Privacy Policy
Effective Date: January 1, 2025 | Last Updated: January 1, 2025
Table of Contents
1. Introduction
RhemaGive ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our donation management platform and services.
By using our services, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Personal Information You Provide
Donor Information:
- Full name (required for donation processing)
- Email address (for receipts and communication)
- Phone number (for SMS notifications and verification)
- Payment information (processed securely through third-party providers)
- Donation amount and frequency
- Anonymous donation preferences
- Any notes or messages you provide with your donation
Administrative User Information:
- Email address and password
- First and last name
- Role and permissions within the platform
- Account activity and login information
2.2 Automatically Collected Information
Technical Data:
- IP addresses and device identifiers
- Browser type and version
- Operating system information
- Access times and pages visited
- Referral sources and website navigation patterns
Cookies and Tracking Technologies:
- Authentication cookies (auth_token) for secure login sessions
- Session management and security tokens (PASETO tokens)
- Functional cookies for website operation
- Analytics cookies to improve our services
2.3 Financial Transaction Data
- Transaction references and processor references
- Payment method details (card type, last 4 digits)
- Payment status and gateway responses
- Currency and amount information
- Bank account details for payouts (encrypted and tokenized)
3. How We Use Your Information
3.1 Primary Purposes
Donation Processing:
- Process and confirm your donations
- Generate and send donation receipts
- Maintain donation records for tax compliance
- Facilitate recurring donations
Communication:
- Send donation confirmations and receipts
- Provide updates on campaigns
- Send administrative notifications
- Respond to inquiries and support
Platform Operations:
- Authenticate and authorize user access
- Maintain audit logs for security
- Generate reports and analytics
- Ensure platform security and prevent fraud
Legal Compliance:
- Comply with financial regulations
- Maintain records as required by law
- Respond to legal requests
- Prevent money laundering and fraud
4. Information Sharing and Disclosure
4.1 Third-Party Service Providers
Payment Processors:
We use the following payment providers to process donations:
- PayStack: For card and mobile money payments
- PaySwitch (TheTeller): For local banking integration
- Hubtel: For mobile money and SMS services
- Arkesel: For SMS services
These providers have their own privacy policies and security measures. We only share information necessary for payment processing.
Communication Services:
- SMTP Email Services: For sending donation receipts and notifications
- SMS Providers: For mobile notifications and verification
Infrastructure Providers:
- Database Services: PostgreSQL for secure data storage
- Redis: For session management and caching
- Cloud Hosting: For platform infrastructure
5. Data Security
5.1 Security Measures
Technical Safeguards:
- Data encryption in transit and at rest
- Secure PASETO token authentication
- Regular security audits
- Secure database configurations
- Multi-factor authentication
Operational Safeguards:
- Role-based access controls
- Comprehensive audit logging
- Regular security training
- Incident response procedures
- Secure backup processes
Payment Security:
- PCI DSS compliance
- Payment data tokenization
- No storage of complete card info
- Secure payment gateways
- Fraud detection systems
5.2 Data Retention
Donation Records:
- Maintained for 7 years
- Required for tax compliance
- Anonymized data for statistics
Account Information:
- While account is active
- Annual review for inactive accounts
- Audit logs for 3 years
Communication Logs:
- Email/SMS logs for 2 years
- Marketing preferences retained
- Support communications archived
6. Your Privacy Rights
6.1 Access and Control
- Request copies of your personal information
- View your donation history and account details
- Access audit logs related to your account
- Correct errors in your donation records
- Update your contact information
- Modify communication preferences
6.2 Data Deletion
- Request deletion of your account
- Withdraw consent for marketing communications
- Request anonymization of donation records
- Opt out of marketing emails
- Opt out of SMS notifications
- Control notification types and frequency
Note: Some data retention may be required by law for tax and financial compliance purposes.
11. Contact Information
For questions about this Privacy Policy or our privacy practices, please contact us:
Acknowledgment: By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy.
Last Review Date: January 1, 2025 | Next Scheduled Review: January 1, 2026