charity·iqCharity-IQ
Sign inStart

v1v1 — pending legal review by an Iraqi lawyer before public launch. Operators reviewing this should treat as a draft.

04 · Privacy

Privacy Policy

Effective May 3, 2026

This policy describes what we collect, how we use it, who we share it with, and how long we keep it. Plain language is the goal — if anything is unclear, contact us.

1. Who we are

Charity-IQ is operated by Charity-IQ. For privacy questions, contact us at support@charity-iq.dev.

2. What we collect

From donors: Phone number (captured automatically from Zain Cash at payment), donation amount and timestamp, optional donor display name and message (only if entered).

From charities: Organization name (Arabic and English), contact email, contact phone, manager name, registration documents you upload, campaign content you publish.

From charity admins: Email and password (for login), session cookie.

We do NOT collect: Donor real names by default, donor IP addresses for tracking, browser fingerprints, payment card data (Stripe holds card data; we never see it), Zain Cash credentials in plaintext (encrypted at rest with AES-256-GCM).

3. How we use it

  • Operate the platform: route donations, generate receipts, send transactional emails.
  • Anchor every donation's hash on Polygon mainnet (publicly visible — see How it works).
  • Provide charity dashboards.
  • Send transactional emails (signup confirmation, admin notifications, approval / rejection, password reset, campaign expiry summary).
  • We do NOT use your data for marketing, advertising, or sale to third parties. We do NOT show ads.

4. Who we share with

Zain Cash: Payment processing (donor phone, transaction amount).

Stripe: Subscription billing for charities (charity contact email, billing details). Card data goes directly to Stripe.

Polygon network: Donation hashes (no personal data — only Merkle proofs).

Resend: Transactional email delivery (recipient email and email content).

Cloudflare R2: File storage (charity logos, documents, campaign images).

Tatum: Polygon RPC gateway (anchor transaction broadcasting).

5. Storage and retention

  • Donor phones are encrypted at rest. Retained for receipt durability — donations are permanent records.
  • Charity data is retained for the lifetime of the charity account. Account closure via contact request.
  • On-chain anchor records cannot be deleted by anyone — they live on Polygon permanently.

6. Cookies and sessions

  • Charity admin session cookie (HttpOnly, Secure, sameSite=Lax) for login.
  • No advertising cookies, no third-party tracking cookies, no analytics cookies in v1.

7. Children

The platform is not intended for users under 18. Charities must represent registered organizations, not individuals.

8. Your rights

  • Charities can edit operational profile data via the dashboard.
  • Donor data deletion requests: contact us. Note: published donations cannot be removed from the on-chain record. We can mark database entries for redaction but the Merkle proof remains.

9. Changes to this policy

We will update the date at the top and notify charities by email if changes are material.

10. Contact

Email us at support@charity-iq.dev.