Privacy Policy

Scope of This Policy

This Privacy Policy applies to GiftSentry websites, applications, and related services (collectively, the "Services"). GiftSentry is operated by EvaNeT.ai. This policy explains how we collect, use, and protect information when you use our platform as a donor, organization administrator, or visitor.

Information We Collect

Information You Provide

• Account Information: Name, email address, password, and organization details when you create an account
• Donation Information: Payment details, billing address, donation amounts, and designation preferences when you make a donation
• Organization Information: Tax ID, organization name, address, banking details for payment processing
• Event Information: Event details, ticket purchases, and attendance records
• Communications: Messages, support requests, and feedback you send us

Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, and time spent on the platform
• Device Information: IP address, browser type, operating system, and device identifiers
• Cookies: Session cookies for authentication and analytics cookies for platform improvement

How We Use Your Information

• Provide Services: Process donations, issue receipts, manage events, and deliver platform features
• Improve the Platform: Analyze usage patterns to enhance user experience and develop new features
• Communicate: Send transaction confirmations, important updates, and (with consent) marketing communications
• Security: Detect fraud, prevent abuse, and protect the integrity of our platform
• Compliance: Meet legal obligations including tax reporting and anti-money laundering requirements

Google API Data (Gmail, Calendar, Tasks)

If you choose to connect your Google account, we access and process certain information from Google APIs to provide features such as email workflows, calendar syncing, and task management. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What we access

• Account: Basic profile and email address to identify the connected Google account
• Gmail: Email message metadata and content to display your inbox and perform actions you request (e.g., read, label, archive, trash, send)
• Google Calendar: Calendars and events to display, create, update, and delete events you request
• Google Tasks: Task lists and tasks to display, create, update, complete, and delete tasks you request

What we store

• Encrypted tokens: Access and refresh tokens are stored encrypted so we can maintain your connection
• Calendar event cache (feature-dependent): For certain features (for example, household sharing and automations), we may cache calendar event fields (such as title, time range, description, location, and an event link) so the feature can run reliably

Limited Use commitments

• We use Google API data only to provide and improve user-facing features you’ve requested
• We do not sell Google API data, and we do not use it for advertising or marketing profiling
• We do not allow humans to read your Google API data except as needed for security, fraud prevention, compliance, support you request, or to comply with law
• You can disconnect Google at any time, which stops further access

Information Sharing

We share information only in these limited circumstances:

• With Organizations: When you donate, the receiving organization receives your name, email, donation amount, and any information you choose to share
• Payment Processors: Stripe processes all payments and receives necessary payment information
• Service Providers: Vetted providers who help us operate (hosting, analytics, support) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or to protect rights and safety

We never sell your personal information to third parties.

Donor Data & Organization Responsibilities

Organizations using GiftSentry are data controllers for their donor information. We process this data on their behalf as a data processor. Organizations are responsible for:

• Obtaining appropriate consent from donors
• Responding to donor data access and deletion requests
• Using donor data in compliance with applicable laws
• Maintaining their own privacy policies that govern donor relationships

Data Security

We implement robust security measures to protect your information:

• TLS encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Regular security audits and penetration testing
• SOC 2 Type II compliance practices
• Limited access controls and audit logging
• PCI DSS compliance for payment processing (via Stripe)

Data Retention

We retain data only as long as necessary for the purposes described in this policy or as required by law. Specifically:

• Donation Records: 7 years for tax and compliance purposes
• Account Information: Until you delete your account, plus 30 days
• Usage Analytics: Aggregated and anonymized after 2 years
• Support Communications: 3 years from resolution
• Integration Tokens: Stored encrypted until you disconnect the integration (or as needed to keep the connection active)
• Integration Feature Caches: Retained as needed to provide the feature (for example, calendar event caches for sharing/automation) and subject to periodic cleanup and deletion when you disconnect

Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request limited processing in certain circumstances
• Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@giftsentry.com.

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect and how it's used
• Right to delete personal information
• Right to opt-out of sales (we don't sell personal information)
• Right to non-discrimination for exercising your privacy rights

European Privacy Rights (GDPR)

For users in the European Economic Area, United Kingdom, or Switzerland, we process personal data based on:

• Contract: To provide services you've requested
• Legitimate Interests: To improve and secure our platform
• Consent: For optional marketing communications
• Legal Obligation: For compliance requirements

Data may be transferred to the United States with appropriate safeguards including Standard Contractual Clauses.

Cookies & Tracking

We use cookies for:

• Essential: Authentication, security, and core functionality
• Analytics: Understanding how users interact with our platform
• Preferences: Remembering your settings and choices

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

Children's Privacy

GiftSentry is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy and revising the "Last updated" date. For significant changes, we may also send email notifications.

Contact Us

For privacy-related questions or to exercise your rights, contact us:

• Email: privacy@giftsentry.com
• General Support: support@giftsentry.com

We aim to respond to all privacy inquiries within 30 days.