Raise Privacy Policy

Effective Date: 01-01-2025
Last Updated: 06-13-2025

Raise is a software product developed and operated by Gravyty, a provider of AI-powered fundraising and engagement solutions for nonprofit and educational institutions. This Privacy Policy explains how we collect, use, store, and protect personal data when you use the Raise platform (“Raise” or “the Service”).

This policy supplements our company-wide Privacy and Data Protection Policy and reflects applicable laws and relevant API usage policies from Google, Microsoft, and other third-party providers.

1. Information We Collect

We collect personal data from users in the following ways:

  • Account and profile data: Name, email address, organization, title, preferences
  • CRM and donor data: Donor interactions, gifts, contact records
  • Email data: Synced from Gmail or Microsoft Outlook (with consent)
  • Enriched public data: From services like MixRank, iWave, or Yelp
  • Usage and technical data: Device type, browser, IP address, activity logs

2. Purpose of Processing

We use personal data to:

  • Deliver Raise features such as donor outreach, portfolio management, and reporting
  • Sync emails to improve relationship tracking
  • Provide personalized insights and AI-assisted content (optional)
  • Enrich donor profiles with publicly available data
  • Support customer service and troubleshooting
  • Comply with legal obligations

3. Lawful Basis for Processing

Depending on your jurisdiction, our processing is based on:

  • Your consent (e.g., when connecting Gmail or Outlook)
  • Contractual necessity (e.g., delivering Raise services)
  • Legitimate interest (e.g., product analytics, fraud prevention)
  • Legal compliance

4. Use of Google APIs

Raise integrates with Gmail via the Google Workspace APIs. We request access to the following scopes:

  • /auth/gmail.readonly
  • /auth/gmail.compose
  • /auth/gmail.modify
  • /auth/gmail.send

This data is used only to enable features that benefit you directly, such as email sending, interaction insights, and syncing relevant donor communication.

In accordance with the Google API Services User Data Policy, Raise:

  • Does not use Gmail data for advertising
  • Does not allow human access to Gmail content without your consent
  • Does not share Gmail data with third parties
  • Does not use Gmail data to train generalized AI/ML models
  • Encrypts all data in transit and at rest
  • Disables any external AI integration by default

5. Use of Microsoft APIs

Raise integrates with Microsoft APIs (including Microsoft Graph) to enable Outlook email and calendar syncing. All data access is performed via OAuth with user consent.

Raise:

  • Requests only necessary scopes to provide you with email tracking, syncing, and scheduling
  • Does not use Microsoft data for advertising or profiling
  • Does not share or resell Microsoft data
  • Does not use Microsoft data for generalized AI/ML training
  • Complies with the Microsoft API Terms of Use

6. Use of Artificial Intelligence

Raise uses artificial intelligence (AI) to support donor engagement and improve fundraising efficiency.

Internal AI Models (Enabled by Default)

  • Hosted entirely within Gravyty infrastructure
  • Used for content suggestions, donor prioritization, and engagement insights
  • Trained only on anonymized, aggregated platform data
  • Never trained on individual Gmail or Outlook content

External AI Integration (Optional, Admin-Enabled)

  • Disabled by default
  • Only enabled upon request by client/admin
  • Used for advanced content generation and personalization
  • If enabled, Raise may share limited user data (e.g., name, donor names, recent emails) to personalize drafts
  • No data is used for general-purpose model training or retained beyond the session unless contractually agreed

If enabled, Raise securely shares the following limited information with the external model to learn the user’s writing style:

  • The user’s name and organization
  • The names of donors the user has contacted via Raise
  • The content of the last five emails the user has sent to donors through Raise

This data is used only to personalize AI-generated drafts for that individual user. It is not used to train general-purpose models and is not retained beyond the session unless explicitly agreed upon by contract.

Users may request to have this feature enabled or revoked by contacting their platform administrator.

7. Third-Party Integrations

Raise uses the following third-party providers to enhance functionality:

ServicePurposeData Shared
SendGridSend email prompts to usersEmail addresses, message content
NylasSync Gmail/Outlook for donor communicationMessage metadata and content
OpenAIGenerate AI-based drafts (optional)Only if enabled by user
MixRankEnrich donor profiles with public dataEmail addresses
YelpProvide public business infoNo personal data
GratavidEmbed personalized thank-you videosVideo links, recipient email
TinyMCERich-text email editorNo personal data shared
IBM/WeatherDisplay local weather conditions (UX feature)Approximate location/IP
iWaveProspect research and donor enrichmentOnly if enabled by user

All services are bound by confidentiality agreements and data processing contracts where appropriate. No service is permitted to resell or reuse your data.

8. Data Subject Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request corrections or updates
  • Request deletion (“right to be forgotten”)
  • Object to or restrict processing
  • Export your data (data portability)

Gravyty reserves the right to make limited administrative changes to customer data (e.g., de-duplication, formatting corrections) where necessary to preserve system integrity. Clients will be notified in advance of any substantive data modification or delete unless pre-authorized.

To exercise these rights, email [email protected].

9. Data Retention

We retain data only for as long as necessary to fulfill the purposes outlined above or as required by applicable law. Users can request deletion at any time.

10. Data Security

We use strong encryption, access controls, and secure development practices to safeguard personal data. Only authorized personnel have access to sensitive data, and we regularly audit access controls and activity logs.

11. Data Transfers

Raise is hosted in geographically distinct regions to support compliance with various data residency and privacy requirements. By default, personal data is processed and stored in data centers located in the United States. However, we also maintain a Canadian-hosted instance of Raise, located in Toronto, Ontario, to meet the requirements of organizations subject to Canadian data protection laws such as PIPEDA or other provincial legislation.

If your organization requires data to be stored in Canada, we will ensure that your data is provisioned and managed exclusively through our Canadian instance. We maintain strict technical and organizational safeguards in both regions. Cross-border data transfers (where applicable) are governed by appropriate legal mechanisms, including Standard Contractual Clauses and equivalent protections.

12. Breach Notification

In case of a data breach, we will notify affected users and regulatory authorities as required under applicable laws. Our incident response plan includes rapid escalation, investigation, and remediation.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes to our practices, technology, or legal obligations. Material changes will be communicated via email or platform notice.

14. Contact Us

If you have questions or concerns about this policy or your data:

 Email: [email protected]
Mailing Address: 2033 6th Avenue, Suite 600, Seattle, WA 98121
Data Protection Officer: Richard Sadler, [email protected]

OSZAR »