Privacy Policy

ServiceReef, LLC ("ServiceReef," "we," "our," or "us") operates the website servicereef.com and is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share personal information, our adherence to the EU-U.S. Data Privacy Framework Principles and the Swiss-U.S. Data Privacy Framework Principles, and the rights and choices available to you regarding your data.

Updated Date: January 23, 2025

1. Overview of the EU-U.S. Data Privacy Framework Principles and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework Principles

ServiceReef complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ServiceReef has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. ServiceReef has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Responsibility for Processing and Onward Transfers

ServiceReef is responsible for the processing of personal data it receives under the Privacy Shield Frameworks and any subsequent transfers to third parties acting on its behalf. We adhere to the Privacy Shield Principles for all onward transfers of personal data, including onward transfer liability provisions.

Regulatory Oversight and Legal Disclosures

ServiceReef is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, ServiceReef may be required to disclose personal data to public authorities for lawful requests, including to meet national security or law enforcement requirements.

Commitment to Resolving Complaints

In compliance with the Privacy Shield Principles, ServiceReef commits to resolving complaints regarding our collection or use of your personal information. EU, Swiss, or UK individuals with inquiries or complaints should first contact us at:

Email: [email protected]

Binding Arbitration

Under certain conditions, as described in Annex I to the Privacy Shield Frameworks, individuals may invoke binding arbitration when other dispute resolution mechanisms have not provided resolution.

2. How We Collect Information

We collect personal information to provide, maintain, and improve our services. This section details the types of information we collect and how it is obtained.

2.1 Information That Account Owners Provide to Us About Themselves

When you sign up for the Services, we collect the following information to create and manage your account:

Contact Information: Name, email address, mailing address, or phone number.
Demographic Information: Age, education, and gender.
Billing Information: Credit card number, billing address, or payment details.
Unique Identifiers: Username, account number, or password.
IP Address.
Organizational Information: Company or organization name and address.

If you choose not to provide this information, we may not be able to offer the Services to you.

2.2 Information That Account Owners and Authorized Users Provide About Trip Participants and Donors

ServiceReef serves as a platform for managing service trips and fundraising activities. To utilize the platform effectively, account owners and their authorized users may provide the following information about trip participants, donors, or end users:

Contact Information: Name, email address, mailing address, or phone number.
Demographic Information: Age, education, and gender.
Billing Information: Credit card number, billing address, or donation amounts.
Unique Identifiers: Username, account number, or password.

ServiceReef treats this information as confidential and does not use it for purposes other than those specified by the account owner. Account owners are responsible for managing this data securely and responsibly.

2.3 Information That Trip Participants Provide About Themselves

Account owners, such as churches, educational institutions, or non-profit organizations, may ask trip participants to update personal information on the ServiceReef platform. At a minimum, participants must provide their First Name, Last Name, and Email Address. Additional information that may be collected includes:

Contact Information: Name, email address, mailing address, or phone number.
Demographic Information: Age, education, and gender.
Unique Identifiers: Username, account number, or password.

ServiceReef treats this information as confidential and does not use it for purposes other than those defined by the account owner.

2.4 Information That Donors Provide About Themselves

ServiceReef enables organizations to collect donations for tax-exempt religious and philanthropic activities. When making a donation through the platform, the following information may be collected:

Contact Information: Name, email address, mailing address, or phone number.
Billing Information: Credit card number, billing address, and transaction details.

Contact information is stored in the ServiceReef database for use by the account owner. Billing information is not stored by ServiceReef but is securely transmitted to the payment processor for transaction processing. ServiceReef considers donation data confidential and does not use it for any other purpose.

2.5 Information Collected Automatically

When you interact with our Services, we use cookies and similar technologies to collect the following information:

Location Data: Information about your geographical location.
Activity Data: Information about your usage of the website.
Device and Browser Information: Information about your device, browser type, and operating system.
Log Information: Internet Protocol (IP) addresses, referring/exit pages, and clickstream data.

These technologies help us understand how users interact with our platform, optimize performance, and improve our services.

We utilize third-party tools to analyze and enhance our platform:

Google Analytics: We use a tool called “Google Analytics” to collect some information we listed above about your use of the platform. We use the information we get from Google Analytics to improve the Services and to help you improve your Application. In order to collect this information, Google Analytics may set cookies on your browser or mobile device, or read cookies that are already there. Google Analytics may also receive information about you from apps you have downloaded, that partner with Google. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to the Services to another application which partners with Google, is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Please review those and see www.google.com/policies... for information about how Google uses the information provided to Google Analytics and how you can control the information provided to Google. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here.
RayGun: Tracks and logs unhandled errors to improve the platform's reliability. RayGun uses this information solely to provide technical support and platform optimization, without disclosing or revealing personal information. Learn more at RayGun Privacy Statement.

You can control cookies at the individual browser level, but disabling cookies may limit your ability to use certain features.

2.6 Information Shared with Payment Processors

ServiceReef works with trusted payment processors to process financial transactions securely. During the donation or payment process, we send the following information to the payment processor:

Contact Information: Name, email address, mailing address, or phone number.
Billing Information: Credit card number and billing address.

Our payment processors include:

Stripe: https://stripe.com/privacy
Pushpay: https://pushpay.com/legal-center/privacy/

Please review the policies of these payment processors for additional information on how they handle your data.

3. Use of Personal Information

To the extent EU data protection law applies to our processing of information about you, we act as the "data controller". To the extent EU data protection law applies to our processing of your customer or end user data, you serve as the "data controller" or "data processor" and we serve as the "data processor" or "data sub-processor".

We use personal information for the following purposes:

To provide, maintain, and improve our services.
To authenticate you, prevent fraud and abuse of our services.
To communicate with users about their accounts and services via email.
To process transactions and payments.
To comply with legal obligations or enforce our Terms of Service.
To perform research on trends to improve the platform and feature offerings.

The legal basis for these uses is in the performance of our contract with you. Any research is based our legitimate interest in the improvement and optimization of our service offerings and in ensuring the security of our services and we apply appropriate safeguards to protect your information.

4. Data Sharing

We share information with service providers, as required by law, and in connection with the protection and enforcement of our legal and contractual rights.

We may share your personal information:

With Service Providers: To assist in the operation of our services (e.g., payment processors, hosting providers).
For Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
With Your Consent: When you provide explicit consent for sharing.

With Service Providers

We share your information with third parties who provide services on our behalf to help with our business activities. This includes:

Payment processing,
Providing customer service,
Sending marketing communications (this does not include information about your customers),
Conducting research and analysis, and
Providing cloud computing infrastructure.

The legal basis for sharing this information is our legitimate interest in providing our Services efficiently, and we implement measures to safeguard your information.

We will never sell or share your participant or donor information with a third party.

With Public Authorities or Law Enforcement

In certain situations, ServiceReef may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law (such as to comply with a subpoena or other legal process), when we believe in good faith that disclosure is necessary to:

Protect our rights,
Address violations of our Terms of Service,
Protect your safety or the safety of others,
Investigate fraud,
Respond to a government request, or
Fulfill legal obligations imposed by authorities outside of the EU.

Additionally, if ServiceReef is involved in a merger, acquisition, sale of assets, bankruptcy, or liquidation proceeding, your information may be disclosed as part of that process.

The legal basis for these disclosures is our legitimate interest in protecting our legal rights and those of others, and compliance with legal obligations outside of the EU.

Prevent Fraud and Abuse of the Services

We will share information to prevent or detect fraud, address technical issues, or take action regarding abuse of the Services infrastructure.

The legal basis for this is our legitimate interest in maintaining the security of our Services.

Aggregated and De-Identified Information

We also process and share information in an aggregated, de-identified manner, where the information is shared as part of statistical reports and does not contain personal information.

5. Commitments

a. Notice and Choice

We provide clear notice about the purposes for which we collect and use personal information and offer individuals the opportunity to opt out of disclosures of their data to third parties or its use for a materially different purpose.

b. Accountability for Onward Transfers

If we transfer your personal information to third parties, we ensure that such parties provide the same level of protection as required under the Privacy Shield Principles.

c. Security

We take reasonable and appropriate measures to protect personal information from unauthorized access, disclosure, alteration, or destruction.

d. Data Integrity and Purpose Limitation

We process personal information only in ways compatible with the purposes for which it was collected or authorized by you.

e. Access

You have the right to access your personal information and request correction, amendment, or deletion if it is inaccurate or processed in violation of the Privacy Shield Principles.

f. Recourse, Enforcement, and Liability

We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). If you have any complaints regarding this Privacy Policy or our compliance with the Privacy Shield, please contact us using the information below. Unresolved privacy complaints under the Privacy Shield may be referred to a third-party dispute resolution provider at no cost to you.

6. Rights With Respect to Your Information

Upon request, ServiceReef will provide you with information about whether we hold any of your personal information. You may access, correct, obtain a copy of, or request deletion of your personal information by logging into your account or by contacting us at the contact information below. We will respond to your request within a reasonable timeframe. In certain circumstances, we may be required by law to retain your personal information or may need to retain your personal information in order to continue providing a service.

ServiceReef acknowledges that you have the right to access your personal information. ServiceReef has no direct relationship with your customers or end users whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to ServiceReef’s client (the data controller). If requested to remove data, we will respond within a reasonable timeframe. In certain circumstances, we may be required by law to retain your personal information, or we may need to retain your personal information to continue providing a service.

7. Data Retention

We may retain your information for as long as your account is active or as needed to provide you with services, comply with our legal obligations, resolve disputes, and enforce our agreements. In certain circumstances, we may be required by law to retain your personal information or may need to retain your personal information to continue providing a service.

Even if you delete your account, please note that deletion by our third-party providers may not be immediate, and the deleted information may persist in backup copies for a reasonable period of time

8. Third-Party Dispute Resolution

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ServiceReef commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Individuals with inquiries or complaints should first contact ServiceReef at:

Email: [email protected]

To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

9. FERPA

The Family Educational Rights and Privacy Act (FERPA) is a federal law in the United States that protects the privacy of student education records. FERPA grants parents and eligible students (those over 18 or attending postsecondary institutions) the right to:

Access their educational records,
Request corrections to inaccuracies, and
Control the disclosure of their information.

Schools are required to obtain written consent from students or their parents before releasing personally identifiable information, with certain exceptions, such as disclosure to school officials with legitimate educational interests or in response to legal requirements. FERPA ensures that educational records are kept confidential and handled responsibly.

To maintain FERPA compliance, ServiceReef recommends that schools obtain proper consent before providing student information to ServiceReef.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Updates will be posted on this page with a new effective date.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

12. Policy Regarding Children

The Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use the Services or provide any personal information to us. If you become aware that a child under 16 has provided us with personal information without parental consent, please contact us at [email protected].

If you are a California resident under the age of 18 and wish to remove publicly available content, please contact us at [email protected] with the subject line “California Eraser.”

In addition to the privacy policy for this community, see the Cause Machine Privacy Policy, the platform that powers this community.