Privacy Policy

1. Introduction & Scope

Grace Imaran Foundation Africa ("GIFA," "we," "our," or "us") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains in detail how we collect, use, disclose, and safeguard your information when you visit our website at gifafrica.org and use our medical crowdfunding platform and related services.

Please read this Privacy Policy carefully. By accessing or using GIFA, you acknowledge that you have read, understood, and agree to be bound by this entire Privacy Policy. If you do not agree with our privacy practices, please do not use our platform.

2. Information We Collect

2.1 Personal Information You Provide Directly

We collect personal information that you voluntarily provide to us when you interact with our platform:

• Account Registration: Full name, email address, password, phone number, country/location, and date of birth
• Profile Information: Profile photos, biographical information, social media links, and personal preferences
• Payment Information: Bank account details, mobile money numbers, PayPal accounts, cryptocurrency wallets, and billing addresses. Note: Payment information is processed through PCI DSS compliant third-party providers and is not stored on our servers
• Medical Information: For campaign creators, we collect medical diagnoses, treatment details, hospital names, doctor information, cost estimates, and medical documentation (hospital reports, doctor letters, prescription copies)
• Identification Documents: National ID, passport, driver's license, or similar government-issued identification for verification purposes
• Beneficiary Information: For campaigns, we may collect photos, personal stories, family information, and medical history of the beneficiary
• Communication Data: Messages, comments, reviews, feedback, and correspondence with our team or other users
• Donation Details: Donation amounts, timing, cause preferences, and optional donor messages

2.2 Information Collected Automatically

When you access our platform, we automatically collect certain information:

• Device Information: Device type, operating system, browser type and version, device identifiers, and device settings
• Usage Data: Pages viewed, time spent on pages, links clicked, features used, searches performed, and navigation patterns
• Location Information: IP address, country, region, and approximate geographic location based on IP geolocation. We do not collect precise GPS coordinates unless you enable location services
• Log Data: Server logs containing access times, pages accessed, referrer pages, and error messages
• Cookies and Tracking Technologies: Unique identifiers, session tokens, and preferences stored via cookies and similar technologies

2.3 Third-Party Sources

We may also receive information about you from third parties:

• Payment processors and banks (for transaction verification)
• Healthcare providers and hospitals (for campaign verification)
• Identity verification services and fraud prevention platforms
• Social media platforms (if you choose to link your social account)

3. How We Use Your Information

We use the information we collect for various legitimate purposes:

• Platform Operations: Creating and maintaining your account, processing transactions, and delivering services
• Payment Processing: Securely processing donations, transferring funds to beneficiaries, and managing financial records
• Verification & Fraud Prevention: Verifying user identity, validating campaigns, confirming payment accounts, detecting fraudulent activities, and preventing abuse
• Communications: Sending account updates, donation confirmations, campaign status notifications, verification updates, and customer support responses
• Marketing & Engagement: Sending newsletters, promotional content, featured cause updates, and platform announcements (you can opt out anytime)
• Service Improvement: Analyzing usage patterns, identifying features to improve, conducting user research, and optimizing platform performance
• Legal Compliance: Complying with laws and regulations, responding to legal requests, and enforcing our terms of service
• Safety & Security: Protecting against fraud, abuse, and security threats; monitoring for suspicious activities; and maintaining platform integrity
• Analytics & Reporting: Generating aggregated statistics about platform usage, campaign outcomes, and fundraising trends
• Dispute Resolution: Handling complaints, disputes, and investigations

4. Information Sharing & Disclosure

4.1 What Information We Do Not Share

We do not sell, rent, lease, or trade your personal information to third parties for commercial purposes.Your privacy is not a commodity, and we do not profit from selling your data.

4.1 Third Parties We May Share With

We may share your information with the following categories of recipients when necessary:

• Payment Processors & Financial Institutions: Your payment information is shared with our payment processing partners (banks, mobile money providers, PayPal, cryptocurrency exchanges) to process donations and transfers
• Service Providers: Third-party vendors who provide services on our behalf (hosting providers, email services, analytics platforms, fraud detection services, customer support platforms) under strict data protection agreements
• Healthcare Providers: Hospital information from campaigns may be shared with the respective healthcare facility for verification purposes
• Public Campaign Information: If you create a cause, certain information is publicly displayed: your name (unless anonymous), cause story, donation updates, and progress notifications. Beneficiary information is shared with the public as part of the campaign
• Legal Authorities: We may disclose information when required by law, court order, government request, or when we believe disclosure is necessary to protect legal rights, safety, or public interest
• Fraud Prevention Partners: Information about suspected fraud may be shared with fraud prevention services and law enforcement
• Business Transfers: If GIFA merges with or is acquired by another organization, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information

4.3 Anonymous Donations

If you choose to donate anonymously, your name will not be publicly displayed on the campaign or donation lists. However, we retain your identifying information in our internal records for:

• Transaction processing and record-keeping
• Tax and financial reporting compliance
• Legal and regulatory requirements
• Fraud detection and prevention

5. Data Security & Protection

We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data transmitted between your device and our servers is encrypted using 256-bit SSL/TLS encryption
• Payment Security: Payment processing complies with PCI DSS Level 1 standards. Payment information is tokenized and never fully stored on our servers
• Access Controls: Employee access to personal information is restricted on a need-to-know basis. All staff sign confidentiality agreements
• Authentication: We use secure password requirements, two-factor authentication options, and session management
• Security Audits: We conduct regular security audits, penetration testing, and vulnerability assessments
• Firewalls & Intrusion Detection: Our infrastructure uses firewalls, intrusion detection systems, and DDoS protection
• Data Backups: We maintain secure backups of data with redundancy and disaster recovery procedures
• Incident Response: We have procedures to detect, respond to, and recover from security incidents

Important: While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security, and you use our platform at your own risk. If you discover a security vulnerability, please report it to support@gifafrica.org immediately.

6. Data Retention

We retain your information for as long as necessary to provide services, comply with legal obligations, and resolve disputes:

• Active Account Data: While your account is active, we retain all account and transaction information
• After Account Deletion: After you delete your account, we retain information for 90 days to handle disputes and chargebacks
• Financial Records: Transaction records, receipts, and financial data are retained for 7 years for tax and legal compliance
• Verification Records: Campaign verification documents are retained for 5 years
• Legal Hold: If we receive a legal request or notice, we may retain information longer than normal retention periods
• Aggregate Data: We may retain anonymized, aggregated data indefinitely for analytics and reporting

7. Your Privacy Rights & Choices

7.1 Access & Portability

You have the right to request access to the personal information we hold about you. You can download your data in a portable, machine-readable format. Contact support@gifafrica.org to request your data.

7.2 Correction & Update

You have the right to correct inaccurate or incomplete information. You can update most information through your account settings or contact our support team.

7.3 Deletion & Erasure

You have the right to request deletion of your personal information, subject to legal and operational requirements. We will delete your account and associated data within 30 days, except where we must retain information for legal, tax, or fraud prevention purposes.

7.4 Opt-Out of Communications

You can opt out of marketing emails and promotional communications anytime by:

• Clicking the "unsubscribe" link in any email from us
• Adjusting communication preferences in your account settings
• Contacting us at support@gifafrica.org

Note: Even if you opt out of marketing communications, we will still send transaction confirmations, verification updates, and other service-related notifications.

7.5 Cookie Management

You can control cookies through your browser settings:

• Block all cookies
• Accept only first-party cookies
• Delete cookies after each session
• Opt out of third-party tracking

Note: Disabling cookies may affect platform functionality and prevent proper account access.

7.6 Do Not Track (DNT)

Some browsers include a DNT feature. Currently, our platform does not respond to DNT signals, but we respect your privacy choices through the other mechanisms outlined in this policy.

8. GDPR Compliance (European Users)

If you are a resident of the European Union, United Kingdom, or EEA, the General Data Protection Regulation (GDPR) provides you with additional privacy rights:

• Legal Basis: We process your data based on your consent, contract performance, legal obligation, or legitimate interests
• Data Subject Rights: You have the right to access, correct, erase, restrict processing, object to processing, and request portability of your data
• Withdrawal of Consent: You can withdraw consent at any time without affecting the lawfulness of prior processing
• Data Protection Authority: You have the right to lodge a complaint with your local data protection authority
• International Transfers: If we transfer data outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses

To exercise GDPR rights, contact our Data Protection Officer at privacy@gifafrica.org.

9. CCPA Compliance (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights:

• Right to Know: You can request what personal information we collect and how it's used
• Right to Delete: You can request deletion of personal information (with exceptions)
• Right to Opt-Out: You can opt out of the sale of personal information (note: we don't sell data)
• Right to Limit Use: You can limit our use of sensitive personal information
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, email support@gifafrica.org or visit our privacy portal.

10. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Functional Cookies: Enable core platform features (authentication, preferences, settings)
• Analytics Cookies: Track usage patterns to improve our platform
• Advertising Cookies: Enable targeted ads (only with consent)
• Social Media Cookies: Allow integration with social platforms
• Session Tokens: Maintain your logged-in session

You can manage cookie preferences in your browser. Most browsers allow you to refuse cookies or alert you when cookies are being sent.

11. Children's Privacy

Our platform is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that a child has provided information without parental consent, we will delete it promptly.

For campaigns involving minors: Causes must be created and managed by the minor's legal guardian or parent. We require verification that the account creator has legal authority to create the campaign on behalf of the minor.

12. Third-Party Links & Services

Our platform may contain links to external websites and services that are not operated by GIFA. This Privacy Policy only applies to GIFA. We are not responsible for the privacy practices of external sites. Please review the privacy policies of any third-party services before sharing your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification for material changes
• Requesting your consent if required by law

Your continued use of the platform after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: