Bloomerang Privacy Policy
Effective March 26, 2026.
I. Introduction and Scope
This Privacy Policy outlines the protocols and legal foundations governing how Bloomerang utilizes and safeguards information collected in connection with our product offerings and professional services. It governs the collection of information directly obtained from: customers, vendors, job applicants, website visitors, and any other individual or entity with whom we maintain a direct relationship. This Policy generally excludes Bloomerang’s obligations pertaining to data entrusted to us by our customers since we act solely on behalf of our customers and at their instruction in most cases. However, Bloomerang acts as a data controller when it uses certain anonymized and aggregated information for its own internal business purposes as described below, and this Policy does govern our use of such data when aggregated and de-identified by Bloomerang. This Privacy Policy has been adopted to comply with applicable U.S. state, U.S. federal, and Canadian privacy laws, including, as applicable, the Personal Information Protection and Electronic Documents Act (PIPEDA). By utilizing our services or using our website, you confirm your acceptance of the collection, processing, and disclosure of your personal information as defined and governed by this Privacy Policy.
II. Information We Collect
We define “personal information” generally as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked to an identifiable individual or device. For the purposes of legal clarity, personal information, as defined herein, does not include publicly available, de-identified, or aggregated information.
We collect the following categories of information:
Identifiers: This includes data such as an individual’s name, postal address, online identifier, Internet Protocol address, email address, and account name.
Sensitive Personal Information: Due to the nature of professional services, this may encompass data such as financial account numbers, credit card numbers, debit card numbers, employment history, and identification numbers.
Internet or Similar Network Activity: This includes browsing history, search history, and information regarding a consumer’s interaction with a website or application.
We obtain this information from a variety of authorized sources including:
- Our merchants, partners, and clients. Directly via merchant applications, merchant statements and similar documents related to account set-ups or integrations. Indirectly via information collected to provide our services.
- Activity on our website (bloomerang.com). Such as registration for an event via form submission.
- Third parties that interact with us to help perform our services. Such as integrated service providers or processing platforms.
In addition, Bloomerang may create anonymized and aggregated data sets from the personal data collected our customers. We describe our purposes in creating such information in the sections that follow, along with the protections we provide, but note that anonymized and aggregated data is not considered personal data since it does not identify or relate to you or any individual.
III. How We Use Your Personal Information
We process your personal information to fulfill our contractual commitments and professional duties. This usage is based on legally defensible grounds, including the furtherance of our legitimate business interests. We utilize your personal information to:
Fulfill Contractual Obligations: To provide the specific information, product, or service for which the information was furnished, and to enforce rights arising from any entered contract, including billing and collection.
Maintain Business Operations: To improve and present the contents of our website, and to test, research, analyze, and develop our products. This includes the use of anonymized and aggregated data which we use to generate cross-platform benchmarks, identify general donor patterns, and improve the efficacy of our services.
Legal and Security Compliance: To protect the rights, property, or safety of Bloomerang, our partners, sponsor banks, or others. This also includes responding to law enforcement requests and complying with applicable law, court order, or governmental regulations.
Strategic Transactions: To evaluate or conduct corporate actions, such as a merger, divestiture, or transfer of assets, in which personal information held by Bloomerang is among the assets transferred.
IV. How We Share Your Personal Information
Disclosure of personal information is strictly executed for defined business purposes.
- Service Providers: We disclose personal information to third parties with whom we work. All such third parties are bound by executed contracts requiring them to maintain the security of the information and restricting its use solely to the completion of the contractual mandate.
- Legal Mandate: We will disclose personal information to a third party when required by law, regulation, search warrant, subpoena, or court order.
- Corporate Restructuring: In the event of a merger, divestiture, or transfer of assets, personal information will be disclosed or transferred to a third party to ensure the continuation of services.
We do not sell your personal information in exchange for money. However, we may allow certain third-party partners to collect information about you via cookies and similar technologies on our website for advertising and analytics purposes. Depending on your U.S. state of residence, this activity may be considered a “sale” or “sharing” of personal information. Where required by law, you may opt out of such activities by following the instructions in the “Cookies and Other Tracking Technologies” section below or by contacting us at the email address listed in the “Contact Information” section.
We define our role in data processing as follows: this Privacy Policy applies only to personal information that we collect and use in our own capacity, such as information about our customers, vendors, job applicants, and visitors to our websites. In these cases, we generally act as a “Data Controller” because we determine the purposes and means of processing. When we process personal information solely on behalf of our customers in connection with our services, we act as a “Data Processor” (or service provider) and our processing is governed by our contracts with those customers and applicable U.S. and Canadian privacy laws. In those situations, any requests or questions about your personal information should be directed to the relevant customer, as the Data Controller.
V. Cookies and Other Tracking Technologies
We deploy cookies, which are files potentially containing an anonymous unique identifier, along with beacons, tags, and scripts, to track and collect information and to enhance and analyze our service delivery. These technologies serve to enhance site navigation, analyze site usage, and assist in our marketing efforts.
You retain the ability to instruct your browser to refuse all cookies or indicate when a cookie is being sent. Note that opting out of optional cookies may preclude the use of certain portions of our Service.
Users can opt out of optional cookies via either of the following methods:
- Visit https://secure.qgiv.com/api/v1/internal-tools/manage_cookies
- Email us privacy-request@bloomerang.com
To opt out of all NextRoll Advertising Cookies:
Depending on where you reside in the United States or Canada, you may have the right under applicable privacy laws to opt out of certain types of cookies or online tracking, including those used for targeted advertising or certain analytics. You can exercise these rights, where applicable, by using the opt-out methods described above or any cookie or privacy controls we make available on our website.
VI. How We Use AI
Bloomerang is committed to rigorous principles governing the adoption and use of Artificial Intelligence (AI) tools, ensuring alignment with our professional and ethical standards:
Protection of Data Privacy & Security: All use of AI must adhere to Bloomerang’s comprehensive data privacy and security policies.
Compliance with Legal and Regulatory Requirements: AI deployment must comply with all applicable laws and regulations, including those concerning data privacy, intellectual property, and anti-discrimination, as well as the contractual requirements of our customers, partners, and vendors.
Fairness, Transparency, and Accountability: AI use must respect individual rights, including freedom from discrimination and the right to understand decision-making processes. Furthermore, efforts are undertaken to identify and mitigate potential biases in AI systems to avoid discriminatory outcomes and prevent the misuse of AI to create or disseminate deepfakes or misinformation.
Access to the AI tools utilized by Bloomerang is granted on a case-by-case basis, subject to approval by our dedicated AI committee.
AI Aggregated Platform Data: Certain AI-driven features within our platform, such as predictive propensity-to-give models, utilize pre-trained artificial intelligence models. We use anonymized and aggregated data to provide necessary context for the pre-trained models to generate enhanced insights on behalf of our customers, but we do not train, or allow our service providers to train, any generative AI or machine learning models using customer data or anonymized and aggregated data.
VII. Your Privacy Rights and Choices
Bloomerang is committed to compliance with comprehensive US state privacy laws and PIPEDA. Where we hold your personal data in our capacity as a Data Controller, you may exercise specific, legally afforded rights:
- Access: The right to access and receive a copy of the Personal Data we hold about you.
- Rectification: The right to correct any Personal Data held about you that is inaccurate.
- Deletion: The right to request the deletion of Personal Data held about you.
- Portability: The right to data portability, allowing you to obtain a copy of your Personal Data in a commonly used electronic format for transfer.
- Objection/Restriction: The right to object to our processing of personal data or restrict the way that we process and disclose certain information.
The specific rights that are available to you, and how you may exercise them, can vary depending on your U.S. state or Canadian province of residence. For example, residents of certain U.S. states, such as California, may have additional rights regarding the disclosure, correction, or deletion of personal information and the ability to opt out of certain types of processing, including targeted advertising.
We may require identity verification before responding to such requests. Should we be acting solely as a Data Processor (processing data on behalf of a controller), we are obligated to refer your request to the relevant Data Controller (determining the purposes and means of processing) for response.
Our services are not designed to be used by children under the age of 13, and we do not intentionally collect information of or about any minor. Some of our customers may collect information about children under the age of 13 in the course of their volunteer or fund-raising activities. We require all of our customers to comply with all privacy and data protection laws, including COPPA.
If you are a parent or legal guardian concerned that we may have collected information about your underage child, please contact us privacy-request@bloomerang.com , and we will promptly delete it. If you are concerned about information that may have been provided to us by one of our customers, please contact that customer directly. If any customer requests our help to delete personal data from our platform, we will provide all needed assistance.
You can help us maintain the accuracy of your personal information by notifying us of any changes to this information. You may contact Bloomerang to request access to or correction or update of your personal information:
E-mail: privacy-request@bloomerang.com
VIII. Data Security
Bloomerang maintains administrative, technical, and physical safeguards and makes all commercially reasonable efforts to ensure that personal information is protected against loss and unauthorized access.
Access to your personal information is strictly limited to selected employees or representatives who require the information to execute their defined job responsibilities, or to third parties subject to contractual confidentiality restrictions. We employ robust information security techniques to protect against loss and unauthorized access.
Visit trust.bloomerang.com and trust.qgiv.com for copies of SOC 2, PCI DSS, and other security and compliance resources.
If we become aware of a security incident that involves your personal information, we will take steps to investigate and, where required under applicable U.S. or Canadian law, notify you and any relevant authorities.
IX. Data Retention and Disposal
We retain personal information for the duration necessary to fulfill the purpose(s) for which it was collected and to ensure compliance with applicable legal statutes. Upon the conclusion of the necessary retention period, data is securely deleted. Records will be retained according to the schedule table below. Destruction follows the NIST 800-88 guidelines for media sanitization. Hard copy records must be cross-cut shredded.
| Records | Retention Period | Destruction |
|---|---|---|
| Contracts and other legal documents; Records subject to legal hold | Indefinite | Destroy |
| Confidential records | 7 years | Destroy |
| Internal-use only records | 2 years | Purge |
X. Links to Third-Party Sites
The Site may furnish links to other third-party websites for your convenience. Operators of linked websites may independently collect your personal information. Since Bloomerang does not control or bear responsibility for how such third parties collect, use, or disclose your personal information, it is incumbent upon you to familiarize yourself with their respective privacy policies, which may differ from ours, prior to providing them with your personal information.
XI. Changes to Privacy Policy
Bloomerang reserves the right to modify this Privacy Policy at any time. The Privacy Policy posted on this Site at any given time shall be deemed to be the Privacy Policy then in effect. When we make changes, we will update the “Last Updated” date at the top of this Privacy Policy, and, where required by applicable U.S. or Canadian law, we will provide additional notice or seek your consent.
XII. Contact Information
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under law, please do not hesitate to contact us at:
Phone: 888-855-9595