Privacy, plainly stated.

Fonte House is operated by Colmena Labs LLC. This policy covers two kinds of people: subscribers who use the product, and individuals who appear in the public-record research data it organizes. Both are addressed below. Effective June 11, 2026.

1. What we collect from subscribers

Account. Your email address is your account. We store it, your sign-in timestamps, and a security audit log of actions taken in the app (the action, the item it touched, and the request IP).

Your work product. Notes, tasks, pipeline stages, watchlists, organization profiles, and donor lists you upload are stored so the product can function. They are scoped strictly to your account: no other subscriber can read them, and we do not use them for anything except serving them back to you.

Billing. Payments are processed by Stripe. We store your subscription status and a Stripe customer reference. We never see or store card numbers.

Access requests. If you submit the request-access form, we store what you typed (name, email, organization, note) and the request IP, and forward it to the owner by email.

Cookies. One essential, HTTP-only session cookie keeps you signed in for up to 30 days. There are no advertising or cross-site tracking cookies.

2. The research data, and the people in it

Fonte House organizes public records: IRS Form 990-PF filings, donor-recognition pages that nonprofits publish on their own websites, news articles surfaced by RSS, and live lookups against public FEC contribution records and SEC EDGAR filings. We do not buy data brokers' files, and we do not collect non-public information about individuals.

Indicators in the product are matched by name and can be wrong; the interface says so wherever they appear. Subscribers agree (in the Terms of Service and at sign-in) to use the data only for charitable fundraising prospect research, and never for decisions about credit, employment, housing, insurance, or any other eligibility purpose.

If you appear in Fonte House and want out: email [email protected]. We can export what the system holds about you, correct it, or remove it. Removals are recorded in a deletion ledger so they persist through future data refreshes rather than silently reappearing.

3. Who touches the data

We sell access to the product, never the data, and never your account information. The service providers that process data on our behalf are: Cloudflare (hosting, database, and email routing), Stripe (payments), Resend (transactional email such as sign-in links), and Anthropic (automated text processing of public filing content, such as categorizing grants). Each receives only what its role requires.

We disclose information beyond that only if the law requires it, or to protect the service from abuse.

4. Security and retention

All traffic is encrypted in transit. Sign-in uses one-time emailed links; no passwords are stored anywhere. Sign-in tokens are stored only as cryptographic hashes and expire in 15 minutes. Sensitive actions are audit-logged.

Account data is kept while your account is active and deleted on request. The audit log and the subject-deletion ledger are retained longer because they are the record that protections were applied.

5. Changes and contact

If this policy changes in a way that matters, subscribers get an email before the change takes effect. Questions, requests, and complaints all go to [email protected]. Postal mail can be requested at the same address.