1. Information We Collect

We collect the following types of information:

Account Information: Name, email address, organization name, and role when you create an account.
Usage Data: Information about how you interact with the Service, including pages visited, features used, and actions taken.
Donor Data: Information you enter about your organization's donors, contacts, and transactions. This data belongs to you and is stored in your organization's isolated database.
Payment Information: Billing details for your subscription. Payment card information is processed by our payment processor and is never stored on our servers.

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Process transactions and send related notices
Send technical notices, updates, and support messages
Respond to your comments and questions
Monitor and analyze usage patterns to improve user experience

We do not sell your personal information or your organization's donor data to third parties. We do not use your donor data for any purpose other than providing the Service to you.

3. Data Storage and Security

Your organization's data is stored in a dedicated, isolated PostgreSQL database. This means your donor records, transactions, and other data are completely separated from other organizations using Auradonors. We employ industry-standard security measures including:

Encrypted connections (TLS/SSL) for all data in transit
Encrypted storage for sensitive data at rest
Department-based access controls within your organization
Immutable audit logs tracking all data changes
Regular security reviews and updates

4. Third-Party Services

We integrate with the following third-party services to provide functionality within Auradonors. Data is shared with these services only as necessary to provide the features you enable:

Stripe / Authorize.Net: Payment processing for donations and transactions.
Postmark: Transactional email delivery (welcome emails, password resets, scheduled reports).
Smarty: Address validation for US and international addresses.
ShipStation: Shipping label generation and tracking (optional feature).
Mailchimp: Email list management and subscriber sync (optional feature).
Avalara: Tax calculation for applicable transactions (optional feature).

Each integration is optional and controlled by your organization's administrator. We only share the minimum data necessary for each integration to function.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you cancel your subscription, you may request a full export of your data within 30 days. After this period, your data will be securely deleted. Audit logs and immutable records are retained as required for compliance purposes.

6. Your Rights

You have the right to:

Access and export your organization's data at any time
Request correction of inaccurate personal information
Request deletion of your account and associated data
Object to processing of your personal information
Withdraw consent where processing is based on consent

7. Cookies

We use essential cookies required for the Service to function (authentication, session management). We do not use third-party tracking cookies or advertising cookies.

8. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at [email protected].