PagePledge.
Sign in
legal fine print

Privacy Policy

Last updated: May 1, 2026

Overview

PagePledge ("we," "our," or "us") helps Canadian schools run read-a-thon fundraising campaigns. This Privacy Policy explains what information we collect, how we use it, and what choices you have.

Important context: the relationship between you, PagePledge, and your child's school.

When a school signs up for PagePledge, the school is the data controller — they decide what student information to upload and how to use the platform. PagePledge is the data processor — we provide the software and store the data on the school's behalf. This means:

  • Questions about why a student is on PagePledge should go to the school.
  • Questions about how PagePledge stores or handles data go to us.
  • To correct or delete a student's personal information, contact the school. They can make changes directly, or contact us if they need help.

What we collect

From schools and school staff:

  • School name, address, and contact information
  • Names, emails, and roles of school administrators and teachers who use PagePledge
  • Campaign settings (goals, dates, descriptions)
  • Student roster data that schools upload: first name, last name, classroom, and grade
  • Technical usage data (sign-in events, IP addresses, browser info) for security and troubleshooting

From parents who activate their child's profile:

  • Email address
  • Which student(s) you have activated
  • Reading minutes you log for your child
  • Technical usage data (sign-in events, IP addresses, browser info)

From donors:

  • Name, email address, and billing address
  • The amount donated and optional public message
  • Payment card information — handled entirely by Square; PagePledge never sees card numbers or stores them
  • Technical usage data

What we do NOT collect

  • We do not collect or store photos of children.
  • We do not collect student birthdays, home addresses, health information, or academic performance.
  • We do not sell data to anyone, ever.
  • We do not share data with advertisers, marketers, or data brokers.
  • We do not use student data to train AI or machine learning models.

How we use it

  • To operate the platform: display student pages, accept donations, log reading minutes, generate take-home sheets, run leaderboards.
  • To send transactional emails: donation receipts, magic-link sign-in emails, campaign status updates, daily or weekly digests (which you can unsubscribe from).
  • To keep the platform secure: rate limiting, fraud prevention, abuse detection.
  • To improve the product: aggregate, anonymous usage patterns (never individual students).

Legal basis for processing (PIPEDA)

We process personal information based on:

  • Consent — schools consent when they sign our Terms of Service; parents consent when they activate a student profile; donors consent when they make a donation.
  • Legitimate interests — operating and securing the platform in line with reasonable expectations.
  • Contract — fulfilling our service agreements with schools.

Who we share data with

We share data only with the service providers we need to operate PagePledge:

ProviderWhat they seeWhy
SquareDonation amounts, donor names, billing addresses, payment informationPayment processing
ResendRecipient email addresses and email contentsSending transactional emails
DigitalOceanAll application data (they host our servers and database in Toronto, Canada)Hosting and infrastructure

We sign data processing agreements with each of these providers. None of them are allowed to use your data for any purpose other than providing services to PagePledge.

Where data is stored

PagePledge's servers and database are hosted in Canada (or another region with comparable privacy protections, as offered by our hosting provider). We choose Canadian hosting whenever available.

Some of our service providers (e.g., Square, Resend) may process data in the United States. We rely on standard contractual clauses and their own privacy certifications for this transfer.

How long we keep data

  • Active school data: kept as long as the school's account is active.
  • Archived schools: data is kept for 2 years after the school is archived, then permanently deleted.
  • Rejected or abandoned school applications: deleted after 180 days.
  • Magic-link tokens: deleted within 7 days of use or expiry.
  • Donor records: kept as long as the donation exists (needed for refund and receipt purposes).
  • Audit logs: kept up to 90 days.

Your rights

Under PIPEDA (and, if you live in Quebec, Law 25), you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your information (subject to legal retention requirements)
  • Withdraw consent at any time
  • File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights:

  • Student information: contact your child's school first. They can make most changes directly.
  • Parent, teacher, or donor information: email us at privacy@pagepledge.com. We will respond within 30 days.

Children's privacy

PagePledge is designed for use by schools, which have existing permissions to collect basic student information (first name, last name, classroom, grade) as part of normal school operations. We never collect other information about students beyond what the school uploads.

We do not knowingly allow children under 13 to create their own PagePledge accounts. Student profiles are created by school staff; parents activate them using a code sent home by the school. Children do not sign in to PagePledge directly.

Quebec residents (Law 25)

If you live in Quebec, you have additional rights under Law 25:

  • The right to be informed about automated decision-making (PagePledge does not make any automated decisions about you).
  • The right to data portability.
  • The right to know our Privacy Officer's contact information: Jordan Yeo, privacy@pagepledge.com.

Security

  • Passwords are not used; authentication is via short-lived magic-link emails.
  • All data is transmitted over HTTPS.
  • Sensitive fields (access tokens, webhook keys) are encrypted at rest.
  • We limit staff access to production data to those who need it for support.
  • We log and monitor sign-in events for unusual patterns.

Changes to this policy

We will update this page if our practices change. Material changes will be announced via email to school administrators.

Contact

PagePledge
Email: privacy@pagepledge.com