Privacy Policy

Last updated: March 2026

1. Who We Are

Start Us Ltd (“Start Us”, “we”, “our”, or “us”) is a company registered in England and Wales (Company No. 11566536), with its registered address at 20-22 Wenlock Road, London, N1 7GU.

We operate a fundraising campaign management software platform (“the Platform”) that helps campaign coordinators manage personal and community fundraisers, including beneficiary verification, fund disbursement, donor communications, and reporting.

This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our Platform and website at startus.app.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, and login credentials of campaign coordinators and administrators.
  • Beneficiary data: Name, contact details, and identity verification documents provided by campaign coordinators to verify beneficiary eligibility.
  • Donor data: Name, email address, and communication preferences of donors who opt in to receive campaign updates.
  • Transaction data: Records of funds received and disbursements made, including amounts, dates, and reference numbers.
  • Communications data: Messages sent through the Platform (including WhatsApp message logs where applicable, for audit purposes only).
  • Technical data: IP address, browser type, device information, and access logs collected automatically when you use the Platform.
  • Enquiry data: Name, email, and message content submitted via our contact form.

3. How We Use Your Data

We use personal data for the following purposes:

  • To provide, operate, and improve the Platform.
  • To verify beneficiary identities and maintain audit records as required by campaign coordinators.
  • To process and record fund disbursements and generate receipts.
  • To send authorised campaign updates and disbursement notifications to donors and beneficiaries (where opt-in consent has been obtained).
  • To comply with legal and regulatory obligations.
  • To respond to enquiries and provide customer support.
  • To maintain the security and integrity of the Platform.

4. Legal Basis for Processing

We process personal data on the following legal grounds under UK GDPR:

  • Contract performance: Processing necessary to provide the Platform to our users.
  • Legitimate interests: Fraud prevention, security, and improvement of our services.
  • Legal obligation: Compliance with applicable laws and regulations.
  • Consent: For marketing communications and optional features, where consent has been explicitly obtained and can be withdrawn at any time.

5. Data Sharing

We do not sell personal data. We may share data with:

  • Payment processors: Such as Stripe, for processing donor contributions in accordance with their own privacy policies.
  • Messaging providers: Including Meta (WhatsApp Business API) for sending authorised communications to opted-in recipients.
  • Cloud and hosting providers: For Platform infrastructure, under data processing agreements.
  • Regulatory authorities: Where required by law or a court order.

All third-party processors are contractually bound to process data only as instructed and in compliance with applicable data protection law.

6. WhatsApp Communications

Where campaign coordinators use our WhatsApp integration to communicate with donors or beneficiaries, all messages are sent via the official WhatsApp Business API provided by Meta Platforms, Inc. Recipients must have opted in to receive such messages. Message logs are retained solely for audit and compliance purposes and are not used for marketing to any third party.

Our WhatsApp communications are limited to:

  • Campaign updates and progress notifications to opted-in donors.
  • Disbursement confirmations and receipts for beneficiaries.
  • Administrative messages related to active campaign participation.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Transaction and disbursement records are retained for a minimum of 6 years in accordance with UK financial record-keeping requirements. Account data is deleted within 90 days of account closure upon request.

8. International Transfers

Some of our service providers are located outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO) or adequacy decisions.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) in certain circumstances.
  • Restriction of processing in certain circumstances.
  • Data portability where processing is based on consent or contract.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is consent-based.

To exercise any of these rights, please contact us at privacy@startus.app. We will respond within 30 days.

10. Cookies

Our website uses only essential cookies necessary for the Platform to function. We do not use advertising or tracking cookies. You can control cookie settings through your browser preferences.

11. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (HTTPS), access controls, and regular security reviews.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact and Complaints

For any questions about this Privacy Policy or how we handle your data, contact us at:

Start Us Ltd

20-22 Wenlock Road, London, N1 7GU

Email: privacy@startus.app

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.