GiftAgreement.comGiftAgreement.com

Privacy Policy

Last updated: April 27, 2026

This Privacy Policy explains how GiftAgreement.com (the “Service”) collects, uses, and shares information about your institution and its users. This is a placeholder document intended to be reviewed and finalized by qualified legal counsel before commercial release.

1. Information We Collect

  • Account information: name, email address, role, and institution affiliation provided when an account is created or invited.
  • Customer content:gift agreements, fund records, donor information, audit results, comments, and supporting documents uploaded to the Service by your institution's users.
  • Usage data: log entries, IP addresses, request timestamps, and feature usage indicators used to operate and improve the Service.

2. How We Use Information

We use the information described above to provide and operate the Service, authenticate users, enforce organization-level access controls, generate AI-powered audit results, send transactional email, and provide customer support. We do not sell personal information.

3. Subprocessors

We share customer content with the following subprocessors only to the extent necessary to deliver the Service:

  • Supabase — managed PostgreSQL database, authentication, and file storage.
  • Vercel — application hosting and edge delivery.
  • Anthropic — Claude language models used to power audit and document analysis features. Anthropic processes content submitted to its API but does not use it to train its models.
  • OpenAI — text embeddings used to power semantic search across uploaded documents.
  • Twilio SendGrid — outbound and inbound email delivery.

4. Data Retention

Customer content is retained for the life of your institution's account. Upon written request from an authorized administrator, we will export and then delete your institution's data subject to any contractual or legal retention obligations.

5. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete personal information about you. Contact your institution's administrator first; if they cannot fulfill your request, contact us at the address below.

6. Security

We use industry-standard safeguards including TLS in transit, encryption at rest for our managed database and file storage, role- based access controls, and audit logging. No system is perfectly secure; please report suspected vulnerabilities through the contact page.

7. International Transfers

The Service is operated from the United States. By using the Service, you consent to the transfer of information to the United States and its processing by our subprocessors there.

8. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to your institution's administrator before they take effect.

9. Contact

Questions about this policy may be directed to our contact page.