PRIVACY POLICY

Piesa Giving, a DBA of Good Steward Technology Group LLC

An Illinois Limited Liability Company | Version 2.0 | Effective Date: May 1, 2026

SECTION 1. INTRODUCTION AND SCOPE

This Privacy Policy ("Policy") describes how Good Steward Technology Group LLC, an Illinois limited liability company operating under the registered trade name Piesa Giving ("Piesa Giving," "Good Steward," "we," "us," or "our"), collects, uses, stores, shares, and protects the personal information of users of the Piesa Giving platform, including the website located at www.piesagiving.com, the iOS application, and the Android application (collectively, the "Platform").

This Policy applies to all users of the Platform, including donors who create accounts and make charitable donations ("Users") and representatives of nonprofit organizations who register their organizations on the Platform ("Nonprofit Representatives"). This Policy does not apply to the practices of third-party websites, services, or applications that may be linked to or integrated with the Platform.

BY CREATING AN ACCOUNT OR USING THE PLATFORM IN ANY WAY, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE DATA PRACTICES DESCRIBED HEREIN. If you do not agree to this Policy, you must not use the Platform.

This Privacy Policy should be read together with Piesa Giving's User Terms and Conditions, available at https://piesagiving.com/home/terms_conditions, which are incorporated herein by reference.

SECTION 2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

When you create an account or use the Platform, we collect the following information that you provide to us directly:

2.2 Biometric Information — Illinois BIPA Disclosure

Illinois Biometric Information Privacy Act (BIPA) Notice: If you enable Face ID or biometric authentication on the Platform, Piesa Giving collects and uses biometric identifiers and biometric information as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14/). Your separate, informed written consent is required before biometric authentication is activated. Please read this Section carefully before enabling Face ID.

The Platform offers optional biometric authentication (Face ID or equivalent facial recognition) as an alternative to PIN-based login. If you elect to enable biometric authentication, the following applies:

What is collected: Facial recognition authentication is processed at the device level by your device's operating system (Apple iOS or Android OS). Piesa Giving receives only a pass/fail authentication result and does not independently collect, store, or transmit raw biometric data or facial geometry templates.

Purpose: Biometric data is used solely to authenticate your identity for login purposes. It is not used for any other purpose, including advertising, profiling, or identification outside the Platform.

No sale or disclosure: Piesa Giving will not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information. Piesa Giving will not disclose biometric data to any third party except as required by law or valid legal process.

Retention: Because biometric processing occurs at the device level, Piesa Giving does not maintain independent biometric templates. Disabling Face ID through your account settings or device settings immediately terminates biometric authentication for your account.

Your rights: You may withdraw consent to biometric authentication at any time by disabling Face ID in your account settings or device settings. Withdrawal of consent does not affect your ability to access your account using your PIN.

BY ENABLING FACE ID OR BIOMETRIC AUTHENTICATION ON THE PLATFORM, YOU EXPRESSLY PROVIDE YOUR INFORMED WRITTEN CONSENT TO PIESA GIVING'S COLLECTION AND USE OF BIOMETRIC IDENTIFIERS AND BIOMETRIC INFORMATION AS DESCRIBED IN THIS SECTION, IN ACCORDANCE WITH THE ILLINOIS BIOMETRIC INFORMATION PRIVACY ACT (740 ILCS 14/) AND ALL OTHER APPLICABLE LAW.

2.3 Location Information

The Platform may request access to your device's location to provide location-aware features, including displaying nonprofit organizations that are geographically relevant to your area. Location access is entirely optional and requires your express permission through your device's operating system. You may revoke location permission at any time through your device settings without affecting your ability to use the Platform. If you do not grant location permission, the Platform will use your mailing address state to provide general regional recommendations.

2.4 Information Collected Automatically

When you use the Platform, certain technical information is automatically collected, including:

IP address and general geographic region derived from IP address;

Device type, operating system, and browser type;

Pages visited, features used, and time spent on the Platform;

Referring website addresses and access times;

Donation activity, platform preferences, and giving calculator usage.

This information is used to operate and improve the Platform, analyze usage patterns, and ensure service quality. It is not used to build individual advertising profiles or sold to third-party advertisers.

The Platform also collects your notification preferences, including which notification types you have enabled or disabled (such as donation alerts, recurring donation reminders, friend request notifications, and nonprofit announcements). This information is used solely to deliver the notifications you have chosen to receive and to respect your mute and opt-out preferences.

2.5 Cookies

The Platform website may use cookies — small text files stored on your device by your web browser — to personalize your experience, maintain session information, and remember your preferences. Cookies cannot execute programs or transmit viruses. You may configure your browser to decline cookies, though doing so may limit some Platform functionality. The Platform does not currently use third-party advertising cookies or tracking pixels. If this changes in the future, this Policy will be updated and you will be notified as described in Section 11.

2.6 Information Related to Nonprofit Activity

The Platform collects information about your nonprofit activity, including:

Which nonprofit organizations you follow, favorite, or donate to, including religious and charitable organizations;

Your donation history, amounts, dates, and payment methods used;

Your giving calculator goals and progress;

Your account privacy settings (Public, Friends, or Private).

Sensitive Data Notice: Information about the religious organizations and charitable causes you support may constitute sensitive personal information under applicable privacy laws, as it may reveal your religious beliefs, practices, or affiliations. Piesa Giving treats this information with heightened care and will not sell it to third parties. The visibility of this information to other Platform users is controlled entirely by your account privacy settings as described in Section 5.

2.7 Wallet and Payment Method Information

When you add a credit card or bank account to the Platform's Wallet feature, your full payment credentials are transmitted directly to and stored exclusively by Stripe, Inc. Piesa Giving stores only a Stripe-issued payment method token — a non-sensitive reference identifier — that allows your saved payment method to be used for future donations without exposing your actual card or account numbers. Piesa Giving never sees, receives, or stores your full credit card number, bank account number, or routing number at any point.

2.8 Search Activity and User Discoverability

The Platform includes a search feature that allows users to search for nonprofit organizations and other Platform users by name. Your discoverability through the search feature is entirely controlled by your account privacy setting:

Public: Your profile appears in search results and your full profile is visible to any user who clicks on it;

Private: Your profile appears in search results but only your name and profile picture are visible — other users must send a friend request to see more;

Only Me: Your profile does not appear in search results at all and cannot be discovered by any other user through the search feature.

Piesa Giving does not collect or store the search queries you enter. Search activity is used only to return relevant results and is not linked to your profile or used for advertising purposes.

2.9 Information from Nonprofit Representatives

When a representative of a nonprofit organization registers on the Platform, we collect their name, email address, organizational information, EIN, and IRS determination documentation. This information is used to verify nonprofit eligibility, set up the nonprofit's Platform profile, and communicate with the organization regarding its account.

2.10 Nonprofit Representative Contact Information — Public Display

Nonprofit organizations may include personal contact information for their representatives — such as a staff member's name, phone number, email address, or title — in their Platform profile. To the extent such information is included in a nonprofit's public-facing profile, it will be visible to all Platform users who view that nonprofit's profile page. Piesa Giving displays this information solely as provided by the nonprofit organization and does not independently verify its accuracy.

Piesa Giving collects and displays nonprofit representative contact information in reliance on the nonprofit's representation that it has obtained the consent of each individual whose personal information is submitted. Individuals whose personal information has been submitted by a nonprofit organization without their consent should contact Piesa Giving at info@piesagiving.com to request removal. Piesa Giving will process such requests in accordance with applicable privacy law and its data retention obligations.

Nonprofit representative contact information submitted to Piesa Giving is used for the following purposes:

Setting up and managing the nonprofit's Platform account;

Communicating with the nonprofit regarding its account, enrollment status, and compliance obligations;

Displaying the nonprofit's contact information on its public Platform profile, to the extent provided by the nonprofit;

Complying with applicable legal and regulatory obligations.

Piesa Giving does not sell nonprofit representative contact information to any third party. Such information is shared with Stripe and AWS solely to the extent necessary to operate the Platform, in accordance with Sections 4.2 and 4.3 of this Policy.

SECTION 3. HOW WE USE YOUR INFORMATION

Piesa Giving uses the personal information we collect for the following purposes:

Account creation and management: To create and maintain your account, verify your identity, and authenticate your login;

Age verification: To confirm that you meet the minimum age requirement of eighteen (18) years. Date of birth is used for this purpose and shared with nonprofit organizations as described in Section 4;

Donation processing: To facilitate charitable donations through Stripe and disburse funds to nonprofit organizations;

Transaction communications: To send donation confirmations, recurring donation notifications, and annual giving summary statements to your registered email address;

Platform personalization: To display nonprofits relevant to your location, giving history, and preferences;

Service communications: To send account-related notices, security alerts, policy updates, and service announcements;

Platform improvement: To analyze usage patterns, troubleshoot technical issues, and improve Platform features and performance;

Legal compliance: To comply with applicable laws, respond to legal process, and protect Piesa Giving's legal rights;

Fraud prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized account access, and other prohibited activities;

Notification delivery: To deliver the notifications you have enabled through your Notification Settings, including donation alerts, recurring donation reminders, friend request notifications, and nonprofit announcements, via push notification and email;

Search functionality: To enable the Platform's search feature to return relevant nonprofit and user results based on your search queries, subject to each user's privacy setting.

Piesa Giving does not currently send marketing or promotional emails beyond transactional communications. If Piesa Giving introduces marketing communications in the future, you will be given the opportunity to opt in, and this Policy will be updated accordingly with clear opt-out instructions.

SECTION 4. INFORMATION WE SHARE

Plain Language Summary: We do not sell your personal data. We share limited information with the nonprofits you donate to, and with our core service providers Stripe and AWS. We do not use third-party advertising or analytics tools that receive your data. If this changes, we will update this Policy and notify you.

4.1 Information Shared with Nonprofit Organizations

When you make a donation to a nonprofit organization through the Platform, the following information about you is made available to that nonprofit:

Full name;

Email address;

Mailing address;

Date of birth (used by the nonprofit to verify donor age);

Donation amount and donation date.

This information is shared solely to facilitate the donation relationship, enable the nonprofit to issue required tax acknowledgments, and allow the nonprofit to communicate with you regarding its mission and activities. Nonprofit organizations are contractually prohibited from selling your information or using it for purposes unrelated to their charitable mission. If you wish to be removed from a nonprofit's communications, you must contact the nonprofit directly — Piesa Giving is not responsible for the nonprofit's independent communications with you following a donation.

4.2 Payment Information — Stripe

All payment processing is handled exclusively by Stripe, Inc. Piesa Giving never sees, collects, or stores your full credit card number, bank account number, or other sensitive payment credentials. Payment information is transmitted directly and securely to Stripe and is governed by Stripe's Privacy Policy, available at https://stripe.com/privacy. We encourage you to review Stripe's privacy practices before making a donation.

4.3 Infrastructure — Amazon Web Services

The Platform is hosted on Amazon Web Services, Inc. ("AWS") cloud infrastructure. Your data is stored on AWS servers in accordance with AWS's security and privacy standards. AWS does not have access to your data for its own purposes — it serves solely as our infrastructure provider. AWS's privacy practices are available at https://aws.amazon.com/privacy/.

4.4 Legal Disclosures

Piesa Giving may disclose your personal information without prior notice when required to do so by law or in the good-faith belief that such disclosure is necessary to: (a) comply with applicable law, regulation, or valid legal process served on Piesa Giving; (b) protect and defend the legal rights or property of Piesa Giving; (c) protect the personal safety of Platform users or the public; or (d) respond to a governmental, regulatory, or law enforcement request. You expressly waive any claim against Piesa Giving arising from its good-faith compliance with any such legal obligation or request.

4.5 Business Transfers

In the event that Piesa Giving is involved in a merger, acquisition, reorganization, or sale of all or substantially all of its assets, your personal information may be transferred as part of that transaction. You will be notified of any such transfer and any material changes to this Policy that result from it.

4.6 No Sale of Personal Data

Piesa Giving does not sell, rent, or lease your personal data to any third party for any purpose. Piesa Giving does not sell information about your charitable giving, religious affiliations, or donation history to advertisers, data brokers, or any other commercial entity.

4.7 Future Third-Party Service Providers

Piesa Giving does not currently use third-party analytics platforms, advertising networks, email marketing services, or similar tools that would receive your personal data. If Piesa Giving introduces any such tools in the future, this Policy will be updated prior to implementation, you will be notified as described in Section 11, and any new third-party providers will be contractually required to protect your information and use it only for the purposes specified.

SECTION 5. ACCOUNT PRIVACY SETTINGS AND PROFILE VISIBILITY

You control who can see your profile and nonprofit activity through your account privacy settings. You may change your privacy setting at any time through your account settings on the Platform.

5.1 Public Account

If your account is set to Public, any Platform user who views your profile can see your display name, state of residence, and the religious and charitable nonprofit organizations you follow. By setting your account to Public, you expressly consent to the disclosure of this information — including information that may reveal your religious beliefs or charitable affiliations — to all Platform users.

5.2 Friends Account

If your account is set to Friends, only users you have accepted as friends on the Platform can see your display name, state of residence, and the nonprofits you follow. Non-friends can see only that your account exists and your display name.

5.3 Private Account

If your account is set to Private, only you can see your nonprofit follows and donation activity. Other users, including accepted friends, cannot see your nonprofit follows or charitable activity. Your state of residence remains visible to any user who views your profile regardless of privacy setting.

5.4 Profile Picture Visibility

If you upload a profile picture to your account, that image will be visible to all users of the Platform regardless of your privacy setting (Public, Friends, or Private). By uploading a profile picture, you expressly consent to its display to all Platform users. You are solely responsible for ensuring that any image you upload is a photograph of yourself, that you have the right to use it, and that it complies with Piesa Giving's content standards described in Section 5.6 below. Upon deletion of your account, your profile picture will be permanently removed from the Platform and will no longer be visible to any user.

5.5 Friends List Visibility

When another user views your profile, they may be able to see your friends list — the users you have accepted as friends on the Platform — subject to your privacy setting as follows:

Public account: Any Platform user can see your profile picture, your state of residence, the nonprofits you follow, and your friends list;

Friends account: Only your accepted friends can see your nonprofit follows and your friends list. Non-friends can see only your display name and profile picture;

Private account: No other user can see your nonprofit follows or your friends list. Your profile picture and state of residence remain visible to all users.

Important: When your account is set to Public, any Platform user — including users you do not know — can see your profile picture, the nonprofits and religious organizations you follow, and who your friends are. This combination of information may reveal your religious beliefs, charitable affiliations, and social network. Piesa Giving strongly encourages you to review your privacy settings and set your account to Friends or Private if you do not wish this information to be publicly visible.

5.6 Profile Picture Content Standards and Reporting

By uploading a profile picture, you represent and warrant that: (a) the image is a genuine photograph of yourself; (b) you own or have the right to use the image; (c) the image does not depict any other person without their consent; (d) the image is not obscene, offensive, defamatory, or otherwise inappropriate; and (e) the image does not impersonate any other person or entity.

Piesa Giving reserves the right, in its sole and absolute discretion, to remove any profile picture that it determines — or that is reported to be — inappropriate, fake, impersonating, obscene, or in violation of these standards, at any time and without prior notice. Piesa Giving will use reasonable efforts to proactively review profile images for compliance but makes no guarantee that all non-compliant images will be identified and removed immediately. If you encounter a profile picture that you believe violates these standards, you may report it by submitting a support ticket through the Platform. Piesa Giving will review all reported images and take appropriate action in its sole discretion.

5.7 Search Discoverability by Privacy Setting

Your account privacy setting also controls whether your profile appears in search results when another user searches for your name. If your account is set to Public, your profile will appear in search results and your full profile will be visible. If your account is set to Private, your profile will appear in search results but only your name and profile picture will be visible — other details require a friend request. If your account is set to Only Me, your profile will not appear in search results at all and cannot be found by any other user through the search feature.

5.8 Default Setting

New accounts are set to Private by default. You may change your privacy setting at any time through your account settings.

SECTION 6. DATA STORAGE, SECURITY, AND RETENTION

6.1 Data Storage

Your personal information is stored on Amazon Web Services (AWS) cloud infrastructure located in the United States. Piesa Giving maintains appropriate administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction.

6.2 Security Measures

Piesa Giving employs the following security measures to protect your personal information:

End-to-end encryption for data transmission;

SSL (Secure Sockets Layer) protocol for all web pages;

PCI DSS-compliant payment processing through Stripe (PCI Level 1);

AWS advanced security infrastructure including firewalls and encryption at rest;

Strong password requirements and optional biometric authentication;

Restricted internal access to personal data on a need-to-know basis.

Despite these measures, no internet transmission or data storage system can be guaranteed to be 100% secure. By using the Platform, you acknowledge that there are inherent security limitations to internet-based services that are beyond Piesa Giving's control, and that Piesa Giving cannot guarantee the absolute security of your personal information.

6.3 Data Retention

Piesa Giving retains your personal information for as long as your account is active and as long as necessary to provide the Platform services to you. Following account closure, Piesa Giving may retain certain personal information for the following purposes and periods:

Transaction records and donation history: Retained for a minimum of seven (7) years to comply with applicable tax, accounting, and financial reporting obligations;

Legal compliance and dispute resolution: Retained for the duration of any applicable statute of limitations or as required by law or legal process;

Fraud prevention: Retained as necessary to detect, prevent, and investigate fraudulent activity.

Profile pictures: Upon account deletion, your profile picture will be permanently removed from the Platform and will no longer be displayed to any user. Piesa Giving will delete the stored image file as promptly as technically practicable following account deletion.

Biometric authentication data is not independently retained by Piesa Giving beyond your device-level settings. Disabling Face ID removes Piesa Giving's ability to authenticate you biometrically.

SECTION 7. CHILDREN AND MINIMUM AGE

THE PLATFORM IS INTENDED EXCLUSIVELY FOR USERS WHO ARE AT LEAST EIGHTEEN (18) YEARS OF AGE. Piesa Giving does not knowingly collect personal information from any person under the age of 18. If you are under 18, you are not permitted to create an account or use the Platform in any way. If Piesa Giving discovers that a user is under 18, the account will be immediately terminated and all associated data will be deleted to the extent permitted by law. If you are a parent or guardian and believe your minor child has created an account, please contact us immediately at info@piesagiving.com.

SECTION 8. YOUR RIGHTS AND CHOICES

8.1 Access and Correction

You may access and update most of your personal information directly through your account settings on the Platform. If you need assistance accessing or correcting information that is not available through your account settings, please contact us at info@piesagiving.com.

8.2 Account Deletion

You may request deletion of your account by contacting Piesa Giving at info@piesagiving.com. Upon account deletion, Piesa Giving will delete or anonymize your personal information, subject to the retention obligations described in Section 6.3. Your profile picture will be permanently removed and will no longer be visible to any Platform user. Please note that deletion of your account will also cancel all recurring donations and terminate your access to donation history through the Platform.

8.3 Biometric Authentication Opt-Out

You may disable biometric authentication at any time through your account settings or your device's operating system settings. Disabling biometric authentication does not affect your ability to access your account using your PIN.

8.4 Location Services Opt-Out

You may revoke location permission at any time through your device's operating system settings. Revoking location permission will not prevent you from using the Platform but will disable location-based nonprofit recommendations.

8.5 Email Communications

Piesa Giving currently sends only transactional emails, including donation confirmations, recurring donation notifications, account alerts, and annual giving summary statements. These communications are necessary for the operation of your account and cannot be fully opted out of while your account remains active. If Piesa Giving introduces optional marketing or promotional communications in the future, clear opt-out instructions will be provided in each such communication and through your account settings.

8.6 California Residents — CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: You have the right to request information about the categories and specific pieces of personal information Piesa Giving has collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared;

Right to Delete: You have the right to request deletion of personal information Piesa Giving has collected about you, subject to certain exceptions;

Right to Opt-Out of Sale: Piesa Giving does not sell personal information. You therefore have no need to opt out of a sale of your data;

Right to Non-Discrimination: Piesa Giving will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, please contact Piesa Giving at info@piesagiving.com. We will respond to verifiable requests within forty-five (45) days as required by law.

8.7 Illinois Residents — BIPA and PIPA Rights

Illinois residents have the following rights under the Illinois Biometric Information Privacy Act (BIPA) and the Illinois Personal Information Protection Act (PIPA):

The right to be informed of the specific purpose and length of time for which biometric data is collected, stored, and used;

The right to provide written consent before biometric data is collected;

The right to withdraw consent to biometric data collection at any time;

The right to receive notification of any security breach involving your personal information as required by PIPA.

Piesa Giving's biometric data practices as described in Section 2.2 are designed to comply with BIPA requirements. For any questions or concerns regarding your Illinois privacy rights, please contact us at info@piesagiving.com.

SECTION 9. THIRD-PARTY LINKS AND SERVICES

The Platform may contain links to third-party websites, resources, or services. Piesa Giving is not responsible for the privacy practices, content, or security of any third-party site. The inclusion of any link on the Platform does not constitute an endorsement by Piesa Giving of the linked site or its privacy practices. We encourage you to review the privacy policies of any third-party site you visit. Your interactions with third-party sites are governed exclusively by those sites' own terms and privacy policies.

SECTION 10. INTERNATIONAL USERS

The Platform is operated from the United States and is intended for U.S.-based users. If you access the Platform from outside the United States, you do so at your own risk. Your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Platform from outside the United States, you consent to the transfer and processing of your information in the United States in accordance with this Privacy Policy.

SECTION 11. CHANGES TO THIS PRIVACY POLICY

Piesa Giving reserves the right to update or modify this Privacy Policy at any time. When we make material changes to this Policy — including changes to how we collect, use, or share your personal information, changes to our biometric data practices, or the introduction of new third-party service providers — we will notify you by:

Sending a notice to the primary email address associated with your account;

Posting a prominent notice on the Platform; and/or

Updating the "Effective Date" at the top of this Policy.

Your continued use of the Platform after the effective date of any updated Policy constitutes your acceptance of the changes. If you do not agree to a material change, your sole remedy is to discontinue use of the Platform and close your account.

SECTION 12. CONTACT INFORMATION AND PRIVACY REQUESTS

If you have any questions, concerns, or requests regarding this Privacy Policy or Piesa Giving's data practices, including requests to exercise your CCPA, BIPA, or PIPA rights, please contact us:

Good Steward Technology Group LLC

d/b/a Piesa Giving

8130 St. Louis Avenue

Skokie, Illinois 60076

Email: info@piesagiving.com

Website: www.piesagiving.com

Effective Date: May 1, 2026

Replaces: All prior Privacy Policy versions, including the version effective May 7, 2020