Privacy Policy

Last Updated: April 24, 2026

The Sapling Group (“The Sapling Group,” “we,” “our,” or “us”) respects your privacy and is committed to protecting the information you share with us. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, use our products, or otherwise interact with us.

This Privacy Policy applies to all websites, products, and services operated by The Sapling Group and its affiliates, including but not limited to Sapling CRM™, Orchid AI, Sapling Pay, and Canopy Fundraising, and any affiliated or connected entities (collectively, the “Services”).

If you do not agree with this Privacy Policy, please do not use the Services.

1. Information We Collect

1.1 Information You Provide Directly

When you visit our website, use our Services, or complete our forms (including pricing, onboarding, contact, demo request, or account registration forms), you may provide us with:

Personal information:

  • First name and last name
  • Role or title (e.g., Executive Director, Development Director, Board Member)
  • Email address
  • Phone number

Organization information:

  • Organization name
  • Organization address, city, state, and territory
  • Website URL
  • Organization type (nonprofit, foundation, political organization, other)
  • Mission statement

Tax and legal classification information:

  • IRS classification for nonprofits (e.g., 501(c)(3), 501(c)(4), church)
  • Foundation type (private, community, corporate, family)
  • Political committee type, candidacy information, and — if you voluntarily provide it — political orientation
  • Employer Identification Number (EIN)
  • NTEE sector or focus area classification

Financial information:

  • Total revenue amounts for specified periods
  • Number of months of prior financial data
  • Anticipated annual revenue or projection
  • Revenue verification method selected (Plaid, bank statements, IRS Form 990, self-reported)
  • Bank account information processed via Plaid (see Section 1.4 below)

Plan and preference information:

  • Selected billing cycle (monthly, quarterly, annual)
  • Email and AI credit pack selections
  • Founding Member program interest
  • Communication preferences

Communications content:

  • Information submitted through contact forms, support tickets, demo requests, inquiries, and correspondence with us
  • Content you submit to AI features such as Orchid AI (prompts, inputs, documents, or other content)

1.2 Automatically Collected Information

When you visit our website or use our Services, we may automatically collect:

  • IP address
  • Browser type and version
  • Device information (device type, operating system)
  • Pages visited and navigation patterns
  • Date and time of visits
  • Referring website or source
  • Form completion and abandonment patterns
  • Session identifiers

1.3 Derived or Calculated Information

In the course of providing the Services, we may calculate or derive information from the data you provide, including:

  • Annualized revenue (calculated from submitted partial-year revenue data using our tier-determination algorithm)
  • Recommended pricing tier and monthly price
  • Tier determination transparency data (method used, seasonal adjustment applied, cushion factor, and other inputs to the calculation) — retained for audit and customer service purposes
  • AI-generated content produced in response to your inputs

1.4 Bank Account Connection via Plaid

If you choose to verify your revenue by connecting a bank account, we use Plaid Inc. (“Plaid”) to facilitate the connection. When you connect through Plaid:

  • Plaid processes your banking credentials and financial data directly
  • The Sapling Group does not receive or store your banking login credentials
  • We receive only the aggregated revenue information needed to determine your pricing tier
  • Plaid’s collection and use of your information is governed by Plaid’s own Privacy Policy, available at plaid.com/legal
  • You may disconnect Plaid at any time through your account settings or by contacting us

2. Sensitive Information

Some of the information we collect may be considered “sensitive personal information” under applicable privacy laws such as the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act, and similar state laws. This may include:

  • Financial account information (when you connect a bank account via Plaid)
  • Tax identification information (EIN)
  • Political affiliation or committee information (if your organization is a political committee, candidate, or party, or if you voluntarily provide political orientation)

We collect this information only when you voluntarily provide it in response to our forms, and we use it solely for the purposes disclosed at the point of collection — primarily determining pricing, providing onboarding, verifying organizational information, and operating our Services.

We do not use sensitive information to infer characteristics about individuals, we do not sell sensitive information, and we do not share sensitive information with third parties for cross-contextual behavioral advertising or targeted advertising purposes.

If you are a California resident, you have the right to limit our use and disclosure of sensitive personal information. See Section 8 below for how to exercise this right.

3. How We Use Information

We may use the information we collect to:

  • Determine appropriate pricing tiers and generate pricing proposals
  • Verify revenue information and organizational eligibility
  • Provide, operate, maintain, and improve our Services
  • Process Founding Member and similar program applications
  • Respond to inquiries, demo requests, and support questions
  • Communicate with you about our products, onboarding, account setup, updates, and offerings
  • Process AI-assisted features (such as Orchid AI) you choose to use
  • Monitor and analyze website performance, usage patterns, and Service functionality
  • Detect, prevent, and respond to fraud, abuse, security incidents, and legal violations
  • Comply with legal obligations and enforce our Terms of Service

We do not use your information to make legally or similarly significant decisions about you through solely automated means without human review or the opportunity to request review.

4. AI-Assisted Features

Certain features of the Services, including Orchid AI, use artificial intelligence to generate, assist with, or analyze content. Where AI processes information you submit:

  • We use third-party AI model providers (which may include Anthropic, OpenAI, Google, and similar providers) under enterprise-level terms that, by default, do not train models on submitted data
  • We do not use your submitted content to train AI models without your explicit consent
  • AI-generated outputs are informational and should be reviewed before being relied upon
  • AI does not make final binding pricing or eligibility determinations — final decisions involving pricing, account eligibility, and related matters are reviewed and determined by The Sapling Group

You are responsible for the content you submit to AI features. Do not submit sensitive personal information that is not necessary for the service being provided (such as Social Security numbers or health records), or information about third parties that you do not have authority to share.

5. How We Share Information

We do not sell personal information to third parties.

We may share information in the following circumstances:

Service providers and subprocessors.

We share information with third parties that help us operate our business and provide the Services, including:

  • Hosting and cloud infrastructure providers
  • Email delivery providers
  • Analytics providers
  • AI model providers (for AI-assisted features)
  • Payment processors (for paid accounts and services)
  • Customer support and communications tools
  • Identity and revenue verification providers (such as Plaid)

A current list of material third-party subprocessors is available upon request and will be incorporated into our Data Processing Addendum for business customers.

Legal requirements.

We may disclose information when required by law, regulation, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, the safety of others, or to investigate fraud or respond to a government request.

Corporate transactions.

In connection with a merger, acquisition, reorganization, financing, or sale of assets, we may transfer information to the relevant parties as part of that transaction, subject to standard confidentiality protections.

With your consent.

We may share information in other circumstances with your explicit consent.

6. Cookies and Similar Technologies

Our website may use cookies and similar technologies to:

  • Remember your preferences
  • Understand how visitors interact with our website
  • Track form completion and user flows (for service improvement)
  • Analyze website traffic and performance
  • Enable essential functions like authentication

You may control cookies through your browser settings. Some functionality may not work properly if cookies are disabled.

7. Data Retention

We retain information for as long as reasonably necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention practices:

Data categoryRetention period
Active customer account dataDuration of the account, plus 90 days after closure for operational and legal purposes
Form submissions from prospects who did not convert18 months from submission, unless earlier deletion is requested
Financial and tax records7 years (to comply with applicable tax and accounting laws)
AI prompts and outputs13 months from creation
Automatically collected website analytics24 months from collection
Support tickets and correspondence3 years from last interaction
Backup and archival copiesUp to 90 days after deletion from primary systems

We may retain certain information longer where required by law, where necessary to resolve disputes, or to enforce our agreements. You may request deletion of your information as described in Section 8.

8. Your Privacy Rights

8.1 Universal Rights

Regardless of your location, you may contact us to exercise the following rights:

  • Access: request information about what personal information we have collected about you
  • Correction: request correction of inaccurate personal information
  • Deletion: request deletion of your personal information (subject to legal retention requirements)
  • Portability: request your personal information in a portable format
  • Opt out of marketing: unsubscribe from marketing communications

To exercise these rights, contact us at privacy@thesaplinggroup.com. We will respond within the timeframes required by applicable law (generally 45 days). We may need to verify your identity before processing your request.

8.2 California Residents (CCPA/CPRA)

California residents have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to correct inaccurate personal information
  • Right to delete personal information we have collected
  • Right to opt out of sale or sharing of personal information (we do not sell personal information or share it for cross-contextual behavioral advertising)
  • Right to limit use and disclosure of sensitive personal information to uses necessary to provide the Services
  • Right to non-discrimination for exercising your privacy rights

Sensitive personal information we collect: financial account information (via Plaid), EIN, and — where voluntarily provided — political affiliation information. We use this information only for the purposes described in Section 3 and do not use it to infer characteristics about you.

We do not offer financial incentives in exchange for personal information.

Authorized agents: you may designate an authorized agent to make requests on your behalf. We will require written proof of authorization and may verify your identity directly.

Notice of collection: This Privacy Policy serves as our notice at collection of personal information under the CCPA/CPRA.

To exercise California privacy rights, contact privacy@thesaplinggroup.com or call (602) 888-5802.

8.3 Colorado Residents (Colorado Privacy Act)

Colorado residents have the right to access, correct, delete, and obtain a portable copy of their personal data. You also have the right to opt out of (i) targeted advertising, (ii) sale of personal data, and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in any of these activities.

8.4 Connecticut Residents (Connecticut Data Privacy Act)

Connecticut residents have rights equivalent to those described for Colorado residents above, including access, correction, deletion, portability, and the right to opt out of targeted advertising, sale, and profiling.

8.5 Utah Residents (Utah Consumer Privacy Act)

Utah residents have the right to access, delete, and obtain a portable copy of their personal data, and the right to opt out of targeted advertising and sale of personal data.

8.6 Virginia Residents (Virginia Consumer Data Protection Act)

Virginia residents have rights equivalent to those described for Colorado residents above.

8.7 Appeals

If we decline to act on your privacy request, you may appeal our decision by contacting privacy@thesaplinggroup.com with “Privacy Appeal” in the subject line. We will respond to appeals within 60 days. If your appeal is denied, you may contact your state Attorney General.

8.8 EU/UK Residents (GDPR and UK GDPR)

If you are a resident of the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:

  • Right of access to your personal data
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right not to be subject to solely automated decision-making
  • Right to withdraw consent where processing is based on consent
  • Right to lodge a complaint with your local data protection authority

Legal basis for processing:We process personal data under the following legal bases: (i) performance of a contract (when providing Services you’ve requested); (ii) legitimate interests (for analytics, security, and business operations, balanced against your rights); (iii) consent (for optional features and marketing); and (iv) legal obligation (for tax, accounting, and regulatory compliance).

International transfers: Personal data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses and other appropriate safeguards where required by applicable law.

9. Data Security

We take reasonable administrative, technical, and physical steps to protect information submitted through our Services. These measures include encryption in transit, access controls, regular security reviews, and vendor security assessments. However, no method of transmission or electronic storage can be guaranteed to be completely secure.

If we become aware of a data security incident that affects your personal information, we will notify you as required by applicable law.

10. Children’s Privacy

Our Services are not directed to or intended for use by individuals under the age of 13 (or 16 in applicable jurisdictions). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it.

11. International Users

The Sapling Group is based in the United States. If you are accessing the Services from outside the United States, please note that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Services, you consent to such transfer, subject to applicable data protection laws.

12. Links to Other Websites

Our website may contain links to external websites that are not operated by The Sapling Group. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the “Last Updated” date at the top of this document and, where required, by direct notice to account holders. Your continued use of the Services after an update constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our privacy practices, contact us at:

The Sapling Group

Attention: Privacy

7014 E Camelback Rd, Suite B100a

C/O Sapling

Scottsdale, AZ 85251

Email: privacy@thesaplinggroup.com

Thanks for stopping by.
We know the mental load is real, and we’re so glad you’re here.