Privacy Policy

Scope of This Policy

This Privacy Policy applies to GiftSentry websites, applications, and related services (collectively, the "Services"). GiftSentry is operated by EvaNeT.ai. This policy explains how we collect, use, and protect information when you use our platform as a donor, organization administrator, or visitor.

Information We Collect

Information You Provide

• Account Information: Name, email address, password, and organization details when you create an account
• Donation Information: Payment details, billing address, donation amounts, and designation preferences when you make a donation
• Organization Information: Tax ID, organization name, address, banking details for payment processing
• Event Information: Event details, ticket purchases, and attendance records
• Communications: Messages, support requests, and feedback you send us

Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, and time spent on the platform
• Device Information: IP address, browser type, operating system, and device identifiers
• Cookies: Session cookies for authentication and analytics cookies for platform improvement

How We Use Your Information

• Provide Services: Process donations, issue receipts, manage events, and deliver platform features
• Improve the Platform: Analyze usage patterns to enhance user experience and develop new features
• Communicate: Send transaction confirmations, important updates, and (with consent) marketing communications
• Security: Detect fraud, prevent abuse, and protect the integrity of our platform
• Compliance: Meet legal obligations including tax reporting and anti-money laundering requirements

Information Sharing

We share information only in these limited circumstances:

• With Organizations: When you donate, the receiving organization receives your name, email, donation amount, and any information you choose to share
• Payment Processors: Stripe processes all payments and receives necessary payment information
• Service Providers: Vetted providers who help us operate (hosting, analytics, support) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or to protect rights and safety

We never sell your personal information to third parties.

Donor Data & Organization Responsibilities

Organizations using GiftSentry are data controllers for their donor information. We process this data on their behalf as a data processor. Organizations are responsible for:

• Obtaining appropriate consent from donors
• Responding to donor data access and deletion requests
• Using donor data in compliance with applicable laws
• Maintaining their own privacy policies that govern donor relationships

Data Security

We implement robust security measures to protect your information:

• TLS encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Regular security audits and penetration testing
• SOC 2 Type II compliance practices
• Limited access controls and audit logging
• PCI DSS compliance for payment processing (via Stripe)

Data Retention

We retain data only as long as necessary for the purposes described in this policy or as required by law. Specifically:

• Donation Records: 7 years for tax and compliance purposes
• Account Information: Until you delete your account, plus 30 days
• Usage Analytics: Aggregated and anonymized after 2 years
• Support Communications: 3 years from resolution

Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request limited processing in certain circumstances
• Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@giftsentry.com.

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect and how it's used
• Right to delete personal information
• Right to opt-out of sales (we don't sell personal information)
• Right to non-discrimination for exercising your privacy rights

European Privacy Rights (GDPR)

For users in the European Economic Area, United Kingdom, or Switzerland, we process personal data based on:

• Contract: To provide services you've requested
• Legitimate Interests: To improve and secure our platform
• Consent: For optional marketing communications
• Legal Obligation: For compliance requirements

Data may be transferred to the United States with appropriate safeguards including Standard Contractual Clauses.

Cookies & Tracking

We use cookies for:

• Essential: Authentication, security, and core functionality
• Analytics: Understanding how users interact with our platform
• Preferences: Remembering your settings and choices

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

Children's Privacy

GiftSentry is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy and revising the "Last updated" date. For significant changes, we may also send email notifications.

Contact Us

For privacy-related questions or to exercise your rights, contact us:

• Email: privacy@giftsentry.com
• General Support: support@giftsentry.com

We aim to respond to all privacy inquiries within 30 days.