Legal & compliance
A customer-ready legal center for doGood. It covers SaaS terms, CRM data handling, privacy, usage analytics, AI-assisted features, donor data, security, exports, deletion, and nonprofit communication workflows.
Terms of Service
Terms of Service
The customer agreement for using doGood, including account authority, customer data ownership, acceptable use, AI-assisted features, integrations, payment basics, exports, and limitations.
Privacy Policy
Privacy Policy
How doGood collects, uses, protects, and handles account, CRM, donor, analytics, security, AI, and support data. Includes the no-sale/no-trade promise for customer and donor data.
Data Processing Addendum
Data Processing Addendum
Data-processing terms for customer-controlled CRM data, including controller/processor roles, confidentiality, incident notice, export, deletion, legal requests, and CRM compliance responsibilities.
Terms of Service
These Terms of Service govern access to and use of doGood, a donor relationship management platform operated by Do Good Labs. By creating an account, accepting an invitation, signing an order, or using the service, the customer agrees to these Terms on behalf of its organization.
doGood helps nonprofit and fundraising teams manage contacts, donor history, donations, outreach, follow-ups, imports, receipts, reporting, programs, files, AI-assisted workflows, and related CRM operations.
The person creating or administering an organization account represents that they are authorized to bind that organization. Customers are responsible for invited users, permission levels, account activity, imported data, and removing access when a user no longer needs it.
Customers own and control their organization data, including donor records, donation history, notes, files, imports, exports, emails, tasks, receipts, settings, reports, and CRM activity. Do Good Labs receives a limited right to host, process, transmit, secure, support, troubleshoot, maintain, and improve the service.
doGood is designed for separate organization accounts. Users may only access data for organizations where they have permission. Customers may not bypass access controls, access another organization's data, scrape the service, or misuse admin, import, export, integration, AI, or automation features.
Customers may not use the service for unlawful, deceptive, abusive, harassing, discriminatory, harmful, infringing, or security-compromising activity. Customers are responsible for donor communication consent, unsubscribe rules, tax receipt accuracy, fundraising compliance, data permissions, and use of any exported information.
AI summaries, suggested questions, donor story tools, email drafts, matching, transcription, nudges, and automation are assistive tools. Customers remain responsible for reviewing outputs, correcting mistakes, getting required consent, and making final decisions before saving records, sending communications, or issuing receipts.
The service may connect with third-party providers for hosting, database storage, payment processing, email, AI, file storage, analytics, imports, donor platforms, and other integrations. Those services are governed by their own terms, privacy policies, availability, and security practices.
Subscription fees, renewals, invoices, taxes, upgrades, downgrades, cancellations, and payment methods are handled through the billing tools connected to the customer account. Do Good Labs does not store full card numbers or CVV codes.
Do Good Labs may update, improve, limit, or discontinue features as the product evolves. We work to keep the service reliable, but it may be unavailable during maintenance, outages, security events, provider issues, or circumstances outside our control.
Do Good Labs may suspend or limit access for nonpayment, security risk, suspected abuse, legal requirements, or activity that could harm the service or other customers. Customers may cancel according to the applicable plan or order terms.
Customers can export key CRM records in common formats. After termination, Do Good Labs may retain data for a reasonable period for backups, audit history, legal compliance, dispute resolution, security, and fraud prevention before deletion or de-identification.
The CRM helps organize information, but it does not provide legal, tax, accounting, fundraising, investment, or compliance advice. Customers are responsible for their filings, receipts, donor permissions, and legal obligations.
The service is provided as a software tool and may not be error-free or uninterrupted. To the maximum extent permitted by law, Do Good Labs disclaims implied warranties and limits liability for indirect, incidental, consequential, special, punitive, lost-profit, lost-data, or business-interruption damages.
Customers are responsible for claims arising from their data, users, donor communications, imports, exports, tax receipts, fundraising activity, legal compliance, or misuse of the service, except to the extent caused by Do Good Labs' own unlawful conduct.
If a signed order, master services agreement, or enterprise agreement applies to a customer, that agreement controls where it conflicts with these online Terms. Otherwise, these Terms apply to the customer's use of the service.
Do Good Labs may update these Terms as the service evolves. Material changes will be communicated through the app, email, or other reasonable notice. Continued use after the effective date means the customer accepts the updated Terms.
Privacy Policy
The service collects information needed to run the CRM, including account details, organization settings, team roles, donor records, donation data, notes, files, attachments, interaction history, emails, imports, exports, receipt settings, integration settings, device details, IP address, cookies, logs, and usage events.
Information is used to provide the CRM, authenticate users, separate organization data, process billing, power imports and integrations, send service notices, troubleshoot issues, prevent abuse, monitor performance, maintain security, support customers, and honor customer configuration choices.
Do Good Labs collects product analytics about how the CRM is used, such as page views, feature usage, workflow completion, performance, errors, device/browser type, and general account activity. We use this to test the service, identify confusing areas, decide where to invest development effort, improve reliability, and make the product better for customers.
Do Good Labs does not sell, rent, or trade customer data or donor records. We do not share customer or donor data with data brokers, advertisers, or unrelated third parties for their own marketing. We share data only as needed to provide the service, comply with law, protect rights and security, complete business operations, or follow customer instructions.
Donor records are controlled by the customer organization. Privacy access, correction, deletion, communication opt-out, or donor-data questions should normally be directed to the nonprofit or organization that collected the donor relationship. Do Good Labs assists customers in responding when required.
Do Good Labs uses trusted providers for hosting, database storage, backups, payments, email delivery, analytics, security, AI features, support, file handling, and integrations. Providers receive only the access needed to perform their services and are expected to protect data appropriately.
The service uses reasonable safeguards such as encrypted connections, authenticated access, organization separation, role-based permissions, backups, monitoring, and administrative controls. No internet service can guarantee perfect security, and customers are responsible for strong passwords, user access, and safe handling of exports.
Authorized Do Good Labs personnel may access customer accounts or data when needed to provide support, investigate issues, improve reliability, protect security, comply with law, or maintain the service. Access is limited to people with a business need.
When a customer uses AI-assisted features, relevant CRM content may be processed to generate summaries, questions, drafts, recommendations, or other requested outputs. Customers should only use AI features with information they have permission to process and should review AI outputs before use.
Data is retained while needed to provide the service, maintain audit history, meet legal obligations, resolve disputes, prevent fraud, support backups, or follow customer instructions. Deleted data may remain in backups or logs for a limited period before routine deletion or de-identification.
The service uses cookies, local storage, logs, and similar technologies for login sessions, security, preferences, analytics, performance, and product improvement. These tools are not used to sell donor data or power third-party advertising profiles.
The CRM is not directed to children. Customers should avoid entering children's personal information, health information, financial account data, government IDs, or other sensitive information unless they have a lawful nonprofit purpose, required permissions, and appropriate safeguards.
Customers and users may contact Do Good Labs for privacy, security, data access, deletion, correction, billing, or support questions at support@dogoodlabs.com.
Data Processing & Security
doGood is built around separate organization accounts, controlled user access, clear audit trails, exportability, and responsible provider usage.
Tenant data separation
Role-based access
Audit logs
Encrypted transport
Backups and restore
Subprocessor controls
Incident notice
Data export and purge
Data Processing Addendum
For donor and organization records, the customer generally decides what data is collected, why it is collected, who may access it, and how it is used. Do Good Labs processes that data to provide the CRM according to customer configuration and instructions.
Do Good Labs acts as a processor, service provider, or similar role for customer-controlled CRM data, depending on the applicable privacy law. We do not use customer-controlled donor data for unrelated advertising, resale, or independent profiling.
Do Good Labs processes customer-controlled CRM data to provide, secure, support, maintain, troubleshoot, and improve the service; to follow customer configuration choices; and to comply with applicable law.
Do Good Labs uses reasonable technical and organizational safeguards, including encrypted connections, authenticated access, organization separation, role-based permissions, monitoring, backups, and administrative controls appropriate for a cloud CRM.
Customer data, donor data, account configuration, imports, files, and nonpublic CRM activity are treated as confidential. Do Good Labs personnel and service providers access it only for authorized business purposes.
Do Good Labs uses service providers for hosting, database storage, backups, payments, email delivery, analytics, security, AI features, support, file handling, and integrations. Providers are given access only as needed to perform their services.
If Do Good Labs determines that a security incident has affected customer data, it should notify affected customers without unreasonable delay, consistent with legal obligations, security needs, and available facts.
Do Good Labs will reasonably assist customers with data access, correction, deletion, export, security, and privacy requests related to customer-controlled CRM data when the request cannot be completed directly in the product.
Upon reasonable request or account termination, customers can export key CRM data. Do Good Labs may delete or de-identify customer data after the account ends, subject to backups, audit logs, legal obligations, security, and dispute-resolution needs.
Do Good Labs may disclose information when required by law, subpoena, court order, or government request, or when necessary to protect rights, safety, security, users, customers, or the service. When appropriate, customers should be notified unless prohibited by law.
CRM compliance notes
Customers are responsible for complying with email, SMS, telemarketing, fundraising, donor consent, unsubscribe, sender identity, and suppression-list laws. The CRM may provide tools, but customers decide what to send and to whom.
Receipt, acknowledgment, DAF, gift-in-kind, and tax-document tools are provided to help organize customer workflows. Customers are responsible for legal accuracy, required disclosures, jurisdiction rules, and professional review where needed.
Customers are responsible for the accuracy and lawfulness of imported data. Import matching, duplicate detection, pending changes, AI prompts, and undo tools are designed to help reduce mistakes, but customers must review important changes.
Current legal policies are linked from login, account setup, and the legal center. Material policy changes will be communicated through the app, email, or another reasonable notice method.
Customers may have obligations under state, federal, international, or sector-specific privacy laws depending on their donors, location, and activities. Do Good Labs can support product workflows, but customers remain responsible for their own legal compliance.
Customer responsibilities
doGood provides the software, security controls, and data-processing commitments. Each organization remains responsible for its own donor permissions, communication choices, receipt accuracy, imported data, staff access, and fundraising compliance.