When you run a successful campaign on Kickstarter, you will receive some personally identifiable information (PII) from your backers, including their email address and survey responses. Under Kickstarter’s Terms of Use and Privacy Policy, all creators are required to keep backer information confidential, except as strictly necessary to communicate with backers directly and fulfill rewards. No information provided by or about backers should be used for any other purpose without first receiving consent from the backer as required by applicable data privacy laws.
To ensure that you have received backers’ consent to be added to an off-site newsletter, we recommend one of the following:
- Add a simple yes/no question to your reward survey, asking your backers if they consent to being added to an off-site newsletter.
- Post an update with a link for backers to directly sign-up to your off-site newsletter.
In addition, the European Union and United Kingdom’s General Data Protection Regulation (GDPR), and the California Privacy Rights Act (CPRA), provides citizens or residents of the European Economic Area (EEA), the UK, and California, with certain rights over their personal data. This includes a right to access, correct, delete, and restrict processing of their data and requires a “lawful basis” for collecting and retaining their personal information. Any successful project on Kickstarter may have backers that are EEA, UK, or California residents and handling of their backer information would be subject to GDPR or CPRA.
All creators and any collaborators with whom creators share backer personal information are required to comply with requirements and laws set forth in Kickstarter’s Privacy Policy. This includes being prepared to respond to backer requests to provide or delete their personal information stored or used off of Kickstarter’s site, including copies of backer surveys you’ve downloaded from the creator dashboard. We also urge creators to review the GDPR and CPRA rules and consider consulting with a lawyer for guidance on how these rules and other applicable data privacy regulations could directly affect them.