Privacy Notice

Last updated: 1 March 2025

Donor Seek Ltd (“DonorSeek”, “we”, “us”, or “our”) is committed to protecting your personal information. This Privacy Notice explains what information we collect, how we use it, and your rights under the New Zealand Privacy Act 2020.

1. Who We Are

DonorSeek is operated by Donor Seek Ltd, a company registered in New Zealand. We act as the data controller for personal information collected through our services.

Questions? Contact us: privacy@donorseek.app

2. What Information We Collect

Account Information

  • Your name and email address
  • A password (stored as a secure hash — never plain-text)

Donation Receipt Data

  • Charitable donation receipts (amounts, charity details, dates)
  • Scanned receipt images (Pro tier, where you upload them)
  • Tax credit summaries generated from your receipt data

Usage and Technical Data

  • Log data (IP addresses, browser type, pages visited)
  • Device information and performance logs

Payment Information

Payment processing is handled entirely by Stripe. We do not store full payment card details — only transaction records for billing purposes.

3. How We Use Your Information

  • Provide, operate, and maintain the DonorSeek services
  • Process transactions and manage your subscription
  • Send service notifications (email confirmation, receipt delivery)
  • Respond to enquiries and provide customer support
  • Improve our services using anonymised, aggregated data
  • Comply with legal obligations
  • Protect against fraud, abuse, and security threats

We do not sell your personal information. We do not use it for advertising.

4. Who We Share Your Information With

We share data only with trusted providers who help us operate DonorSeek:

  • Supabase — database hosting and authentication
  • Stripe — payment processing
  • Resend / email providers — transactional email delivery
  • Vercel — application hosting

Each provider is contractually required to handle your data securely. Some may store data outside New Zealand with appropriate safeguards in place.

5. Data Retention

We retain your data for as long as your account is active. If you close your account, we will delete or anonymise your personal data within 90 days, except where required by law. Donation records may be retained for up to 7 years for financial record-keeping obligations.

6. Security

We protect your information with:

  • Encryption of data in transit (TLS) and at rest
  • Secure password hashing using industry-standard algorithms
  • Row-level security ensuring you can only access your own data
  • Regular security reviews

7. Cookies

We use cookies for essential service functions only — authentication (keeping you logged in) and security. We do not use tracking or advertising cookies. You can configure your browser to refuse cookies, but this may affect functionality.

8. Your Rights

Under the New Zealand Privacy Act 2020, you have the right to:

  • Access the personal information we hold about you
  • Correct any inaccurate or incomplete information
  • Request deletion of your personal data (subject to legal obligations)
  • Export your data at any time from within the application

Contact us at privacy@donorseek.app. We will respond within 20 working days.

You may also lodge a complaint with the Office of the Privacy Commissioner.

9. Children’s Privacy

DonorSeek is not directed at children under 18. We do not knowingly collect information from children. Please contact us if you believe we have done so inadvertently.

10. Changes to This Notice

We may update this Privacy Notice from time to time. We will notify you of material changes by email or via a notice in the application.

11. Contact Us

Donor Seek Ltd — Privacy Officer

New Zealand

Email: privacy@donorseek.app