Privacy Policy

1. Introduction

DonorOS, operated by NorthPath Strategies ("we," "us," or "our"), provides an AI-powered fundraising operating system for nonprofit organizations. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our platform at os.donoros.com and related services.

By using DonorOS, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect:

• Name, email address, and organization name
• Role and team membership information
• Account credentials (managed securely via Supabase Auth)

Organization Data

To power AI features, we collect and store:

• Organization profiles, mission statements, and program details
• Donor records, donation history, and engagement data
• Grant proposals, applications, and funder research
• Email templates and journey configurations
• Website content and donation page configurations

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank account details on our servers. We may store Stripe customer IDs and subscription metadata for billing purposes.

Usage Data

We automatically collect:

• Pages visited, features used, and actions taken within the platform
• Browser type, device information, and IP address
• Performance metrics and error logs

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the DonorOS platform
• Power AI features including grant proposal generation, donor intelligence scoring, and journey automation
• Process payments and manage subscriptions via Stripe
• Send transactional emails (via SendGrid) such as journey emails and notifications
• Provide customer support and respond to inquiries
• Analyze usage patterns to improve the user experience
• Ensure security and prevent fraud

4. Third-Party Services

DonorOS integrates with the following services to deliver our platform:

5. Data Security

We implement industry-standard security measures including:

• Row-level security (RLS) ensuring organizations can only access their own data
• Role-based access control with six distinct permission levels
• Comprehensive audit logging for all data access and modifications
• Encryption in transit (TLS) and at rest
• Rate limiting and CSRF protection on all API endpoints
• Content Security Policy (CSP) headers

6. Cookies

We use essential cookies for authentication and session management. We also use analytics cookies (PostHog) to understand how the platform is used. You can manage your cookie preferences through the consent banner displayed on your first visit.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as audit logs).

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing activities
• Export your data in a portable format
• Opt out of analytics tracking

To exercise any of these rights, contact us at info@northpathstrategies.org.

9. Children's Privacy

DonorOS is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the platform after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us: