Cookies

Cookies are text files that websites store on a visitor's device to enable functionality like persistent logins, analytics, and personalized content. Because cookies can track user behavior and store personal data, they're subject to privacy regulations including GDPR, UK GDPR, and similar laws that require user consent and transparency about cookie usage.

The following table provides a complete overview of all cookies used by Fundraise Up, including their purpose, legal basis under GDPR, storage duration with justification, and whether they are strictly necessary or optional.

When the Fundraise Up script loads on a page, cookies are automatically set on the highest-level domain. For example, if the script loads on donate.example.org, the cookie is set on example.org. This means cookies created from any subdomain are available on the parent domain, and tracking works correctly across all subdomains where the Fundraise Up code is installed.

If you configure third-party analytics services (such as Google Analytics or Meta Pixel) on your Campaign Pages, those services may set their own cookies according to your configuration and the user's consent preferences. These third-party cookies are not controlled by Fundraise Up.

When the Checkout Modal appears on your organization's website, your website must align with compliance standards, which means you need to add a cookie banner if you accept donations from regions with strict privacy laws.

If you collect donations from supporters in the European Union, the UK, the EEA, Quebec (Canada), or California (US), you must add information about Fundraise Up's cookies to your website's cookie banner. These regions follow privacy standards (GDPR, ePrivacy Directive, Law 25, CPRA) that require site visitors to be informed about cookie use and provide consent before non-essential cookies are set.

Your website should have a cookie banner — a small dialog box that tells users about the use of cookies and gives them the option to learn more, configure their preferences, reject, or accept cookies.

To add information about Fundraise Up's cookies to your pre-existing cookie banner, follow these steps. The specific steps may vary depending on the cookie banner service you use (for example, OneTrust, CookieYes, Cookiebot):

1. Log in to the administrative panel of your website.
2. Go to the cookie banner settings.
3. In the section displaying your site's cookie information, add the Fundraise Up cookie information from the table above. For each cookie, specify the cookie name, category, duration, and type.
4. Check that the cookie banner is working correctly. Open your site in incognito mode in your browser. When the cookie banner appears, check that the Fundraise Up cookies are correctly displayed in the right categories.

Many cookie banner services offer a feature to scan the site for cookies automatically. This function is recommended for maximum transparency and compliance with data protection legislation.

You can configure your cookie banner using:

• Cookie management services: OneTrust, CookieYes, Cookiebot, and similar services let you configure cookie categories and obtain user consent.
• Google Tag Manager Consent API: GTM Consent API integrates with your cookie banner to control when cookies are set based on user preferences. See the section below for setup instructions.
• Content management system: Some content management systems, such as Joomla and Drupal, have built-in cookie banner support.
• Custom implementation: Create a banner using HTML, CSS, and JavaScript with the help of a web developer.

Fundraise Up supports integration with the Google Tag Manager (GTM) Consent API, which lets your cookie banner control when cookies are set based on user consent.

To configure this integration:

1. Add the consent script to the <head> section of your website

1<script>
2  window.dataLayer = window.dataLayer || [];
3  function gtag(){dataLayer.push(arguments);}
4  gtag('consent', 'default', {
5    'ad_storage': 'denied',
6    'ad_user_data': 'denied',
7    'ad_personalization': 'denied',
8    'analytics_storage': 'denied',
9    'functionality_storage': 'denied',
10    'personalization_storage': 'denied',
11    'security_storage': 'denied'
12  });
13</script>

This script passes visitor cookie preferences to Fundraise Up. Without this step, Fundraise Up will set its own cookies automatically, including non-strictly necessary ones, even if the visitor has not provided consent. If you skip the <head> code installation, consent data won't be passed correctly, and your site may not meet GDPR compliance standards.

2. Configure consent types in GTM

In GTM, define consent types (such as analytics, functionality, and marketing) and link them to your cookie banner so that cookies are only set after user approval.

When the setup is complete, Fundraise Up waits for the visitor's consent before setting any cookies. The cookies set depend on the visitor's preferences. The only exception is fundraiseup_cid, which is always set because it's required for security and fraud prevention.

For more details about setting up and configuring the GTM Consent API, see Google's Support documentation and Developers guide.

Campaign Pages include a built-in cookie banner that automatically keeps your pages compliant with privacy regulations — no action or setup is required from you.

This banner is automatically displayed to site visitors in regions that follow specific privacy standards: the GDPR and ePrivacy Directive (EU Member States, the UK, and the EEA), Law 25 (Quebec, Canada), and the CPRA (California, US).

The banner presents supporters with options to reject, accept, or manage their cookies. If they ignore the banner or choose Reject, only strictly necessary cookies are used. This means visitors can continue to use the page even if they choose not to interact with the banner.

If they select Manage, they see descriptions of each cookie type and can allow or reject individual cookie types as they wish.

Marketing cookies are only used on Campaign Pages and are not used in the Checkout Modal.

What happens if a user blocks cookies?

The impact of blocking cookies depends on which cookies are blocked:

• fundraiseup_cid (strictly necessary): Blocking this cookie prevents the platform from functioning properly and disables anti-fraud measures. This creates security vulnerabilities and may allow fraudulent transactions. This cookie must be categorized as "strictly necessary" in your cookie banner so that it cannot be blocked by users.
• fundraiseup_consent (strictly necessary): Blocking this cookie prevents the system from storing user consent preferences, which means users may be repeatedly asked to provide consent. This cookie must also be categorized as "strictly necessary."
• fundraiseup_func (functional): Blocking this cookie affects user experience. Personalization features will not work, and preferences and previous interactions will not be remembered across sessions. For example, the Reminder element will not function correctly.
• fundraiseup_stat (performance): Blocking this cookie does not affect the user's experience but prevents collection of anonymous analytics data that helps improve platform performance.
• fundraiseup_mark (marketing): Blocking this cookie does not affect the user's experience but prevents tracking of events to third-party analytics and marketing platforms on Campaign Pages.

Are there any third-party cookies used by Fundraise Up?

No. Fundraise Up does not set or deploy any third-party cookies. All cookies used by Fundraise Up are first-party cookies.

However, if you configure third-party analytics services (such as Google Analytics or Meta Pixel) on your Campaign Pages, those services may set their own third-party cookies according to your configuration and the user's consent preferences.

How can we configure our cookie banner correctly?

To configure correctly:

1. Load your cookie banner code before Fundraise Up's code: Configure the order of loading and executing scripts on your website so that the cookie banner service code loads and initializes before Fundraise Up's code. This prevents Fundraise Up from setting cookies before users have had the opportunity to manage their preferences.
2. Add all Fundraise Up cookies to your banner: Include all cookies from the table above in your cookie banner, organized by category (strictly necessary, functional, performance, marketing).
3. Test in incognito mode: Open your site in incognito mode and verify that the cookie banner displays correctly and that cookie preferences are respected.
4. Use cookie scanning tools: Many cookie banner services offer automatic cookie scanning features. Use these to detect and disclose all cookies properly.

What is the exact data that each Fundraise Up cookie collects and stores?

Detailed information about the data collected by each cookie is available in the table above. In summary:

• fundraiseup_cid stores a unique browser identifier used for fraud detection.
• fundraiseup_consent stores user consent preferences for different cookie categories.
• fundraiseup_func stores user preferences and interaction history for personalization.
• fundraiseup_stat stores anonymous usage statistics.
• fundraiseup_mark stores consent status for third-party analytics and marketing tracking.

We're an American or Canadian organization, but we get donations from Europe or the UK. What should we do?

If you accept donations from European supporters through the Checkout Modal, you must comply with GDPR by implementing a clear cookie banner on your website. The banner must inform users about what types of cookies are used and why, and obtain their consent before collecting any data. This is a crucial step to comply with GDPR and avoid potential fines and penalties from regulatory authorities in Europe.

The location of your organization does not determine your compliance obligations — what matters is where your supporters are located.

What happens if we don't show a cookie banner at all? Will our site be blocked in Europe?

If your website accepts donations from EU, EEA, or UK citizens, you must display a cookie banner to comply with GDPR, ePrivacy Directive, and UK GDPR. Your page will not be blocked if you do not have a cookie banner, but you could face significant fines and penalties if a regulatory authority determines you are not in compliance with data protection regulations.

GDPR fines can reach up to €20 million or 4% of annual global turnover, whichever is higher.

I've never had a cookie banner. How do I set one up?

There are several ways to implement a cookie banner:

• Use a cookie management plugin or service: This is the easiest and fastest method. Services like OneTrust, CookieYes, and Cookiebot offer customizable cookie banners with easy setup.
• Use your CMS's built-in features: Some content management systems, such as Joomla and Drupal, have built-in cookie banner support. Check your CMS settings to see if this feature is available.
• Create a custom banner: Work with a web developer to create a custom cookie banner using HTML, CSS, and JavaScript. Use the cookie information from the table above to populate your banner.

How can site visitors manage their cookie preferences?

Visitors can manage their cookie preferences through the cookie banner provided by your website. They can choose which categories of cookies they wish to accept or decline. Strictly necessary cookies cannot be blocked, as they are required for the platform to function securely.

On Campaign Pages, visitors can click "Manage" in the built-in cookie banner to adjust their preferences at any time.

Is it necessary to set up a cookie banner for Campaign Pages?

No. Campaign Pages already have an integrated cookie banner that automatically displays to visitors in regions with strict privacy laws. No additional setup or configuration is required from you.