Effective Date: January 16, 2026
Last Updated: January 16, 2026
Ovrture is a digital personalization platform designed exclusively for major donor engagement in nonprofit fundraising campaigns. We serve advancement teams at universities, healthcare systems, and cultural institutions by enabling personalized digital communications with donors and prospects throughout the philanthropic journey.
Our platform transforms traditional printed proposals and stewardship reports into dynamic, personalized digital experiences that integrate with your CRM data while providing engagement analytics that inform fundraising strategy.
Post Office Box 1139
State College, PA 16801
Email: contact@ovrture.com
Privacy Inquiries: contact@ovrture.com
Understanding Our Three-Party Relationship
Ovrture operates in a unique three-party environment:
- Your Institution (the Client): Universities, hospitals, museums, and other nonprofits that subscribe to Ovrture
- Your Donors and Prospects: Individuals who receive personalized digital experiences created by your institution through our platform
- Ovrture: The technology platform provider
Who controls donor data: Your institution maintains ownership and control of all donor data. Ovrture acts as a data processor, handling donor information only as directed by your institution and only for the purposes of delivering the platform services you’ve contracted.
This privacy policy explains:
- How we collect and use information about platform users (your advancement team members)
- How we process donor data on behalf of your institution
- What data Ovrture collects for platform operation and improvement
- Your rights as a platform user or as a donor viewing personalized content
Information We Collect
1. Platform User Information (Advancement Team Members)
When your institution’s advancement staff use the Ovrture platform, we collect:
Account and Authentication Data:
- Name, email address, and job title
- Institution name and department
- Login credentials and authentication information
- User role and permission levels
Platform Usage Data:
- Microsite creation and editing activity
- Content uploaded and templates used
- Frequency and patterns of platform access
- Feature usage and workflow patterns
Communications Data:
- Support requests and help desk interactions
- Training session participation
- Feedback and feature requests
2. Donor Data (Processed on Behalf of Your Institution)
When your institution creates personalized donor experiences through Ovrture, the platform processes donor information provided by your institution, which may include:
Donor Profile Information:
- Name and contact information
- Giving history and capacity indicators
- Areas of philanthropic interest
- Relationship to your institution (alumnus, parent, board member, grateful patient, etc.)
Engagement Data:
- When donors access their personalized microsites
- Which content sections they view and for how long
- Downloads, video views, and interactive element engagement
- Survey responses and feedback provided through the platform
CRM Integration Data:
- Data synchronized from your Blackbaud, Salesforce, or other CRM system
- Wealth screening information
- Solicitation stage and assigned fundraiser
- Gift proposals and stewardship communications
Important: Your institution determines what donor data is loaded into Ovrture. We process this data only as directed by your institution and according to your data processing agreement with us.
3. Information Collected Automatically (All Users)
Website Analytics:
- Browser type, device type, operating system
IP address (anonymized) - Pages visited on ovrture.com
- Traffic sources and referral sites
Platform Performance Data:
- Page load times and technical performance
- Error logs and system diagnostics
- Feature usage patterns (aggregated, not individual)
How We Use Information
Platform User Data
Service Delivery:
- Providing access to the Ovrture platform
- Authenticating users and managing permissions
- Processing your institution’s donor engagement campaigns
- Delivering platform updates and new features
Platform Improvement:
- Understanding how institutions use Ovrture
- Identifying opportunities for new features or enhancements
- Optimizing platform performance and user experience
- Developing best practices and training materials
Customer Support:
- Responding to support requests and technical issues
- Providing training and onboarding assistance
- Sharing platform updates and new capabilities
Compliance and Security:
- Detecting and preventing unauthorized access
- Investigating security incidents
- Meeting legal and regulatory obligations
Donor Data (On Behalf of Your Institution)
Ovrture processes donor data exclusively to deliver the services your institution has contracted:
Creating Personalized Experiences:
- Generating personalized donor microsites based on your content and their profile
- Dynamically displaying content relevant to each donor’s interests
- Personalizing proposals and stewardship communications
Engagement Analytics:
- Tracking when donors access their personalized sites
- Recording which content resonates with specific prospects
- Measuring time spent and interaction depth
- Generating reports for your advancement team
CRM Integration:
- Synchronizing donor data between your CRM and Ovrture
- Updating engagement metrics in your CRM system
- Maintaining data consistency across platforms
Important Limitation: Ovrture does not use donor data for any purpose beyond delivering services to your institution. We do not use donor data to market Ovrture to other institutions, share it with third parties, or aggregate it across multiple clients.
Third-Party Services and Subprocessors
To deliver the Ovrture platform, we work with carefully selected technology partners. These subprocessors may access platform or donor data only to the extent necessary for service delivery:
Cloud Infrastructure and Hosting:
- Amazon Web Services (AWS): Secure cloud hosting and data storage
- Primary data center: US East (Virginia) region
- SOC 2 Type II certified, HIPAA-compliant infrastructure
- Geographic redundancy with automated backup
- AWS Privacy Notice
Analytics and Performance:
- Google Analytics: Website traffic analysis (ovrture.com marketing site only, not used on donor microsites)
- Google Analytics Privacy Policy
- Anonymized visitor data for marketing site improvement
Platform performance monitoring for uptime and system health (internal tools only)
CRM Integrations:
- Blackbaud API: Integration with Raiser’s Edge NXT and other Blackbaud products
- Salesforce API: Integration with Salesforce Nonprofit Cloud
- Data flows are encrypted and limited to fields your institution authorizes
Email Delivery:
- Amazon Simple Email Service (SES): Transactional emails for password resets, platform notifications, and system alerts
- Used only for platform functionality
- Institution-initiated communications to donors are managed separately
- Amazon SES Privacy Notice
Authentication and Access Management:
- Okta: Secure user authentication, single sign-on (SSO), and multi-factor authentication (MFA)
- Enterprise-grade identity management
- Session management and access controls
- Okta Privacy Policy
Payment Processing:
- [Stripe, etc.]: Processing platform subscription payments (credit card data is never stored by Ovrture)
All subprocessors are contractually required to maintain security standards at least as stringent as those described in this policy and may use data only for specified purposes.
CRM Data Integration and Synchronization
How CRM Integration Works
Ovrture connects to your institution’s CRM system (Blackbaud Raiser’s Edge NXT, Salesforce Nonprofit Cloud, or other supported platforms) to:
Pull donor data into Ovrture:
- Constituent records for donors receiving personalized microsites
- Giving history and capacity indicators
- Relationship information and assigned fundraisers
- Custom fields your institution chooses to sync
Push engagement data back to your CRM:
- When donors access their personalized sites
- Which content they engage with
- Survey responses and feedback
- Microsite view counts and interaction metrics
Data Security in Integration
- Encrypted transmission: All data transfers use industry-standard encryption (TLS 1.2 or higher)
- API authentication: Secure OAuth tokens, never plain text passwords
- Scoped access: Ovrture accesses only the specific fields your institution authorizes
- Audit logging: All data synchronization events are logged for security review
Your Institution’s Control
Your institution determines:
- Which donor records are synchronized with Ovrture
- Which CRM fields Ovrture can access
- When synchronization occurs (real-time, daily, manual)
- Which engagement data flows back to your CRM
You can disconnect CRM integration at any time through platform settings or by contacting Ovrture support.
Donor Privacy and Engagement Tracking
What Donors Experience
When your institution creates a personalized microsite for a donor through Ovrture:
Access and Authentication:
- Donors receive a unique URL and passcode from your institution
- Each microsite is password-protected and accessible only to the intended recipient
- No account creation or login required for donors
What We Track:
- When the donor accesses their personalized site
- Which pages or content sections they view
- How long they spend on each section
- What files they download
- Survey responses they choose to provide
What We Don’t Track:
- Personal information beyond what your institution provides
- Donor activity on other websites
- Precise geographic location (we collect city/region level only)
- Device identifiers or fingerprinting
Donor Rights and Choices
Donors viewing personalized microsites can:
- Contact their institution to request removal of their microsite
- Decline to access personalized content sent to them
- Request information about what data their institution has shared with Ovrture
- Submit feedback through platform survey tools (optional)
Donors should contact your institution (not Ovrture) to:
- Update their contact preferences
- Correct inaccurate information in their profile
- Opt out of receiving personalized communications
- Request deletion of their data from the CRM system
Ovrture processes donor data on behalf of institutions. Your institution remains the data controller responsible for respecting donor privacy preferences and rights.
Data Security
Platform Security Measures
We implement comprehensive security controls to protect both platform user and donor data:
Infrastructure Security:
- SOC 2 Type II certified cloud hosting
- Data encryption at rest (AES-256) and in transit (TLS 1.2+)
- Regular security audits and penetration testing
- Distributed denial-of-service (DDoS) protection
- Automated backup systems with geographic redundancy
Access Controls:
- Multi-factor authentication (MFA) for platform users
- Role-based access controls (RBAC) limiting data access by job function
- Unique password-protected URLs for each donor microsite
- Session management and automatic timeout
- Audit logging of all data access events
Application Security:
- Regular security patches and updates
- Code review and vulnerability scanning
- Web application firewall (WAF) protection
- Input validation to prevent injection attacks
- Content Security Policy (CSP) headers
Operational Security:
- Employee background checks and security training
- Confidentiality agreements for all staff and contractors
- Least-privilege access principles (staff access only what’s needed for their role)
- Incident response plan and breach notification procedures
Security Incident Response
In the event of a data breach affecting personal information:
- Immediate containment: We will take immediate steps to identify and contain the incident
- Notification: We will notify affected institutions within 72 hours
- Regulatory compliance: We will assist institutions in meeting notification requirements under GDPR, CCPA, and other applicable laws
- Remediation: We will implement corrective measures to prevent recurrence
Data Retention
Platform User Data
Active Institutions:
Account information and platform usage data are retained for the duration of your institution’s subscription plus 90 days to facilitate renewal or transition.
Cancelled Accounts:
Within 90 days of subscription cancellation, we will:
- Delete all donor data and personalized microsites
- Archive platform usage analytics (anonymized) for service improvement
- Retain account information (institution name, contact) for legal and financial records (7 years)
Donor Data and Microsites
During Active Campaigns:
Donor data and personalized microsites are retained as long as your institution maintains an active Ovrture subscription and chooses to keep specific donor sites live.
After Campaign Completion:
Your institution determines microsite retention. Options include:
- Archive microsites (accessible for historical reference)
- Delete specific donor microsites
- Export donor data before cancellation
- Maintain ongoing stewardship infrastructure
When Institutions Cancel:
Upon subscription cancellation:
- All donor microsites are deactivated within 24 hours
- Donor data is deleted within 90 days unless institution requests export
- CRM synchronization is immediately terminated
- Institution receives final data export if requested during 90-day transition period
Engagement Analytics
Donor engagement data (who viewed what content, when, for how long) is retained:
- In active form while microsites are live
- In aggregated, anonymized form for platform improvement (indefinitely)
- In identifiable form for 36 months after microsite deactivation (to support institution’s fundraising strategy)
Institutions can request deletion of specific donor engagement data at any time.
Your Privacy Rights
For Platform Users (Advancement Team Members)
As an authorized user of the Ovrture platform at your institution, you have the right to:
- Access the personal data we hold about you as a platform user
- Correct inaccurate information in your user profile
- Delete your account (with your institution’s authorization)
- Export your usage data
- Opt out of non-essential communications from Ovrture
To exercise these rights, contact your institution’s Ovrture administrator or email contact@ovrture.com.
For Donors Viewing Personalized Microsites
As a donor or prospect viewing personalized content through Ovrture:
Important: Ovrture processes your data on behalf of the institution that created your personalized microsite. Your institution is the data controller responsible for your information.
Your rights include:
- Access: Request what information your institution has provided to Ovrture about you
- Correction: Request that your institution correct inaccurate data
- Deletion: Request removal of your personalized microsite and associated data
- Opt-out: Decline to access personalized communications sent by your institution
To exercise these rights: Contact the institution that sent you the personalized microsite. They can be identified by the sender of your access email and the branding on your personalized site.
If you cannot reach your institution: Email contact@ovrture.com and we will assist in connecting you with the appropriate institutional contact.
Additional Rights for EU Residents (GDPR)
Under the General Data Protection Regulation (GDPR), if you are located in the European Union, you have additional rights:
- Right to data portability (receive your data in machine-readable format)
- Right to restrict processing
- Right to object to processing based on legitimate interests
- Right to withdraw consent
- Right to lodge a complaint with your supervisory authority
Additional Rights for California Residents (CCPA)
Under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected, used, and shared
- Right to delete personal information (subject to legal exceptions)
- Right to opt-out of “sale” of personal information (Note: Ovrture does not sell personal data)
- Right to non-discrimination for exercising privacy rights
For platform users (institution staff): Contact contact@ovrture.com
For donors: Contact the institution that sent you personalized content
Compliance with Privacy Regulations
GDPR Compliance (European Union)
For institutions with EU donors or staff located in the EU:
Legal Basis for Processing:
- Platform users: Contract performance (your institution’s subscription agreement)
- Donor data: Legitimate interests (your institution’s donor relationship management)
Data Processing Agreement (DPA):
All institutional clients receive a GDPR-compliant Data Processing Agreement specifying:
- Ovrture’s obligations as data processor
- Your institution’s rights as data controller
- Subprocessor arrangements
- Data breach notification procedures
- Cross-border data transfer mechanisms (Standard Contractual Clauses)
International Data Transfers:
Ovrture is based in the United States. For EU institutions or donors, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission for international data transfers.
CCPA Compliance (California)
Ovrture’s Role:
Under CCPA, Ovrture is a “service provider” processing personal information on behalf of institutional clients. We:
- Process California resident data only as directed by institutions
- Do not sell personal information
- Do not retain, use, or disclose personal information for any purpose other than platform service delivery
- Assist institutions in responding to CCPA requests from their donors
- HIPAA Considerations (Healthcare Institutions)
- For healthcare system clients:
Some healthcare institutions use Ovrture to engage grateful patients and healthcare donors. When donor communications may contain protected health information (PHI):
- For healthcare system clients:
- Business Associate Agreement (BAA): Healthcare clients receive HIPAA-compliant BAAs
- PHI Safeguards: Enhanced security controls for healthcare donor data
- Access Controls: Strict limits on who can access healthcare donor information
- Breach Notification: HIPAA-compliant incident response procedures
Standard Ovrture usage (non-patient donor engagement) does not typically involve PHI and is not subject to HIPAA.
FERPA Considerations (Education Institutions)
For higher education clients:
While Ovrture is used for donor and alumni engagement (not student records management), some institutions may include education records in donor profiles:
- We do not automatically access FERPA-protected student records
- Institutions are responsible for determining what alumni/student information can be included in Ovrture
- Enhanced access controls are available for education records if needed
Cookies and Tracking Technologies
Ovrture.com Website (Marketing Site)
Our public-facing website (ovrture.com) uses cookies for:
Essential Cookies:
Session management for demo requests
Remembering form inputs to prevent data loss
Analytics Cookies:
- Google Analytics for understanding website traffic
- Platform feature usage tracking (aggregated)
- Ovrture Platform (Application)
The Ovrture platform application uses:
Authentication Cookies:
- Maintaining secure login sessions for platform users
- Multi-factor authentication token management
Functional Cookies:
- Saving your platform preferences (default views, layout settings)
- Remembering recently accessed microsites or templates
Analytics Cookies:
- Platform usage analytics to improve user experience
- Feature adoption tracking (aggregated across institutions)
- Donor Microsites
Personalized donor microsites use minimal tracking:
Engagement Tracking:
- Session cookies to measure time spent on site
- Content interaction tracking (which sections viewed, downloads)
- Analytics cookies for generating engagement reports
No Third-Party Advertising:
Donor microsites contain no third-party advertising cookies or marketing pixels. Tracking is limited to what’s necessary for engagement analytics your institution receives.
Managing Cookies
Platform users can manage cookies through:
- Browser settings (block or delete cookies)
- Platform preferences (customize analytics participation)
Donors viewing microsites:
Engagement tracking is essential for platform functionality (without it, institutions receive no analytics). However, tracking is limited to the specific microsite and does not follow donors to other websites.
Data Sharing and Disclosure
We Share Data Only in These Specific Circumstances:
1. With Your Institution (Data Flows Back)
All donor engagement data flows back to your institution through:
- Platform dashboard and analytics reports
- CRM synchronization (if enabled)
- Exported reports and data downloads
2. With Subprocessors (Service Delivery Only)
We share limited data with subprocessors listed in the “Third-Party Services” section, and only to the extent necessary for:
- Cloud hosting and data storage
- CRM integration functionality
- Platform authentication and security
- Email delivery for platform notifications
3. For Legal Compliance
We may disclose information if required by:
- Valid legal process (subpoena, court order)
- Law enforcement investigations
- Protection of Ovrture’s legal rights
- Emergency circumstances threatening health or safety
4. In Business Transitions
If Ovrture is acquired or merged with another company:
Institutional clients will be notified in advance
Successor company will honor existing privacy commitments
Institutions have the option to terminate and export data before transition
We Never:
❌ Sell or rent donor data to third parties
❌ Use donor data from one institution to benefit another institution
❌ Share donor data with fundraising consultants, wealth screening vendors, or other nonprofits
❌ Aggregate donor data across institutions for benchmarking without explicit consent
❌ Use donor information for Ovrture marketing purposes
Data Security and Protection
Enterprise-Grade Security Standards
Ovrture maintains security controls appropriate for handling sensitive donor information:
Certifications and Compliance:
- SOC 2 Type II audit (annual)
- GDPR-compliant data processing
- CCPA service provider obligations
- HIPAA Business Associate Agreements available
Infrastructure Security:
- Data encrypted at rest (AES-256)
- Data encrypted in transit (TLS 1.3)
- Geographic redundancy and backup (daily, retained 30 days)
- 99.5% uptime SLA with disaster recovery plan
Access Security:
- Multi-factor authentication (MFA) required for platform users
- Role-based access controls (institution admins control user permissions)
- IP whitelisting available for enterprise clients
- Password-protected individual donor microsites
- Automatic session timeout after 30 minutes of inactivity
Application Security:
- Regular penetration testing (quarterly)
- Vulnerability scanning (continuous)
- Security code reviews for all releases
- Web Application Firewall (WAF) protection
- DDoS mitigation
Operational Security:
- Employee security training and background checks
- Principle of least privilege (staff access only what’s needed)
- Separate production and development environments
- Change management and approval processes
- 24/7 security monitoring and incident response
- Donor Microsite Security
Each personalized donor microsite includes:
- Unique URL: Difficult-to-guess URL for each donor
- Passcode Protection: Institution-set passcode required for access
- Expiration Options: Institutions can set expiration dates for time-sensitive content
- Access Logging: Record of when donor accessed site (visible to institution)
- No Indexing: Microsites are not indexed by search engines (robots.txt exclusion)
Data Protection for International Institutions
Data Residency and Transfers
Primary Data Storage:
All Ovrture platform and donor data is stored on Amazon Web Services (AWS) infrastructure in the US East (Virginia) region. This provides:
- Low-latency access for North American institutions
- HIPAA-compliant hosting infrastructure
- SOC 2 Type II certified data centers
- Automatic backup and geographic redundancy within the United States
For International Clients:
European Union Institutions:
- Standard Contractual Clauses (SCCs) in place for EU-US data transfers
- Data Processing Addendum (DPA) included with subscription agreement
- Option to restrict data processing to EU-based servers (enterprise plan only)
Canadian Institutions:
- Compliance with PIPEDA (Personal Information Protection and Electronic Documents Act)
- Cross-border data transfer agreements
Australian Institutions:
- Compliance with Privacy Act 1988 and Australian Privacy Principles (APPs)
Other Regions:
We work with institutions globally and can accommodate region-specific data residency requirements for enterprise subscriptions. Contact contact@ovrture.com to discuss your needs.
Institutional Client Responsibilities
Your Institution’s Data Controller Obligations
When your institution uses Ovrture, you remain responsible for:
Donor Consent and Privacy:
- Obtaining appropriate consent for donor data processing
- Ensuring donor privacy notices cover use of platforms like Ovrture
- Honoring donor opt-out requests and privacy preferences
- Maintaining compliance with applicable regulations (GDPR, CCPA, etc.)
Data Accuracy:
- Ensuring donor data provided to Ovrture is accurate and current
- Correcting errors in donor profiles
- Removing deceased individuals or those who request deletion
Appropriate Use:
- Using Ovrture only for legitimate donor engagement purposes
- Not uploading data unrelated to fundraising (student records, patient medical info, etc.)
- Complying with your institution’s own privacy policies and donor agreements
Data Security:
- Managing platform user access appropriately (onboarding/offboarding staff)
- Protecting login credentials and passcodes
- Monitoring for unauthorized access to your institution’s account
- Reporting suspected security incidents to Ovrture supporg
What Ovrture Provides to Support Compliance
To help institutions meet their obligations, we provide:
- Data Processing Agreement (DPA) templates
- BAA for HIPAA-covered entities
- Data export capabilities (at any time)
- Audit logs and access reports
- Privacy policy templates for institutional donor communications
- Platform training on privacy and security best practices
Children's Privacy
Ovrture is designed for major donor engagement with philanthropically-capable individuals, typically adults with significant giving capacity. Our platform is not directed to individuals under the age of 18.
We do not knowingly collect personal information about minors. If you believe a minor’s information has been uploaded to Ovrture:
- For institutions: Remove the record immediately through platform controls
- For parents/guardians: Contact the institution that created the microsite or email contact@ovrture.com
We will promptly assist in removing any minor’s data from the platform.
Changes to This Privacy Policy
How We Communicate Changes
For minor updates (clarifications, additional examples):
- Updated “Last Updated” date at top of policy
- Changes visible through standard policy review
For material changes (new data uses, third-party services, rights):
- Email notification to institution administrators
- 30-day notice period before changes take effect
- Changelog posted on this page highlighting modifications
For significant changes affecting donor data processing:
- Direct notification to all institutional clients
- Option to object or terminate service before changes take effect
- Assistance with data export if terminating
Version History
Date – January 16, 2026
Changes – Complete privacy policy revision
Reason – Comprehensive update for AEO optimization, enhanced regulatory compliance, clearer three-party relationship explanation
Privacy Policy FAQ
Who is Ovrture and what does the platform do?
Ovrture is a digital personalization platform exclusively for nonprofit major donor engagement. We help universities, healthcare systems, and cultural institutions create personalized digital experiences for their top donor prospects and existing supporters. Instead of printed proposals and stewardship reports, advancement teams use Ovrture to create password-protected, personalized microsites tailored to each donor’s interests, giving history, and relationship with the institution.
What is the relationship between Ovrture, my institution, and my donors?
Ovrture operates in a three-party relationship. Your institution subscribes to Ovrture and controls all donor data decisions—what information is shared, which donors receive personalized sites, and when microsites are created or deleted. Ovrture processes donor data only as your institution directs, functioning as a data processor (not a data controller). Donors view personalized content created by your institution through our platform but have no direct relationship with Ovrture. All privacy requests from donors should be directed to your institution.
What donor information does Ovrture collect and process?
Ovrture processes only the donor information your institution chooses to provide, which typically includes donor names, contact information, giving history, areas of philanthropic interest, and relationship to your institution. We also track donor engagement with personalized microsites (when accessed, which content viewed, time spent, downloads) to provide analytics back to your institution. We do not collect additional information about donors beyond what your institution provides and what donors generate through platform interaction.
How does Ovrture integrate with our CRM system?
Ovrture connects to your CRM (Blackbaud, Salesforce, or other supported systems) through secure API integrations using encrypted connections and OAuth authentication. You control exactly which donor records sync to Ovrture and which fields are accessible. The integration is bi-directional: donor profile data flows into Ovrture to power personalization, and engagement analytics flow back to your CRM to inform fundraising strategy. You can disconnect CRM integration at any time without losing manually uploaded content.
Is donor data secure on the Ovrture platform?
Yes. Ovrture maintains SOC 2 Type II certification and implements enterprise-grade security controls including data encryption at rest and in transit, multi-factor authentication for platform users, password-protected individual donor microsites, regular security audits and penetration testing, and 24/7 security monitoring. Each personalized donor microsite is accessible only through a unique URL and institution-set passcode, is not indexed by search engines, and includes access logging visible to your institution. We maintain HIPAA Business Associate Agreements for healthcare institutions and GDPR-compliant Data Processing Agreements for all clients.
What happens to donor data if we cancel our Ovrture subscription?
Upon subscription cancellation, all donor microsites are immediately deactivated. Within 90 days, all donor data is permanently deleted from Ovrture systems unless you request a data export during this transition period. We provide complete data export capabilities including donor profiles, engagement analytics, and all content uploaded to the platform. CRM synchronization is terminated immediately upon cancellation. This 90-day transition period ensures you have adequate time to export data and transition to alternative systems if needed.
Can donors opt out of receiving personalized microsites?
Donors can decline to access personalized microsites sent by your institution—simply by not clicking the link or not entering the passcode provided. Since each microsite is password-protected and sent directly by your institution (not by Ovrture), donors who don’t wish to engage simply don’t access the content. To completely remove their information from future personalized communications, donors should contact your institution’s advancement office directly. Your institution can then remove them from Ovrture or adjust their communication preferences.
Does Ovrture use our donor data for any other purposes?
No. Ovrture processes donor data exclusively to deliver platform services to your institution. We do not use your donor data to market Ovrture to other institutions, share it with third parties, aggregate it across multiple clients for benchmarking, or use it for any purpose other than creating personalized experiences for your donors and providing you with engagement analytics. Your donor data remains your data, and we never cross-pollinate information between institutional clients.
How does Ovrture handle sensitive donor information like wealth capacity or health status?
Institutions should exercise appropriate care when uploading sensitive donor information to Ovrture. The platform is designed for engagement communications (connecting donor interests to campaign priorities) rather than internal prospect management (wealth screening, solicitation strategy). Sensitive fields like wealth capacity ratings, health conditions, or internal strategy notes should remain in your CRM rather than being synchronized to Ovrture. For healthcare institutions engaging grateful patients where health information may be relevant, we provide HIPAA-compliant Business Associate Agreements and enhanced security controls.
What third-party services does Ovrture use that might access data?
Ovrture uses carefully selected subprocessors including AWS or similar cloud hosting for secure data storage, Blackbaud and Salesforce APIs for CRM integration (data flows only as you authorize), email delivery services for platform notifications, and authentication providers for secure platform access. All subprocessors are contractually required to maintain security standards at least as stringent as Ovrture’s and may use data only for specified service delivery purposes. A complete subprocessor list is available upon request and we notify institutional clients 30 days before adding new subprocessors.
Contact Us
Privacy Inquiries
For institutional clients (platform users):
Email: contact@ovrture.com
Subject: “Privacy Request – [Your Institution Name]”
For donors viewing personalized microsites:
Contact the institution that sent you the personalized content (identified in your access email and site branding). If you cannot reach them, email contact@ovrture.com and we’ll assist.
General Support
Ovrture Support Team:
Email: support@ovrture.com
Mailing Address:
Ovrture
Post Office Box 1139
State College, PA 16801
Platform Information
For information about Ovrture features, pricing, or implementation, visit ovrture.com or contact our team through the website.
Partnership with Foster Avenue
Ovrture and Foster Avenue are separate legal entities with a strategic partnership. Foster Avenue specializes in integrated campaign counsel and creative communications for nonprofit fundraising. Many institutions engage both Foster Avenue (for campaign strategy and creative) and Ovrture (for digital donor engagement). When institutions use both services:
- Foster Avenue may create campaign content that is delivered through the Ovrture platform
- Separate contracts govern each relationship (Foster Avenue consulting agreement + Ovrture platform subscription)
- Data sharing between Foster Avenue and Ovrture occurs only with explicit institution authorization
- Each company maintains its own privacy policy and data handling practices
- Foster Avenue’s privacy policy (available at fosteravenue.com/privacy-policy) governs Foster Avenue consulting services
- This Ovrture privacy policy governs platform usage
Key points:
- Ovrture and Foster Avenue are independent companies
- No automatic data sharing between the companies
- Institutions control whether and how data flows between services
- Each company acts as a separate data processor for institutional clients
If you have questions about data flows when using both services, email contact@ovrture.com.
