1. Who We Are
Pledge Now, Pay Later is operated by QuikCue Ltd, registered in England and Wales. We act as a data processor on behalf of charities (the data controllers) who use our platform to collect pledges.
2. What Data We Collect
From Charity Staff (Account Holders)
- Email address and name (for login)
- Organisation name and bank details (for payment instructions)
- Usage data (events created, pledges collected)
From Donors (Via Pledge Flow)
- Name (optional)
- Email address and/or mobile phone number
- Home address and postcode (only if Gift Aid is declared)
- Pledge amount and payment method preference
- Gift Aid declaration (timestamped)
- Communication consent (email, WhatsApp — separately recorded)
- IP address (for consent audit trail only)
3. How We Use Data
- Pledge tracking: Recording and displaying pledge status to the charity
- Payment reminders: Sending WhatsApp/email reminders (only with explicit consent)
- Bank reconciliation: Matching bank statement rows to pledges
- Gift Aid: Generating HMRC-compliant declarations for export
- Analytics: Funnel conversion tracking (aggregated, not individual)
We never sell, rent, or share donor data with third parties. We do not use donor data for marketing, profiling, or advertising.
4. Legal Basis (GDPR Article 6)
- Consent — for WhatsApp/email communications (separately recorded, never pre-ticked)
- Legitimate interest — for processing pledges on behalf of the charity
- Legal obligation — for Gift Aid record-keeping (HMRC requirements)
5. Consent Management
Every consent is recorded with:
- Exact text shown to the donor at the time of consent
- Timestamp of consent
- IP address
- Consent version identifier
Donors can withdraw consent at any time by replying STOP to any WhatsApp message, or by contacting the charity directly.
6. Data Storage & Security
- Data is stored in PostgreSQL databases hosted on UK/EU infrastructure
- All connections are encrypted in transit (TLS 1.3)
- Bank details are stored in the database (encrypted at rest planned)
- Access is restricted to authenticated users within their own organisation
7. Data Retention
- Pledge data is retained for as long as the organisation's account is active
- Gift Aid records are retained for 6 years (HMRC requirement)
- On account deletion, all data is permanently removed within 30 days
- Consent records are retained for audit purposes even after data deletion
8. Your Rights (GDPR)
Donors and charity staff have the right to:
- Access — request a copy of your data (CRM export)
- Rectification — correct inaccurate data
- Erasure — request deletion ("right to be forgotten")
- Portability — export data in CSV format
- Objection — object to processing
- Withdraw consent — at any time, without affecting prior processing
To exercise these rights, contact the charity directly or email us at privacy@quikcue.com
9. Cookies
We use only essential cookies for authentication (session cookies). No tracking cookies, no analytics cookies, no third-party cookies.
10. Third-Party Services
- GoCardless — for Direct Debit mandate processing (if enabled by charity)
- Stripe — for card payment processing (if enabled by charity — the charity connects their own Stripe account)
- OpenAI — for AI-powered features (amount suggestions, reminder copy). No donor PII is sent to OpenAI — only anonymised context.