twentythirtyfiveBack to home

Privacy policy

Last updated: February 9, 2026

1. Who we are

twentythirtyfive (“we”, “us”, “our”) operates an SMS fundraising platform. This privacy policy describes how we collect, use, store, and protect data when you use our service. We are the data controller for the personal data we process in connection with our platform.

2. Data we collect

We collect and process:

  • Account and organization data: name, email, address, phone numbers, charity or organization details, and similar information you provide when registering and managing your organization.
  • Contact data: phone numbers (E.164), names, and other contact details you upload or enter for your audiences, and records of consent and opt-out where applicable.
  • Message data: content of SMS messages sent and received through our platform, message metadata (e.g. time, direction), and delivery status.
  • Email data: when we send you or your contacts email (e.g. notifications), we process recipient addresses and message content for delivery.
  • Payment data: billing details and transaction information are processed by our payment provider; we do not store full payment card numbers.
  • Usage data: how you use the platform (e.g. log-in, feature use) and technical data such as IP address and browser information where relevant.

3. Service providers (sub-processors)

We use the following service providers to operate the platform. Each processes data on our behalf under our instructions and their own policies. Their processing is governed by our agreements with them and the links below.

  • Twilio — SMS messaging. Message content and phone numbers are processed by Twilio to send and receive texts. Privacy Notice, Sub-processors.
  • Resend — Email delivery (e.g. transactional and notification emails). Recipient email addresses and message content are processed by Resend. Privacy Policy, DPA.
  • Supabase — Database and authentication. Account, organization, contact, and message data are stored and processed by Supabase. Privacy Policy, DPA.
  • Stripe — Payment processing. Payment-related data (e.g. card metadata, billing details, transaction records) is processed by Stripe. We do not store full card numbers. Privacy Policy, Terms.
  • Vercel — Hosting and application infrastructure. Requests and application data may be processed and logged on Vercel’s infrastructure. Privacy Policy, DPA.

4. How we use your data

We use the data we collect to: provide and operate the platform; deliver and route SMS messages; manage your account, audiences, and contacts; process payments; provide support; improve the service; comply with legal obligations; and enforce our terms. We do not sell your personal data or your contacts’ data to third parties for marketing.

5. Data retention and security

We retain your data for as long as your account is active and as needed to provide the service, comply with law, and resolve disputes. We use reasonable technical and organizational measures to protect your data against unauthorized access, loss, or misuse.

6. Cookies and similar technologies

We may use cookies and similar technologies for authentication, session management, and essential operation of the platform. We do not use third-party advertising cookies.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal data, or to object to or restrict certain processing. To exercise these rights or to ask questions about our privacy practices, contact us at support@twentythirtyfive.ca. If you are in the EEA or UK, you may also have the right to lodge a complaint with a supervisory authority.

8. Changes and contact

We may update this policy from time to time. The “Last updated” date at the top will reflect the latest version. For privacy-related questions or requests, contact us at support@twentythirtyfive.ca.

← Return to home