Login Initiate Demo
GOVERNANCE PROTOCOL // V4.0

Data Privacy &
Processing.

Institutional standards for cryptographic protection and data sovereignty. Updated March 15, 2026.

1. Institutional Commitment

Donateazy Technologies ("the Firm") operates as a Data Processor for its institutional clients and a Data Controller for its direct service engagements. This instrument outlines our rigorous protocols for the collection, retention, and cryptographic protection of sensitive personal and institutional information. We adhere strictly to the Information Technology Act (2000) and the Digital Personal Data Protection Act (DPDPA) 2023 of India, alongside global ISO/IEC 27001 standards.

2. Scope of Data Acquisition

We acquire data through the following vectors:

  • Institutional KYC: PAN, registration certifications, 80G/12A documentation, and administrative identity records.
  • Transactional Intelligence: Payment gateway identifiers, donation metadata, and statutory receipting information.
  • Behavioral Telemetry: Anonymized interaction logs, processing latencies, and systematic performance metrics.

3. Processing Rationale

Processing is restricted to the execution of statutory compliance requirements, the improvement of institutional operational efficiency, and the fulfillment of donor transparency obligations. Donateazy maintains a strict "No-Monetization" policy regarding client data; we do not trade, sell, or lease institutional intelligence to third-party entities for marketing purposes.

4. Cryptographic Security & Perimeter Defense

All sensitive data is encrypted at rest using AES-256 and in transit via TLS 1.3 protocols. Our infrastructure employs multi-layered perimeter defenses, including Web Application Firewalls (WAF) and real-time intrusion detection systems (IDS). Access to production environments is strictly limited based on the Principle of Least Privilege (PoLP) and secured via hardware-backed multi-factor authentication.

5. Data Subject Rights

Pursuant to the DPDPA 2023, data subjects (Donors, Volunteers, and Admins) retain the right to Information, Correction, and Erasure. Requests for data portability or permanent deletion of records may be initiated through the authorized Compliance Liaison. Note that erasure requests are subject to statutory retention mandates required by FCRA and Income Tax authorities.

Compliance Disclosure

For inquiries regarding our privacy posture or to initiate a data audit, please contact our Data Protection Officer at legal@donateazy.com.