Your Privacy is Important to Us.
Last Updated: October 2025
This Privacy Policy (“Policy”) describes and governs the information collection, use, and sharing practices of Vital Impact (“Vital Impact,” “we,” “us,” and “our”), headquartered at New York, New York, with respect to both your use of the Vital Impact website at www.VitalImpactGroup.com and any other services that reference this Policy collectively, the “Services.”
Before you use or submit any information through or in connection with the Services, please carefully review this Policy. By using any part of the Services, regardless of how you access the Services, you consent to the collection, use, and disclosure of your information as further outlined in this Policy.
IF YOU DO NOT AGREE TO THIS POLICY, PLEASE DO NOT USE THE SERVICES.
We will continue to evaluate this Policy as we update and expand the Services and our offerings, and we may make changes to the Policy accordingly. Any changes will be posted here and you should check this page periodically for updates. If we make material changes to this Policy, we will provide you with notice as required by law. Your continued use of the Services will signify acceptance of the terms of the updated Policy.
Undefined capitalized terms used herein shall have the definitions as set forth in our Terms of Use.
We collect information in multiple ways, including when you provide information directly to us, and when we passively collect information from you, such as from your browser or device.
We may collect information from you in a variety of ways, such as when you:
We will collect any information that you provide to us, which may include, but is not limited to: name, email address, mailing address, phone number, and workplace information.
You do not have a statutory or contractual obligation to provide us with your information through our site; however, certain information may be required in order to use specific functions of our site.
We may automatically collect certain information about the computer or devices, including mobile devices or tablets, you use to access the Services. We may collect and analyze information such as IP addresses, location information, unique device identifiers, IMEI and TCP/IP address, browser types, browser language, operating system, mobile device carrier information, and the state or country from which you accessed the Services.
We may also collect information related to the ways in which you interact with the Services, such as referring and exit web pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed, statistical information about the use of the Services, time spent on pages, the date and time you used the Services, the frequency of your use of the Services, error logs, and other similar information.
We may also collect data about your use of the Services through the use of Internet server logs, cookies and/or tracking pixels, such as Google Analytics. A web server log is a file where website activity is stored. A cookie is a small text file placed on your computer when you visit a website.
Cookies may enable us to:
Tracking pixels, sometimes referred to as web beacons or clear GIFs, are tiny electronic tags with a unique identifier embedded in websites, online ads, and/or email. They are designed to provide usage information, measure popularity of the Services and associated advertising, and access user cookies.
You can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information. Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the Services.
Social networking sites, such as Facebook, have their own policies for handling your information. For a description of how these sites may use and disclose your information, including any information you make public, please consult the sites’ privacy policies. We have no control over how any third-party site uses or discloses the personal information it collects about you.
We may also collect information about you or others through non-affiliated third parties. To the extent permitted by law, we may ask for and collect supplemental information from third parties, such as information about your organization’s history, information to verify your identity or trustworthiness, or for other fraud or safety protection purposes.
We may use the information we collect from and about you for the following purposes:
We may combine information that we collect from you and about you with information we obtain from our affiliates and/or non-affiliated third parties, and use such combined information in accordance with this Policy.
We may aggregate and/or de-identify information collected through the Services. We may use de-identified and/or aggregated data for any purpose, including research and marketing purposes, and may disclose such data to third parties.
We may disclose your information to certain categories of non-affiliated third parties under the following circumstances:
We may disclose your information to any third parties based on your consent to do so.
We may provide access or disclose your information to select third parties who perform services on our behalf, including marketing, market research, customer support, data storage, analysis and processing, and legal services.
Vital Impact may access, preserve, and disclose your information if required to do so by law or in a good faith belief that such access, preservation, or disclosure is permitted by this Policy or reasonably necessary to comply with legal process, enforce this Policy, respond to claims, respond to customer service requests, or protect the rights, property, or personal safety of Vital Impact, its agents, affiliates, users, and the public.
As we continue to develop our organization, we may acquire, merge, or partner with other organizations. In such transactions, including in contemplation of such transactions, user information may be among the transferred assets. If any of Vital Impact’s assets are sold or transferred to a third party, customer information would likely be one of the transferred business assets.
The laws in some jurisdictions require companies to tell you about the basis for using or disclosing your personal data. To the extent those laws apply, our legal grounds for processing your personal data are as follows:
We need to use and disclose personal data in certain ways to comply with our legal obligations.
Where required by law, and in some other cases, we handle personal data on the basis of consent. Where we handle your personal data on the basis of consent, you have the right to withdraw your consent.
Much of our processing of personal data is to meet our contractual obligations to our clients, or to take steps at clients’ request in anticipation of entering into a contract with them.
In many cases, we handle personal data because it furthers our legitimate interests in commercial activities in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals.
These interests may include:
We may use third-party web analytics services, such as Google Analytics, on our Services to collect and analyze information, and to engage in auditing, research, or reporting. The information collected by analytics technologies may be disclosed to or collected directly by these service providers.
To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on.
If you receive email from us, we may use analytics tools, such as clear GIFs, to capture data such as when you open our message or click on links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not recognize or respond to browser-initiated DNT signals, as the Internet industry is still working toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.
All users can review and update certain user information by emailing us at privacy at VitalImpactgroup dot com. You can unsubscribe from marketing emails by clicking the “unsubscribe” link they contain.
You can also opt out of our sharing of your mailing information with other nonprofits by emailing us at privacy at VitalImpactgroup dot com and describing your request.
The website is operated in the United States and is intended for users located in the United States. The website is therefore operated in accordance with the laws of the United States.
If you are located outside of the United States, please be aware that information you provide to us or that we obtain as a result of your use of the Services will be collected in the United States and/or transferred to the United States and will be subject to U.S. law.
The Services are intended for general audiences and not for children under the age of 13. If we become aware that we have collected personal information, as defined by the Children’s Online Privacy Protection Act, from children under the age of 13, we will take reasonable steps to delete it as soon as practicable.
We have implemented administrative, technical, and physical security measures to protect against the loss, misuse, and/or alteration of your information. These safeguards vary based on the sensitivity of the information that we collect and store.
However, we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your information since no Internet or other electronic transmission can be completely secure.
We will hold your information for as long as necessary to fulfill the purposes set forth in this Policy or as long as we are legally required or permitted to do so. Information may persist in copies made for backup and business continuity purposes for additional time.
The Services may contain links to or frame third-party websites, applications, and other services. Please be aware that we are not responsible for the privacy practices of such other sites and services.
We encourage users to be aware when they leave our Services and to read the privacy statements of each site they visit that collects their information.
California law permits visitors who are California residents to request certain information once per year regarding our disclosure of personal information to third parties for such third parties’ direct marketing purposes.
To make such a request, please send an email to privacy at VitalImpactgroup dot com with “Shine the Light” in the subject line or write to us at Vital Impact, 1828 L Street NW, Suite 300, Washington, DC 20036.
If you have any questions about our Policy, you can contact us by emailing privacy at VitalImpactgroup dot com.
Privacy laws in certain U.S. states, including the California Consumer Privacy Act of 2018, as amended (“CCPA”), require us to make specific disclosures to state residents. This additional information section provides these legally required disclosures in the form mandated by state law, but does not differ substantively from the information set forth above in our Privacy Policy.
Please see the main sections of our Privacy Policy above for complete information about our privacy practices, including our collection, use, retention, and disclosure of that information.
In this section, the terms “personal information” (“PI”) and “sensitive personal information” (“SPI”) have the meanings set forth in applicable state privacy law. “Consumer” means the consumer to whom the PI or SPI relates.
During the 12 months leading up to the effective date of this Policy, we have collected all of the types of PI and SPI described in the “Information We Collect” section of the Policy above, and we used it for the purposes described in “How We Use Your Information.”
We may collect the following categories of PI and SPI about consumers, and we may disclose this information to the categories of third parties listed below:
Please note: We endeavor not to collect sensitive personal information. While we cannot control the information you send to us through your communications to us, we encourage you not to send us sensitive personal information.
Categories of Third-Party Recipients: N/A
Examples include name, username, password, email address, and IP address.
Categories of Third-Party Recipients: Corporate affiliates, service providers, and third parties when sharing mailing lists with nonprofits.
Examples include telephone number, mailing address, employment, or related information.
Categories of Third-Party Recipients: Corporate affiliates and service providers.
Examples include your resume when you apply for a job.
Categories of Third-Party Recipients: Corporate affiliates and service providers.
Examples include browsing history or a record of online Services usage.
Categories of Third-Party Recipients: Corporate affiliates, service providers, and data analytic providers.
During the 12 months leading up to the effective date of this Policy, we did not and do not “sell” personal information. During the 12 months leading up to the effective date of this Policy, we did not and do not “share” personal information for targeted advertising purposes, as that term is defined under applicable state law.
To our knowledge, we do not and have not in the past 12 months sold or shared for targeted advertising purposes the personal information of individuals under 16 years of age.
While we take the position that we do not sell or share personal information as those terms are defined, you may prevent Google Analytics from using your information for analytics by installing the Google Analytics Opt-out Browser Add-on.
We do not offer financial incentives associated with our collection, use, or disclosure of your personal information. We do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects.
Depending on your state of residence, you may have the following rights, subject to exceptions:
Certain information and business practices may be exempt from requests to exercise some of these rights. For example, we need certain types of information to provide the Services to you and to comply with applicable law.
To make such a request, please send an email to Privacy at VitalImpactGroup dot com. You may also exercise certain choices on your own. For example, to prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on. You may also opt out of receiving email through the unsubscribe link in the email itself.
You may be required to verify your identity before we fulfill your request, which may include verifying your name, email address, mailing address, and/or phone number, depending on the nature of the request and the information we hold about you.
If you have an online account with us, we might also require you to log in to that account as part of the verification process. If you are a California resident, you can also designate an authorized agent to make a request on your behalf if that authorized agent has, and is able to furnish to us, written authorization from you.
You may still need to verify your identity and confirm the agent’s authority directly with us if we are not convinced of the validity of the agent’s request. For security and legal reasons, we may refuse to accept requests that require us to visit an agent’s website.
