1. Information We Collect

We collect the following types of information:

Account Information: Name, email address, organization name, and role when you create an account.
Usage Data: Information about how you interact with the Service, including pages visited, features used, and actions taken.
Donor Data: Information you enter about your organization's donors, contacts, and transactions. This data belongs to you and is stored in your organization's isolated database.
Payment Information: Billing details for your subscription. Payment card information is processed by our payment processor and is never stored on our servers.

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Process transactions and send related notices
Send technical notices, updates, and support messages
Respond to your comments and questions
Monitor and analyze usage patterns to improve user experience

We do not sell your personal information or your organization's donor data to third parties. We do not use your donor data for any purpose other than providing the Service to you.

3. Security and Data Handling

Tenant data isolation

Your organization's data is stored in a dedicated, isolated PostgreSQL database. Your donor records, transactions, and reports are not commingled with any other customer's data. Application-level controls and per-tenant database routing prevent cross-tenant access at multiple layers.

Encryption in transit and at rest

All connections between your browser and the platform use TLS. Sensitive fields — including authentication credentials, payment processor secrets, and multi-factor authentication seeds — are encrypted at rest using application-level data protection in addition to underlying disk encryption provided by our hosting infrastructure.

Backups and retention

The managed PostgreSQL service backing the platform takes automated backups on a regular cadence with point-in-time recovery available. Backups are stored in the same geographic region as primary data and are subject to the same access controls.

Staff access controls

Auradonors staff access to customer data is restricted to a small, named set of personnel and is granted only on a need-to-know basis for support, debugging, or operational purposes. Staff access is logged.

Audit logging

Every create, update, and delete on customer data is recorded in an immutable audit log attributed to a specific user. Audit logs are available to your organization's administrators for review.

Subprocessors and integrations

We rely on a small number of vetted subprocessors to deliver the Service. The current list is in Section 4. We share with each subprocessor only the minimum data required for the integration to function, and only when your organization has enabled the relevant feature.

Incident response

If we become aware of a security incident affecting customer data, we will investigate, take steps to contain and remediate the issue, and notify affected customers without undue delay. We do not currently hold any specific compliance certifications and do not represent otherwise.

Data export and deletion

You can export your organization's data at any time during your subscription. After cancellation, your data remains accessible for 90 days for export. After that period, we delete your data on the schedule described in Section 5. Audit logs and other records required for legal or compliance purposes may be retained beyond this window where applicable.

We follow industry-standard practices for application security, dependency management, and infrastructure hardening. We do not claim SOC 2, HIPAA, ISO 27001, or other formal certifications at this time.

4. Third-Party Services

We integrate with the following third-party services to provide functionality within Auradonors. Data is shared with these services only as necessary to provide the features you enable:

Stripe / Authorize.Net: Payment processing for donations and transactions.
Postmark: Transactional email delivery (welcome emails, password resets, scheduled reports).
Smarty: Address validation for US and international addresses.
ShipStation: Shipping label generation and tracking (optional feature).
Mailchimp: Email list management and subscriber sync (optional feature).
Avalara: Tax calculation for applicable transactions (optional feature).

Each integration is optional and controlled by your organization's administrator. We only share the minimum data necessary for each integration to function.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you cancel your subscription, your data remains accessible for 90 days, during which time you may request a full export at any time. After this period, your data will be securely deleted. Audit logs and immutable records may be retained beyond this window where required for legal or compliance purposes.

6. Your Rights

You have the right to:

Access and export your organization's data at any time
Request correction of inaccurate personal information
Request deletion of your account and associated data
Object to processing of your personal information
Withdraw consent where processing is based on consent

7. Cookies

We use essential cookies required for the Service to function (authentication, session management). We do not use third-party tracking cookies or advertising cookies.

8. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at [email protected].