Privacy Policy

Last updated: February 18, 2026

1. Introduction

DonorSuite ("we," "our," or "us") operates the donorsuite.cloud platform, a donor management and fundraising solution for non-profit organizations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you register for DonorSuite, we collect your name, email address, organization name, and account credentials. Organization administrators may add additional users to their account.

Donor Data

Organizations using DonorSuite store donor information including names, contact details, donation history, pledge records, and other relationship data. This data is owned by the organization and processed by DonorSuite on their behalf.

Payment Information

Online donations are processed through third-party payment gateways (Stripe, PayPal, Square, Braintree, Authorize.net, USAePay). We do not store full credit card numbers on our servers. Payment credentials are tokenized by the respective gateway and gateway API keys are stored using AES-256-GCM encryption at rest.

Usage Data

We collect information about how you interact with the platform, including pages visited, features used, and actions taken. This data is used to improve our service and provide audit logging capabilities.

3. How We Use Your Information

  • To provide and maintain the DonorSuite platform
  • To process online donations through integrated payment gateways
  • To send donation receipts and thank-you emails on behalf of organizations
  • To generate AI-powered email drafts when requested by authorized users
  • To notify relationship managers of new donations when enabled
  • To provide audit logging and activity tracking
  • To communicate with you about your account, updates, and support
  • To improve and develop new features for the platform

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data in the following circumstances:

  • Payment Processors: Donation data is shared with the payment gateway selected by the organization to process transactions.
  • AI Services: When generating thank-you emails, donor name and donation details are sent to OpenAI for content generation. No data is retained by OpenAI for training.
  • Email Delivery: Recipient email addresses and message content are processed through our email infrastructure to deliver receipts and notifications.
  • Legal Requirements: We may disclose information if required by law, regulation, or legal process.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • Payment gateway credentials encrypted with AES-256-GCM at rest
  • PCI-compliant payment processing via tokenization (no raw card data touches our servers)
  • JWT-based authentication with automatic token expiration
  • Role-based access controls (Owner, Admin, User roles)
  • Regular automated database backups

6. Data Retention

Organization data is retained for as long as the account is active. When an organization cancels their account, we will delete their data within 90 days of the cancellation date, unless retention is required by law. Audit logs are retained according to the organization's plan tier.

7. Multi-Tenant Isolation

DonorSuite is a multi-tenant platform. Each organization's data is logically isolated and accessible only to authenticated users within that organization. Organization data is never shared across tenants.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Export your organization's data
  • Opt out of non-essential communications

9. Cookies

DonorSuite uses essential cookies and local storage for authentication and session management. We do not use third-party advertising or tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Your continued use of the service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@donorsuite.cloud.