threatening, obscene, false, misleading, defamatory, or harassing;
- Copy, modify, distribute, reverse engineer, or create derivative works from any Extensia content or service without authorization;
- Access the Services in an automated way using any robot, spider, scraper, web crawler, or AI data extraction tool;
- Use the Services, or any data derived from the Services, to develop or support any product or service that competes with Extensia;
- Probe, scan, or test the security or vulnerability of any Extensia system without express written authorization;
- Violate any robot exclusion headers or bypass measures employed to prevent or limit access to the Services;
- Send spam or other unsolicited solicitations; or
- Interfere with any other party’s use and enjoyment of the Services.
No Endorsement
Extensia provides a platform that allows organizations to orchestrate events, campaigns, solicit volunteers, and raise money. We do not endorse any Events, Campaigns, donors, individuals, or organizations, and we are not a party to any agreements between or among our users or third parties.
DONORS ARE SOLELY RESPONSIBLE FOR ASSESSING THE VALUE AND APPROPRIATENESS OF CONTRIBUTING TO ANY CAMPAIGN. WE ENCOURAGE DONORS TO USE THEIR DISCRETION WHEN SUPPORTING CAMPAIGNS.
Audit Rights
Extensia reserves the right, upon not less than ten (10) business days’ prior written notice, to audit Subscriber’s use of the Services to verify compliance with this Agreement, including acceptable use and data handling obligations. Audits will be conducted during normal business hours and will not unreasonably disrupt Subscriber’s operations. Extensia may conduct up to one (1) audit per calendar year, unless a prior audit revealed a material breach.
Account Suspensions
Extensia may place a hold on a Subscriber account or on the transfer of funds raised (a “Hold”) if: (i) information provided by a Subscriber is false, misleading, or fraudulent; (ii) funds should be provided to a person other than the Subscriber; (iii) an Event, Campaign, or Subscriber has violated these Terms; or (iv) required to comply with a court order, subpoena, writ, injunction, or applicable law.
Taxes
Each Subscriber is responsible for determining what taxes apply to donations received through the Services and for assessing, collecting, reporting, or remitting the correct tax to the appropriate authority. Extensia makes no representation as to whether donations are tax-deductible. Consult your tax advisor.
No Legal or Tax Advice
Extensia does not provide legal, tax, or compliance advice. Any tools, templates, or guidance provided through the Services are for informational purposes only and do not constitute professional advice. Consult qualified professionals for advice tailored to your circumstances.
Legal Compliance
You acknowledge and agree that Extensia may access, preserve, and disclose your information if required to do so by law or in a good faith belief that such access, preservation, or disclosure is reasonably necessary to: (1) comply with legal process; (2) enforce these Terms or our Privacy Policy; (3) respond to claims that any content violates third-party rights; (4) respond to your customer service requests; or (5) protect the rights, property, or safety of Extensia, its users, and the public.
Warranties and Disclaimers
THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ALL OF WHICH ARE DISCLAIMED TO THE FULLEST EXTENT PERMITTED BY LAW.
IN NO EVENT SHALL EXTENSIA OR ITS AFFILIATES, LICENSORS, VENDORS, OR ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR OTHER REPRESENTATIVES BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR OTHER DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF DATA, OR COSTS OF OBTAINING SUBSTITUTE GOODS OR SERVICES, ARISING OUT OF OR IN CONNECTION WITH THE SERVICES, WHETHER OR NOT EXTENSIA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Liability Cap. IN ANY EVENT, EXTENSIA’S AGGREGATE LIABILITY WILL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY SUBSCRIBER TO EXTENSIA IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM; OR (B) FIVE HUNDRED U.S. DOLLARS ($500). THIS CAP APPLIES TO ALL CLAIMS IN THE AGGREGATE.
If you are a California resident, you hereby waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.”
Indemnification
You agree to indemnify, defend, and hold harmless Extensia, its affiliates, and their officers, directors, employees, agents, licensors, and suppliers from and against all claims, losses, liabilities, expenses, damages, and costs (including attorneys’ fees) arising from or relating to: (a) your use of the Services; (b) your fundraising campaigns, solicitations, or events; (c) your violation of this Agreement; (d) your violation of any law or third-party rights; or (e) any claim that User Content or data you submitted infringes or misappropriates any third-party intellectual property right.
IP Indemnity. Subscriber specifically agrees to indemnify Extensia from any claim arising out of Subscriber’s unauthorized use or disclosure of Extensia Confidential Information or proprietary technology.
Carve-Out. Subscriber’s indemnification obligations do not extend to claims arising from Extensia’s own gross negligence or willful misconduct.
Termination & Post-Termination Data
Termination for Cause. We may immediately suspend or terminate your account, without prior notice, if we believe in our sole discretion that: (a) you have violated this Agreement; (b) your activities create risk for us or other users; (c) your account is involved in fraud, illegal activity, or harm to our reputation; or (d) required by law or by a payment processor.
Post-Termination Data. Upon termination: (a) Subscriber’s access to subscriber-scoped operational data will cease and Extensia will make such data available for export for thirty (30) days, after which it may be deleted; (b) constituent data in the Extensia Identity Service layer for Constituents who have separately consented is retained by Extensia as independent Data Controller and is not subject to deletion upon Subscriber exit; (c) aggregated and de-identified data is retained perpetually under Section 10; and (d) payment and transaction records required for regulatory or legal compliance are retained for the period required by applicable law.
Sections 4, 5, 9, 10, 11, 26, 27, 30, and 31 survive termination of this Agreement.
Arbitration and Class Action Waiver
PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT.
You and Extensia agree that the Federal Arbitration Act governs the interpretation and enforcement of these arbitration provisions. This section governs all disputes between us arising out of or relating to any aspect of the relationship between us, whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory, including claims that arose before or may arise after these Terms.
Initial Dispute Resolution
Before taking any formal action, you agree to contact us at [email protected] with a brief written description of the dispute.
Binding Arbitration
If a dispute is not resolved within sixty (60) days of initiating informal resolution, either party may initiate binding arbitration administered by JAMS under applicable JAMS rules. The arbitrator may grant any relief that would be available in court.
Attorneys’ Fees
In any arbitration or litigation arising from Subscriber’s willful breach of Sections 9 (Intellectual Property), 11 (Confidentiality), or 19 (Prohibited Uses), the prevailing party is entitled to recover its reasonable attorneys’ fees and costs.
Class Action Waiver
Each party may bring claims against the other only in its individual capacity, and not as a plaintiff or class member in any purported class or representative proceeding.
Opt-Out
You may opt out of these arbitration provisions by sending written notice to [email protected] with the subject line “ARBITRATION AND CLASS ACTION WAIVER OPT-OUT” within thirty (30) days of your first use of the Services.
Governing Law & Severability
These Terms are governed by the laws of the State of Georgia, without regard to its conflicts of law principles. Except for claims subject to mandatory arbitration, disputes shall be resolved in the state or federal courts of Fulton County, Georgia, and each party consents to the exclusive jurisdiction of such courts.
If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions will continue in full force and effect.
Force Majeure
Extensia shall not be liable for any delay or failure in performance resulting from causes beyond its reasonable control, including acts of God, natural disasters, pandemic or public health emergencies, war, terrorism, civil unrest, governmental actions, telecommunications failures, power outages, internet service disruptions, or cybersecurity incidents that materially impair Extensia’s ability to provide the Services. Extensia will use commercially reasonable efforts to restore Services as promptly as practicable.
General Terms
Assignment. Extensia may assign this Agreement without your consent. You may not assign this Agreement without Extensia’s prior written consent.
No Waiver. Failure by Extensia to exercise or enforce any right or remedy does not waive that right or remedy.
Entire Agreement. This Agreement (and all incorporated policies) is the entire agreement between you and Extensia regarding the Services and supersedes all prior agreements on the subject matter.
Notices. Notices to Extensia must be sent to [email protected] and to: Extensia, Inc., 2300 Lakeview Parkway, Suite 700, Alpharetta, GA 30009.
Copyright Claims. To report a DMCA copyright claim, contact: Extensia, Inc., Attn: Legal Team, 2300 Lakeview Parkway, Suite 700, Alpharetta, GA 30009.
Contact Extensia — Legal
Contracts & Legal: [email protected]
Customer Success: [email protected]
Mail: Extensia, Inc., 2300 Lakeview Parkway, Suite 700, Alpharetta, GA 30009
This Privacy Policy (“Policy”) describes and governs the information collection, use, and sharing practices of Extensia, Inc. (“Extensia”, “we”, “us”, and “our”) with respect to your use of Extensia websites, products, tools, promotions, and any other services that reference this Policy (collectively, the “Services”).
By using any part of the Services, you consent to the collection, use, and disclosure of your information as outlined in this Policy. IF YOU DO NOT AGREE TO THIS POLICY, PLEASE DO NOT USE THE SERVICES.
We will continue to evaluate this Policy as we update and expand the Services. Any material changes will be communicated to you as required by law. Undefined capitalized terms used herein shall have the definitions set forth in our Terms of Use.
SMS & Mobile Privacy Compliance. SMS opt-in requires an explicit, unchecked checkbox and is never required as a condition of using our services. No mobile information will be shared with third parties for marketing purposes. Text messaging originator opt-in data and consent will never be sold, rented, or shared under any circumstances. Reply “STOP” at any time to unsubscribe. Contact [email protected] for support.
Information Collection and Use
We collect information in multiple ways, including information you provide directly to us and information passively collected from your browser or device.
1.1 Information You Provide Directly
We may collect information from you when you register for an account, make a donation, create a fundraiser, participate in programs or services, volunteer, fill out a survey, request features, communicate with us, or post User Content. The information you provide may include your name, email address, mailing address, phone number, birthdate, workplace information, photographs and audio/video content, location information, government-issued identification documents, and financial information needed to verify your identity.
1.2 Information Automatically Collected
When you interact with the Services, we automatically collect certain information about your device and activity. This may include IP addresses, device identifiers, browser type, operating system, pages viewed, links clicked, and similar usage data. We use cookies, tracking pixels, and similar technologies for functionality, security, analytics, and personalization. You may disable cookies through your browser settings, though doing so may affect the availability of certain features.
1.3 Location Information
We may collect general location information derived from your IP address or device settings, and more specific location information if you enable location services on your device. You may disable location tracking through your device settings.
1.4 Information from Third Parties
We may collect information about you from affiliates, social networks you connect to the Services, and non-affiliated third parties — including supplemental identity, trustworthiness, or fraud-prevention information — and combine it with information we collect directly.
How We Use Your Information
We may use the information we collect from and about you to:
- Provide, operate, and improve the Services;
- Recognize and authenticate you;
- Send you transactional communications, account alerts, and newsletters you have subscribed to;
- Respond to your inquiries and process your feedback;
- Conduct internal research, reporting, and analytics;
- Personalize your experience on the Services and elsewhere;
- Send you SMS messages and calls with your consent;
- Enforce the legal terms that govern your use of the Services; and
- Administer and troubleshoot the Services.
Aggregated and De-Identified Data. We may de-identify and aggregate data collected through the Services. De-identified and aggregated data may be used for any purpose, including research, analytics, platform improvement, and the development of Extensia’s proprietary intelligence capabilities. Such data is not subject to deletion, portability, or restriction obligations.
SMS Privacy and Consent
When you opt in to receive SMS messages from us, we collect your phone number and consent solely for communication purposes related to our services. We do not share, sell, rent, or disclose your phone number or SMS consent with third parties for marketing or any other purposes.
Where sharing your mobile phone number with a third party is operationally necessary to deliver platform services to you — such as carrier infrastructure for SMS delivery — we collect your formal consent to do so before sharing.
You may opt out at any time by replying “STOP” to any message. For support, reply “HELP” or contact [email protected].
Constituent Recognition
Extensia operates a constituent recognition capability that allows returning constituents to be identified automatically at Extensia-powered events — without re-entering their information — when they choose to enroll.
What We Collect. When you make a payment at an Extensia-powered kiosk, our payment infrastructure generates a unique payment identifier associated with the payment method you used. This identifier contains no cardholder data and cannot be used to reconstruct your card number or initiate unauthorized payments. If you choose to enroll in the recognition service (see Section 6), this identifier is retained by Extensia and associated with your constituent profile.
Scope of Recognition. If you enroll, Extensia may use this identifier to recognize you at any Extensia-powered event, including events hosted by organizations other than the one where you first gave. If you do not enroll, your identifier is retained only in connection with the specific organization at whose event you gave, and cross-organization recognition is not activated.
No Raw Card Data Stored. Extensia does not store full card numbers, CVV codes, expiration dates, or magnetic stripe data. Extensia’s payment infrastructure is PCI-DSS compliant.
Data Layers — Who Controls What
Extensia’s platform operates with distinct data layers. The layer your data belongs to determines your rights with respect to that data and how long it is retained.
Subscriber-Scoped Data. Data specific to a particular organization’s use of Extensia is controlled by that organization (the Subscriber) as the primary Data Controller. Extensia processes this data on their behalf. If a Subscriber terminates its agreement with Extensia, this data is made available for export for thirty (30) days and may then be deleted.
Extensia Identity Service. Constituent identity data collected through Extensia’s recognition capability — including payment identifiers, associated profile attributes, and consent records — is controlled by Extensia as an independent Data Controller, separate from any individual Subscriber relationship. Extensia’s right to retain this data is derived from your direct consent (see Section 6). This data is not subject to deletion upon a Subscriber’s exit from the platform.
Aggregated Data. De-identified and aggregated data derived from platform activity is owned by Extensia and retained perpetually for analytics, platform improvement, and intelligence development.
Your Consent — Recognition Enrollment
6.1 How We Collect Your Consent
Enrollment in Extensia’s recognition service requires your affirmative consent through a standalone opt-in checkbox presented at the point of payment. The checkbox is unchecked by default. Checking it is optional — you can complete your donation without enrolling. The checkbox label reads: “Remember me at future events — skip re-entry next time you give at any organization using Extensia.”
6.2 What Enrollment Authorizes
By enrolling, you consent to Extensia retaining your payment identifier and associated profile information, and using that information to recognize you at any Extensia-powered event — including events hosted by organizations other than the one where you first gave.
6.3 What We Record
When you opt in, Extensia records your consent, the date and time of enrollment, and the channel through which consent was obtained. These records are retained independently of any individual Subscriber relationship.
6.4 How to Opt Out
You may withdraw consent from Extensia’s recognition service at any time by contacting [email protected] with the subject line “Recognition Opt-Out” and providing your name and the email address or phone number associated with your profile. Upon verified opt-out, cross-organization recognition will be disabled for your account. Opting out does not affect giving records already completed.
Data Retention
The following table describes how long Extensia retains different categories of data. Retention periods reflect legal requirements, business necessity, and the data layer structure described in Section 5.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account and registration data | Duration of account + 7 years | Legal compliance, fraud prevention, tax |
| Transaction and donation records | 7 years from transaction date | IRS recordkeeping, state charity law, audit |
| Recognition-enrolled constituents | Perpetual (until opt-out) | Direct constituent consent; independent Controller basis |
| Non-enrolled constituent identifiers | Duration of Subscriber relationship + 30 days | Subscriber-scoped; deleted on Subscriber exit |
| Subscriber operational data | Duration of agreement + 30 days | 30-day export window post-termination |
| Aggregated / de-identified data | Perpetual | No personal data; analytics and platform improvement |
| SMS opt-in consent records | 7 years from opt-in or opt-out | TCPA compliance |
| Security and audit logs | 3 years | Security operations, legal hold |
| Closed account residual data | 7 years post-closure | Fraud prevention, legal compliance |
Security & Breach Notification
We implement administrative, technical, and physical security measures to protect against the loss, misuse, and alteration of your information, including encryption in transit and at rest, access controls, and secure storage environments. No method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
Breach Notification. In the event of a data security breach reasonably likely to result in risk to affected individuals, Extensia will notify affected Subscribers and, where required by applicable law, affected constituents, without undue delay and where feasible within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, the categories of data and individuals affected, and the steps Extensia is taking to address it.
To report a suspected security incident, contact: [email protected]
When We Disclose Your Information
We may disclose your information to non-affiliated third parties under the following circumstances. Text messaging originator opt-in data and consent is strictly excluded from all sharing and will never be shared with any third party under any circumstances.
Consent. We may disclose your information to third parties based on your consent or request.
Service Providers. We may share your information with third parties who perform services on our behalf, including payment processing, identity validation, marketing, customer support, data storage, and legal services.
Subscriber Organizations. When you donate to an Event or Campaign, we disclose only the information necessary to process your donation to the relevant Subscriber.
Legal Compliance and Protection. We may access, preserve, and disclose your information where required by law or in a good faith belief that doing so is reasonably necessary to comply with legal process, enforce our Terms or Policy, respond to third-party rights claims, respond to your customer service requests, or protect the rights, property, or safety of Extensia, its users, and the public.
Business Transfers. In connection with a merger, acquisition, or sale of assets, user information may be among the transferred assets.
Affiliates. We may share your information with our affiliates, who will be required to honor this Policy. Text messaging originator opt-in data and consent is excluded from affiliate sharing.
Analytics and Advertising
We may use third-party analytics services, including Google Analytics, to collect and analyze usage information and to engage in auditing, research, or reporting. We may also use third-party advertising technologies to deliver relevant content and advertising. Mobile phone numbers provided for SMS consent are excluded from any advertising targeting and will never be shared with advertisers.
You may opt out of interest-based advertising by visiting the Network Advertising Initiative’s Consumer Opt-Out or the Digital Advertising Alliance’s Consumer Opt-Out. To opt out of Google Analytics for display advertising, visit the Google Ads Settings page.
Do Not Sell / Do Not Share
Extensia does not sell personal information as defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Extensia does not share personal information for cross-context behavioral advertising purposes.
California residents have the right to opt out of the sale or sharing of their personal information. To exercise this right, contact [email protected] with the subject line “Do Not Sell My Information.” We will process your request within the timeframe required by applicable law.
Constituent Recognition. The use of payment identifiers to recognize constituents across Extensia-powered organizations is an operational feature of Extensia’s platform, performed for the direct benefit of the constituent and subject to affirmative opt-in consent under Section 6. It is not a sale or sharing of personal information for commercial or advertising purposes.
Do Not Track
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not recognize or respond to browser-initiated DNT signals, as the Internet industry has not established a common standard for DNT compliance.
Your Privacy Rights
You may access, update, or request deletion of your personal information by editing your user profile or contacting [email protected]. Upon your request, we will close your account and remove your profile information from view as soon as reasonably practicable. We may retain information from closed accounts as permitted by law for fraud prevention, legal compliance, dispute resolution, and related purposes.
13.1 U.S. State Privacy Rights
Depending on your state of residence, you may have the following rights under applicable state privacy law, including California (CCPA/CPRA), Virginia (CDPA), Colorado (CPA), Texas (TDPSA), and other states with comprehensive privacy statutes:
- Right to Know — what personal information we collect, use, and disclose about you;
- Right to Access — the specific personal information we hold about you;
- Right to Correct — inaccurate personal information we hold about you;
- Right to Delete — personal information we have collected, subject to legal exceptions;
- Right to Data Portability — your personal information in a portable format;
- Right to Opt Out — of the sale or sharing of your personal information (see Section 11);
- Right to Limit Sensitive Data Processing — to purposes necessary to provide the Services; and
- Right to Non-Discrimination — for exercising any of the above rights.
How to Exercise Your Rights. Contact [email protected] or write to Extensia, Inc., 2300 Lakeview Parkway, Suite 700, Alpharetta, GA 30009, Attention: Privacy Officer. We will verify your identity before processing your request and respond within the timeframe required by applicable law.
Authorized Agents. California residents may designate an authorized agent to submit privacy rights requests on their behalf. We may require verification of the agent’s authority.
13.2 California Residents
California law permits California residents to request information once per year about our disclosure of personal information to third parties for direct marketing purposes. To make such a request, email [email protected] with “Privacy Support” in the subject line or write to us at the address above, Attention: Privacy Officer.
Consent to Transfer
Our systems are based in North America. By using the Services, you consent to the transfer and processing of your information in the United States, which may not offer the same level of data protection as your country of residence.
International Transfers. To the extent we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to the United States or other jurisdictions, we do so pursuant to appropriate safeguards under applicable law, including Standard Contractual Clauses where required.
Children’s Privacy
Our Services are not designed for use by individuals under the age of 13 (or 16 in Europe). If you are under the applicable age, please do not use the Services or submit any information through the Services.
COPPA. Extensia does not knowingly collect personal information from children under the age of 13 without verifiable parental consent in compliance with the Children’s Online Privacy Protection Act. If you believe a child under 13 has provided personal information to us, contact [email protected] and we will delete that information to the extent required by law.
Payment Processors
Financial transactions relating to Extensia are handled by our payment services providers. We share transaction data with payment processors only to the extent necessary to process your payments, issue refunds, and resolve disputes.
Payment Identifiers. Extensia retains a unique payment identifier associated with your payment method for the purpose of providing its constituent recognition service (see Section 4). This identifier contains no cardholder data. Extensia does not store full card numbers, CVV codes, expiration dates, or magnetic stripe data. Extensia’s payment infrastructure is PCI-DSS compliant.
Our payment processors handle all payment data collection and processing through their own systems and under their own privacy policies. Contact [email protected] for questions about your personal data.
Amendments
Extensia may change this Policy from time to time as laws, regulations, industry standards, and our business evolve. We will post changes to this page. If we make changes that materially alter your privacy rights, we will provide additional notice via email or through the Services. Your continued use of the Services following notice of any update signifies acceptance of the updated Policy. Contact us if you wish to request removal of your personal data.
Third-Party Links
The Services may contain links to third-party websites and services. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy statements of any website that collects your information.
Contact Us
If you have questions about this Privacy Policy or your personal data, please contact us:
Extensia Privacy & Data
General Privacy: [email protected]
Recognition Opt-Out: [email protected] — subject line “Recognition Opt-Out”
Do Not Sell Requests: [email protected] — subject line “Do Not Sell My Information”
Data Deletion: [email protected]
Security Incidents: [email protected]
Mailing Address: Extensia, Inc., 2300 Lakeview Parkway, Suite 700, Alpharetta, GA 30009, Attention: Privacy Officer