When you run a successful campaign on Kickstarter, you will receive some personally identifiable information (PII) from your backers, including their email address and survey responses. Under Kickstarter’s Terms of Use and Privacy Policy, all creators are required to keep backer information confidential, except as strictly necessary to communicate with backers directly and fulfill rewards. No information provided by or about backers should be used for any other purpose without first receiving consent from the backer as required by applicable data privacy laws.
To ensure that you have received backers’ consent to be added to an off-site newsletter, we recommend one of the following:
- Add a simple yes/no question to your reward survey, asking your backers if they consent to being added to an off-site newsletter.
- Post an update with a link for backers to directly sign-up to your off-site newsletter.
In addition, the European Union’s General Data Protection Regulation (GDPR) provides citizens or residents of the European Economic Area (EEA) with certain rights over their personal data, including a right to access, correct, delete, and restrict processing of their data and requires a “lawful basis” for collecting and retaining their personal information. Any successful project on Kickstarter may have backers that are EEA residents and handling of their backer information would be subject to GDPR.
All creators should be prepared to respond to backer requests to provide or delete their personal information stored or used off of Kickstarter’s site, including copies of backer surveys you’ve downloaded from the creator dashboard. We also urge creators to review the GDPR rules and consider consulting with a lawyer for guidance on how these rules and other applicable data privacy regulations could directly affect them.