What we collect, why we collect it, and what we do with it. Last updated January 2026.
This policy explains how NonProfitLists.com handles information about the people who visit our website and buy our dataset. The short version: we collect as little as possible, we don't sell it, and we don't track you around the internet.
When you browse the website, your browser transmits standard information — IP address, user agent, page visited, referring URL, and timestamp. This is ordinary server-log data that every website receives. We use it to understand which pages are popular and to identify technical problems.
Checkout is handled by PayPal. When you purchase, PayPal transmits your name, email, and payment confirmation to us — not your full card details. We store your email and transaction ID so we can resend your download if needed and reach you about your purchase.
If you send a message through the contact form or email us directly, we retain that message and your email address so we can reply. We do not add contact-form senders to any marketing list.
To deliver the product you purchased, to resolve support requests, to comply with our tax and accounting obligations, and to improve the website. We do not use this information for advertising targeting, and we do not sell or rent it.
We share information only with the service providers required to run the business: PayPal (payments), our email provider (delivery of receipts and support replies), and our hosting provider (serving the website). Each of these receives only what it needs for its function.
We may also disclose information if legally compelled — subpoena, court order, or similar lawful process — or to protect the rights, property, or safety of NonProfitLists.com or its users.
The website uses minimal cookies — primarily for remembering whether you've dismissed banners and for basic analytics. We do not use third-party ad-retargeting cookies. You can disable cookies in your browser without losing core functionality.
We use HTTPS throughout the site, store customer records on encrypted systems, and limit access to personal data to the people who need it. No online system is perfectly secure, but we apply industry-standard practices.
A note worth making explicit: the dataset we sell contains information about organizations, not private individuals. Records identify named contact persons in their professional capacity (Executive Director, Development Officer, etc.) using information they or their organizations have published in public IRS filings, state charity registrations, or official directories. It is comparable in scope and source to a professional business directory.
If you are a named contact at a nonprofit and want your record reviewed or removed, contact us with the organization name and the details that should be updated. We will respond within seven business days.
Depending on your jurisdiction, you may have the right to access, correct, or delete personal information we hold about you; to object to certain processing; or to lodge a complaint with a regulator. To exercise any of these rights, contact us via the contact page.
This website is not directed to children under 13, and we do not knowingly collect information from them. If you believe a child has provided us with information, contact us and we'll delete it.
We link to third-party sites (charitable organizations, source references, service providers). Once you click through, their privacy practices apply, not ours. Read the relevant policies before providing information to those sites.
We may update this policy as our practices or the law change. The current version is always at this URL with the last-updated date at the top.
Privacy questions or requests? Reach us through the contact page.