Privacy Notice

1. Who We Are

DonorSeek is operated by Donor Seek Ltd, a company registered in New Zealand. We act as the data controller for personal information collected through our services. Where charities use DonorSeek to manage their donor data, they act as data controllers for that donor information, and DonorSeek acts as a data processor on their behalf.

If you have questions about your privacy, contact us at: privacy@donorseek.app

2. What Information We Collect

2.1 Account Information

When you create an account, we collect:

• Your name and email address
• A password (stored as a secure hash — we never store your plain-text password)
• Organisation name (for charity accounts)

2.2 Donor and Donation Data (Charity App)

Charities using DonorSeek upload or enter information about their donors and donations, which may include:

• Donor names and email addresses
• Donation amounts, dates, and descriptions
• Receipt history and delivery status

2.3 Donation Receipt Data (Donor App)

Donors using DonorSeek may upload or receive:

• Charitable donation receipts (including amounts and charity details)
• Scanned receipt images (Pro tier)
• Tax credit summaries generated from receipt data

2.4 Usage and Technical Data

When you use our services, we automatically collect certain technical data including:

• Log data (IP addresses, browser type, pages visited, timestamps)
• Device information
• Performance and error logs

2.5 Payment Information

Payment processing is handled entirely by Stripe. We do not collect or store full payment card details. We retain only transaction records (amount, date, subscription status) for billing and accounting purposes.

3. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the DonorSeek services
• Process transactions and manage your subscription
• Send you service notifications, such as email confirmation links and receipt delivery confirmations
• Respond to your enquiries and provide customer support
• Improve and develop our services (using anonymised, aggregated data)
• Comply with legal obligations, including tax and financial record-keeping requirements
• Protect against fraud, abuse, and security threats

We do not sell your personal information to third parties. We do not use your information for advertising purposes.

4. Legal Basis for Processing

We process your personal information on the following bases:

• Contract: Processing necessary to provide services you have signed up for.
• Legitimate interests: Improving our services, preventing fraud, and maintaining security.
• Legal obligation: Complying with New Zealand law, including the Privacy Act 2020.
• Consent: Where we rely on your consent (such as for optional marketing communications), you may withdraw it at any time.

5. Who We Share Your Information With

We may share your information with trusted third-party service providers who help us operate DonorSeek:

• Supabase — database hosting and authentication infrastructure
• Stripe — payment processing
• Resend / email providers — transactional email delivery
• Vercel — application hosting
• Xero — accounting integration (only when you connect your Xero account)

Each of these providers is contractually required to handle your data securely and only as directed by us. Some providers may store data outside New Zealand. Where this occurs, we ensure appropriate safeguards are in place.

We may also disclose your information if required to do so by law, or to protect the rights, property, or safety of DonorSeek, our users, or the public.

6. Data Retention

We retain your account information and data for as long as your account is active, or as needed to provide our services. If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it longer by law (for example, financial records required for tax purposes).

Donation and receipt records may be retained for up to 7 years to comply with financial record-keeping obligations under New Zealand law.

7. Security

We implement appropriate technical and organisational measures to protect your information against unauthorised access, disclosure, alteration, or destruction. These include:

• Encryption of data in transit (TLS) and at rest
• Secure password hashing using industry-standard algorithms
• Row-level security policies ensuring users can only access their own data
• Regular security reviews

No method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security, but we take reasonable steps to protect your information.

8. Cookies and Tracking

DonorSeek uses cookies and similar technologies for essential service functions, including authentication (keeping you logged in) and security. We do not use tracking cookies for advertising or cross-site tracking purposes.

You can configure your browser to refuse cookies, but doing so may affect the functionality of our service.

9. Your Rights

Under the New Zealand Privacy Act 2020, you have the right to:

• Access the personal information we hold about you
• Correct any personal information that is inaccurate or incomplete
• Request deletion of your personal information (subject to legal retention obligations)
• Object to certain types of processing
• Data portability — you may export your data at any time from within the application

To exercise any of these rights, contact us at privacy@donorseek.app. We will respond within 20 working days as required by the Privacy Act 2020.

If you believe your privacy rights have been breached, you may also lodge a complaint with the Office of the Privacy Commissioner at www.privacy.org.nz.

10. Children’s Privacy

DonorSeek is not directed at children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or legal obligations. We will notify you of material changes by email or via a notice within the application. The date at the top of this page indicates when the notice was last revised.

12. Contact Us

For any privacy-related questions, requests, or complaints, please contact us: