GiveeitGiveeit
Sign InDonate Now
Legal

Privacy Policy

Your privacy matters deeply to us. This document explains exactly what data we collect, why we collect it, and how we protect it โ€” in plain language, without legal jargon.

๐Ÿ“… Last Updated: March 29, 2026โœ… Effective From: January 1, 2025๐Ÿ‡ฎ๐Ÿ‡ณ Governed by Indian Law

Summary (TL;DR)

  • We collect only what is necessary โ€” name, email, mobile, PAN (for 80G), and payment confirmation.
  • We never sell your data to advertisers or data brokers.
  • Payment card details are handled exclusively by Razorpay โ€” we never see or store them.
  • Your 80G records are kept for 8 years as required by Indian tax law.
  • You can access, correct, or delete your data by emailing privacy@giveeit.in.

1. Overview & Scope

giveeit ("we", "our", or "us") is committed to protecting the privacy and personal data of every individual who interacts with our platform โ€” whether you are a donor, a campaign beneficiary, a partner NGO, or simply a visitor.

This Privacy Policy describes the categories of information we collect, the purposes for which it is used, how it is stored and protected, and the rights you hold as a data subject. It applies to all interactions with our website at giveeit.in, our mobile applications, and any services we provide through third-party integrations.

By using giveeit, you acknowledge that you have read and understood this policy. If you do not agree with any part of it, please discontinue use of our platform. For any privacy-related concerns, you may contact our Data Protection Officer at privacy@giveeit.in.

2. Information We Collect

We collect only the data that is necessary to deliver our services, comply with legal obligations, and improve your experience. This falls into three categories:

**2.1 Information You Provide Directly** When you register an account, donate, or update your profile, you may provide us with: your full name, email address, mobile number, postal address, PAN card number, Aadhaar number (for compliance only), and payment details. Payment card data is never stored on our servers โ€” it is handled exclusively by our PCI-DSS certified payment gateway, Razorpay.

**2.2 Information Collected Automatically** When you browse our platform, our servers automatically collect: your IP address, browser type and version, operating system, referring URL, pages visited, time spent on each page, and device identifiers. This is standard web server logging and is used solely for security, analytics, and performance optimisation.

**2.3 Information From Third Parties** If you authenticate using a third-party service (such as Google Sign-In), we receive basic profile information โ€” name and email โ€” as permitted by that service's OAuth scope. We do not receive your passwords or payment details from any third party.

3. How We Use Your Information

We process your personal data for the following purposes, each grounded in a legitimate legal basis:

Fulfilling Donations:

To process your contribution, generate a payment receipt, allocate funds to the correct campaign, and send your donation confirmation. Legal basis: contractual necessity.

80G Tax Certificate Issuance:

Your name, PAN number, and donation amount are used to prepare a valid 80G certificate as required under Section 80G of the Income Tax Act, 1961. Legal basis: legal obligation.

Account Management:

To create and maintain your donor account, authenticate your identity, and allow you to view your donation history and subscription status. Legal basis: contractual necessity.

Communication:

To send you transaction confirmations, campaign updates, annual tax certificates, and (with your explicit consent) newsletters and impact reports. You may opt out of marketing communications at any time. Legal basis: consent and legitimate interest.

Platform Security & Fraud Prevention:

To detect and prevent fraudulent transactions, suspicious login attempts, and misuse of our services. Legal basis: legitimate interest.

Regulatory Compliance:

To maintain records required under the FCRA (Foreign Contribution Regulation Act), Income Tax Act, and guidelines issued by the Ministry of Home Affairs. Legal basis: legal obligation.

Product Improvement:

Anonymised, aggregated usage data helps us improve platform performance and user experience. No individual is identifiable in this analysis. Legal basis: legitimate interest.

4. Data Sharing & Disclosure

giveeit does not sell, rent, or trade your personal data. We share it only in the following limited circumstances:

Payment Processors:

Transaction data is shared with Razorpay to facilitate payment authorisation and settlement. Razorpay operates under its own privacy policy and is PCI-DSS Level 1 certified.

Partner NGOs:

When you donate to a specific campaign, the campaign's managing NGO receives your name and donation amount to acknowledge your contribution and maintain their own 80G records. They do not receive your PAN, mobile number, or payment details.

Government & Regulatory Bodies:

We disclose donor records to the Income Tax Department, Ministry of Home Affairs (FCRA filings), and other statutory bodies when legally required. We will notify you of such disclosures where permitted by law.

Service Providers:

We engage carefully vetted third-party vendors โ€” such as cloud hosting providers (AWS), email delivery services, and analytics platforms โ€” who process data on our behalf under strict data processing agreements. They may not use your data for their own purposes.

Business Transfers:

If giveeit undergoes a merger, acquisition, or asset sale, your data may be transferred to the successor entity. We will notify you via email and a prominent site notice at least 30 days before any such transfer.

With Your Consent:

Any other sharing requires your explicit, informed consent, which you may withdraw at any time.

5. Data Retention

We retain your personal data for as long as is necessary to fulfil the purposes described in this policy, or as required by applicable law โ€” whichever is longer.

Donation Records & 80G Data:

Retained for a minimum of 8 years from the date of donation, in accordance with the Income Tax Act and FCRA requirements.

Account Data:

Retained for the duration of your active account, plus 3 years after account closure (to handle any late legal or regulatory queries).

Browsing & Analytics Logs:

Retained for a maximum of 13 months in anonymised form. Raw server logs containing IP addresses are purged within 90 days.

Marketing Preferences:

Retained until you withdraw consent or delete your account.

When the applicable retention period expires, data is securely deleted or irreversibly anonymised. You may request early deletion of non-legally-mandated data by contacting us at privacy@giveeit.in.

6. Security Measures

We implement technical and organisational safeguards proportionate to the sensitivity of the data we hold:

Encryption in Transit:

All data exchanged between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints and use HSTS headers to prevent downgrade attacks.

Encryption at Rest:

Sensitive fields (PAN numbers, Aadhaar references) are encrypted at the database level using AES-256. Payment card data is never stored on our infrastructure.

Access Controls:

Personal data is accessible only to authorised staff on a need-to-know basis. All internal access is logged, reviewed, and protected by multi-factor authentication.

Regular Audits:

We conduct quarterly internal security reviews and an annual third-party penetration test. Critical vulnerabilities are patched within 48 hours.

Incident Response:

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware, in compliance with applicable data protection laws.

Despite these measures, no digital system is completely immune to risk. We encourage you to use a strong, unique password and to log out of shared devices after each session.

7. Cookies & Tracking Technologies

giveeit uses cookies and similar technologies to deliver a functional, secure, and personalised experience.

Strictly Necessary Cookies:

These enable core features โ€” authentication sessions, CSRF protection, and payment flow continuity. They cannot be disabled without breaking core functionality.

Analytics Cookies:

We use anonymised analytics (Google Analytics 4, with IP anonymisation enabled) to understand how visitors navigate our platform. You may opt out via your browser settings or the Google Analytics Opt-out Browser Add-on.

Preference Cookies:

These remember your language setting, currency preference, and notification choices across sessions.

No Third-Party Advertising Cookies:

We do not use cookies for behavioural advertising or cross-site tracking. We do not participate in advertising networks.

You may manage or delete cookies through your browser settings at any time. Disabling non-essential cookies will not impair your ability to donate or access your account.

8. Your Rights

Subject to applicable Indian data protection law (the Digital Personal Data Protection Act, 2023, and rules thereunder), you hold the following rights with respect to your personal data:

Right of Access:

You may request a copy of all personal data we hold about you.

Right to Correction:

You may request correction of inaccurate or incomplete data at any time โ€” this can also be done directly from your dashboard under Profile Settings.

Right to Erasure:

You may request deletion of your personal data. We will honour this request unless retention is required by law (e.g., 80G donation records under the Income Tax Act).

Right to Withdraw Consent:

Where processing is based on your consent (e.g., marketing emails), you may withdraw that consent at any time via the unsubscribe link in any email, or through your account notification settings.

Right to Data Portability:

You may request your donation history and account data in a machine-readable format (JSON or CSV).

Right to Grievance Redressal:

If you believe we have mishandled your data, you may file a complaint with our Grievance Officer (details below) or escalate to the Data Protection Board of India once operational.

To exercise any of these rights, email privacy@giveeit.in with the subject line "Data Rights Request". We will acknowledge your request within 3 business days and resolve it within 30 days.

9. Children's Privacy

giveeit's platform is designed for individuals aged 18 years and above. We do not knowingly collect personal data from persons under 18. If a parent or guardian believes that their child has provided us with personal information, they should contact us immediately at privacy@giveeit.in and we will delete that data without delay.

Campaign content may depict beneficiary children for the purpose of illustrating social causes. All such images are obtained with the written consent of the child's parent or legal guardian, and appropriate steps are taken to preserve their dignity and anonymity where requested.

10. Cross-Border Data Transfers

giveeit is based in India and primarily processes data within India. However, some of our third-party service providers (such as cloud infrastructure providers) may process data in other jurisdictions, including the United States and the European Economic Area.

When data is transferred outside India, we ensure that adequate safeguards are in place โ€” including Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms as prescribed by the Digital Personal Data Protection Act, 2023.

FCRA donations from abroad are processed in compliance with all FEMA (Foreign Exchange Management Act) and FCRA regulations, and reported to the Ministry of Home Affairs as required.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

โ€ข Post the updated policy on this page with a revised "Last Updated" date

  • Send an email notification to all registered users at least 14 days before the changes take effect
  • Display a prominent banner on our website during the notice period

Your continued use of giveeit after the effective date of any update constitutes your acceptance of the revised policy. If you do not agree with the changes, you may close your account by contacting support@giveeit.in.

We encourage you to review this policy periodically. The version history is available upon request.

12. Contact & Grievance Officer

For any privacy-related queries, data rights requests, or concerns, please reach out to us:

**Data Protection & Grievance Officer** giveeit Foundation 123, Sector 14, Gurugram, Haryana โ€“ 122001, India

Email: privacy@giveeit.in Phone: +91 8006774166 (Monโ€“Fri, 10 AM โ€“ 6 PM IST) Response time: Within 3 business days

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India (once notified and operational under the DPDP Act, 2023), or approach the relevant consumer forum under the Consumer Protection Act, 2019.

Questions? Email us at privacy@giveeit.in

P

Priya S. from Mumbai

just donated โ‚น500 to Child Education