Last updated: July 2026
This Privacy Policy explains how Menos Labs ("Menos Labs", "we", "us"), which provides the Monation service, collects, uses, and shares information when a nonprofit organization ("Customer") uses our donation widget and Campaign Pages, and when a donor gives through a Customer that uses Monation. Monation is a Menos Labs company; we intend to operate it through a wholly-owned subsidiary once that entity is formed. By using Monation you agree to the practices described here.
Monation is the donate button and the page around it. We do not hold, process, or route donation funds. Donations are handled by the Customer's own payment processor (for example Stripe or PayPal) or by a linked donation page, and go directly to the Customer. Because of this, we are not a party to the donation transaction and do not store donor card or bank numbers.
From Customers (nonprofit account holders):
From donors (people who give through a Customer):
From everyone: basic technical data such as IP address, browser type, and pages viewed, plus anything you submit through our contact, support, or research-feedback forms.
We do not sell personal information, and we do not use donor data for our own advertising.
We share information with vetted providers only as needed to run the service:
| Provider | Purpose |
|---|---|
| Stripe | Subscription billing and (where connected) donation processing |
| Cloudflare | Hosting, content delivery, database, and security |
| Resend | Transactional email delivery |
| ProPublica Nonprofit Explorer | Public EIN / 501(c)(3) verification |
We may also disclose information if required by law, to protect our rights or users' safety, or in connection with a merger or acquisition.
We use a small number of strictly necessary cookies, primarily a signed session cookie to keep you logged in. We do not use third-party advertising cookies. The embeddable widget stores only what it needs to function on the Customer's site.
Analytics. We provide Customers with first-party analytics about their own widget and Campaign Pages, including impressions, opens, donations, traffic sources, and conversion rates. This is measured on our own servers without cookies and without any third-party trackers (no Meta Pixel, no Google Analytics) placed on Customer or donor devices. To estimate unique visitors we use a daily-rotating, one-way hash derived from technical signals; it is not a persistent identifier and is not used to track individuals across sites or over time. Analytics hold aggregate counts and low-cardinality context (such as device type, referring domain, and country), not donor names or contact details.
We keep account and donor data for as long as the Customer's account is active and as needed to provide the service, then for a reasonable period to meet legal, tax, and accounting requirements. Sign-in codes expire within minutes. Customers can request deletion of their account data as described below.
Depending on where you live (for example under the EU/UK GDPR or the California CCPA/CPRA), you may have the right to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. Donors should direct requests to the nonprofit they gave to; where we act on a Customer's behalf, we will support that Customer in responding. To make a request to Monation directly, use the contact details below. We will not discriminate against you for exercising these rights.
We use industry-standard measures including encryption in transit, hashed session tokens, scoped access, and reputable infrastructure providers. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify affected parties as required if a breach occurs.
Monation is intended for organizations and adults. It is not directed to children under 13 (or the equivalent minimum age in your region), and we do not knowingly collect their personal information.
We are based in the United States and our providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards for cross-border transfers.
We may update this policy from time to time. When we make material changes we will update the "Last updated" date and, where appropriate, provide additional notice.
Questions about privacy or a data request? Reach us through our contact form. We will update this section with a dedicated privacy contact and mailing address before launch.