Legal
Last updated: 19 June 2026
This policy explains what personal data EveryDrop collects, why, and the choices you have. It covers the EveryDrop mobile app and this website. EveryDrop is a Scottish Charitable Incorporated Organisation (SCIO), Scottish Charity No. SC055401, regulated by the Scottish Charity Regulator (OSCR), and the data controller for your information.
Questions or requests about your data? Email [email protected].
Account information. When you create an account we collect your email address and password (handled by our authentication provider), the display name you choose, and your selected avatar.
Your journey and giving activity. We store your progress through the journey (which days you've completed), the charities you've supported, donation amounts and dates, and the cards and badges you earn.
Reminders. If you turn on daily reminders, we store a notification token so we can send them. You can turn this off at any time in your device settings.
Diagnostics and usage. To keep the app working and improve it, we collect crash reports and basic, aggregated usage analytics (for example, which screens are used). This data is about how the app performs, not about identifying you personally.
Payment information. When live donations are enabled, card payments are processed by our payment provider (Stripe). Your card details are entered with and held by Stripe; EveryDrop does not receive or store your full card number. We keep a record of the donation (amount, charity, date) for accounting and Gift Aid purposes. During the current preview, donations are simulated and no money is taken.
Website. If you join our waitlist we store the email address you give us. Our website uses minimal, privacy-respecting analytics and does not use advertising cookies.
We use a small number of trusted providers who process data on our behalf:
We do not sell your personal data or share it with advertisers. We may disclose information if required by law or to protect the rights and safety of our users and the charity.
Some of our providers process data outside the UK (including in the United States). Where they do, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.
We keep your account and giving data for as long as your account is active. If you ask us to delete your account, we remove your personal data within a reasonable period, except where we must retain certain records (for example, donation and Gift Aid records) to meet legal obligations.
Under UK data protection law you have the right to access, correct, delete, or restrict the use of your personal data, to object to certain processing, and to data portability. To exercise any of these, email [email protected] and we'll respond within one month. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.
EveryDrop is not directed at children and is intended for users aged 16 and over. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
We use industry-standard measures — including encrypted connections and access controls — to protect your data. No system is perfectly secure, but we work to keep your information safe and will notify you and the regulator of any breach as required by law.
We'll update this page when our practices change and revise the "last updated" date above. Significant changes will be highlighted in the app or by email where appropriate.
EveryDrop SCIO (Scottish Charity No. SC055401)
Email: [email protected]