Free Refund Policy Generator for Nonprofit — US Compliant

🇺🇸 Key US Requirements

The United States has a sectoral approach to data privacy — no single federal law covers all businesses, but multiple laws apply depending on your industry and the data you collect. Key federal laws include COPPA (children's data), HIPAA (health data), GLBA (financial data), and CAN-SPAM (email marketing). FTC enforcement can result in significant penalties for deceptive data practices.

• Privacy policy must accurately describe actual data practices (FTC Act Section 5)
• COPPA compliance required if your site knowingly collects data from children under 13
• CAN-SPAM compliance for all commercial email communications
• State laws may apply: California (CCPA), Virginia (VCDPA), Colorado (CPA), and others
• "CalOPPA" requires a privacy policy for any site accessible to California residents
• HIPAA Business Associate Agreements required if handling health data

Nonprofit — Specific Considerations

Nonprofits collect donor information — names, addresses, giving history, and payment details — which donors expect to be handled with particular care and discretion. Many donors specifically check that their data won't be sold to other charities or used for political purposes. Transparent data practices build the donor trust that nonprofits depend on.

Data typically collected by Nonprofit businesses: donor name and contact info, donation history, payment details, volunteer information, event registration data

• Donor data confidentiality commitment
• No-sell pledge for donor information
• Gift acknowledgment and tax receipt data
• Volunteer and event registration data
• Grant applicant data handling