Privacy Policy

DonorDesk (“we”, “our”, “us”) is a software-as-a-service (SaaS) platform built for Indian NGOs to manage donors and generate 80G tax certificates. This Privacy Policy describes how we collect, use, and protect your information when you use our platform at donordesk.vercel.app.

Account information: When you register, we collect your NGO name, email address, and password (encrypted with bcrypt).

NGO profile data: Registration numbers (80G, 12A, FCRA), PAN, bank details, and signatory information that you enter for certificate generation.

Donor data: Names, email addresses, phone numbers, PAN numbers, and donation history that you enter for your donors. This data belongs to your NGO.

Usage data: Basic server logs including IP addresses and browser information for security and debugging purposes.

Payment data: Online donations are processed by Razorpay. We do not store card numbers or UPI credentials. We only store the transaction reference ID provided by Razorpay.

• To provide and operate the DonorDesk service
• To generate 80G certificates and send them to donors
• To send service-related emails (receipts, notifications)
• To improve the platform based on usage patterns
• To comply with legal obligations

We do not use your donor data for marketing, sell it to third parties, or share it with advertisers.

Your data is stored in a managed MySQL database hosted in India. We use industry-standard security practices including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Bcrypt password hashing — we never store plaintext passwords
• Role-based access control — staff only see data they need
• Multi-tenant isolation — each NGO's data is strictly separated

DonorDesk is a multi-tenant platform. Each NGO account (tenant) is completely isolated — your donor data, certificates, and settings cannot be accessed by other NGOs on the platform. Every database query is filtered by your unique tenant ID.

We use the following third-party services:

• Razorpay — for processing online donations. Subject to Razorpay's Privacy Policy.
• WATI — optional WhatsApp integration for certificate delivery. Only activated if you configure it.
• Vercel — our hosting provider. Subject to Vercel's Privacy Policy.

We retain your account data for as long as your account is active. Donor and donation records are retained indefinitely as they may be required for tax compliance and audit purposes. You may request deletion of your account by contacting us, subject to any legal retention obligations.

You have the right to:

• Access all data stored about your NGO
• Export your donor and donation data
• Correct inaccurate information
• Request deletion of your account
• Opt out of marketing communications

To exercise these rights, contact us at privacy@donordesk.in.

We use session cookies for authentication (NextAuth.js) and do not use tracking or advertising cookies. You can disable cookies in your browser, but this will prevent you from logging in.

We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes. Continued use of the service after changes constitutes acceptance of the updated policy.

For privacy-related questions, contact us at: