Privacy Notice

Last Updated: 9 June 2026

Donor Seek Ltd (“DonorSeek”, “we”, “us”, or “our”) is committed to protecting your personal information and respecting your privacy. This Privacy Notice explains what information we collect, how we use it, and your rights under the New Zealand Privacy Act 2020.

This notice applies to all users of DonorSeek services, including the DonorSeek for Charities and DonorSeek for Donors applications.

1. Who We Are

DonorSeek is operated by Donor Seek Ltd, a company registered in New Zealand. We act as the data controller for personal information collected through our services. Where charities use DonorSeek to manage their donor data, they act as data controllers for that donor information, and DonorSeek acts as a data processor on their behalf.

If you have questions about your privacy, contact us at: admin@donorseek.com

2. What Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Your name and email address
  • A password (stored as a secure hash — we never store your plain-text password)
  • Organisation name (for charity accounts)

2.2 Donor and Donation Data (Charity App)

Charities using DonorSeek upload or enter information about their donors and donations, which may include:

  • Donor names and email addresses
  • Donation amounts, dates, and descriptions
  • Receipt history and delivery status

2.3 Donation Receipt Data (Donor App)

Donors using DonorSeek may upload or receive:

  • Charitable donation receipts (including amounts and charity details)
  • Scanned receipt images (Pro tier)
  • Tax credit summaries generated from receipt data
  • When you upload a receipt PDF, the file is sent securely to Mistral (an EU-based AI company) for text extraction. Mistral processes the document to identify charity name, IRD/registration number, donor name, amount, and date so we can pre-fill these fields for you. Mistral does not retain the document after processing. We only send PDFs you have explicitly uploaded — never receipts received by your charity through the platform.

2.4 Usage and Technical Data

When you use our services, we automatically collect certain technical data including:

  • Log data (IP addresses, browser type, pages visited, timestamps)
  • Device information
  • Performance and error logs

2.5 Payment Information

Payment processing is handled entirely by Stripe. We do not collect or store full payment card details. We retain only transaction records (amount, date, subscription status) for billing and accounting purposes.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the DonorSeek services
  • Process transactions and manage your subscription
  • Send you service notifications, such as email confirmation links and receipt delivery confirmations
  • Respond to your enquiries and provide customer support
  • Improve and develop our services (using anonymised, aggregated data)
  • Comply with legal obligations, including tax and financial record-keeping requirements
  • Protect against fraud, abuse, and security threats

We do not sell your personal information to third parties. We do not use your information for advertising purposes.

4. Legal Basis for Processing

We process your personal information on the following bases:

  • Contract: Processing necessary to provide services you have signed up for.
  • Legitimate interests: Improving our services, preventing fraud, and maintaining security.
  • Legal obligation: Complying with New Zealand law, including the Privacy Act 2020.
  • Consent: Where we rely on your consent (such as for optional marketing communications), you may withdraw it at any time.

5. Who We Share Your Information With

We may share your information with trusted third-party service providers who help us operate DonorSeek:

  • Supabase – database hosting and authentication infrastructure. Donor records, donations, and account data are stored in Supabase’s Sydney, Australia region (AWS ap-southeast-2). Supabase is a US company but the data itself is held in Australia.
  • Vercel – application hosting (United States). Vercel runs the DonorSeek web applications and serves the pages you see. Vercel sees only the data that flows through a given request — it doesn’t have direct database access.
  • Stripe – payment processing (United States). Stripe receives only what’s needed for billing (charity contact details, subscription information). Donor records are never sent to Stripe.
  • Resend – transactional email delivery (United States). Donor names and email addresses pass through Resend when receipts are emailed.
  • Mailgun – alternative email provider (US or EU region depending on the charity’s choice). Used only if a charity configures their own Mailgun account through DonorSeek’s custom-email-provider feature.
  • Mistral – receipt text recognition (France/EU). Used only on the donor app when a donor uploads a receipt PDF. PDFs are sent for text extraction and not retained by Mistral.
  • Xero – accounting integration (Australia or NZ). Used only when a charity connects their Xero account; donor and donation data flows to Xero contacts on the charity’s instruction.

Each provider is contractually required to handle your data securely and only for the purposes we’ve directed. Each is in a country we consider to have comparable privacy safeguards, or where the disclosure is necessary to provide the service you’ve signed up for. We monitor each provider’s privacy practices and will update this notice if any change.

We may also disclose your information if required to do so by law, or to protect the rights, property, or safety of DonorSeek, our users, or the public.

6. Data Retention

We retain different categories of data for different periods, matched to the purpose for which we collected it:

  • Donor account information and active donation records: Kept while your account is active. If you close your DonorSeek donor account, your account-level data (name, email, secondary emails, preferences) is deleted within 30 days.
  • Donation receipts and tax records: Charities may need to retain donation records for up to 7 years to comply with IRD record-keeping requirements. These records belong to the charity, not to DonorSeek directly. Closing your DonorSeek donor account does not delete records held by individual charities.
  • Access and audit logs: Kept for 24 months. These records (who accessed what, when, from where) are how we detect and investigate privacy breaches. After 24 months they are automatically purged.
  • Per-record edit history: Kept for the lifetime of the underlying donor or donation record. When the record is deleted, its history is deleted with it.
  • Resolved correction and connection requests: Kept for 24 months after resolution, then purged.
  • Rate-limit and signup-check cache: Kept for 90 days, then purged.

A nightly automated process enforces these windows. Where law requires longer retention (e.g. financial records under tax law), the legal requirement takes precedence.

7. Security

We implement appropriate technical and organisational measures to protect your information against unauthorised access, disclosure, alteration, or destruction. These include:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Secure password hashing using industry-standard algorithms
  • Row-level security policies in the database, ensuring users can only access their own data
  • Encryption of sensitive credentials (third-party API keys, OAuth tokens) using AES-256-GCM with keys held separately from the encrypted data
  • Application-level audit logging of privacy-sensitive actions, retained for 24 months and used for breach detection and investigation
  • Bot protection on all authentication forms (Cloudflare Turnstile)
  • Automatic session timeout after 60 minutes of inactivity
  • Regular dependency scanning and security review by an independent SAST tool

No method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security, but we take reasonable steps to protect your information. If a breach occurs that may cause serious harm, we will notify affected individuals and the Office of the Privacy Commissioner in accordance with the Privacy Act 2020.

8. Cookies and Tracking

DonorSeek uses cookies and similar technologies for essential service functions, including authentication (keeping you logged in) and security. We do not use tracking cookies for advertising or cross-site tracking purposes.

You can configure your browser to refuse cookies, but doing so may affect the functionality of our service.

9. Your Rights

Under the New Zealand Privacy Act 2020, you have the right to:

  • Access the personal information we hold about you. If you have a donor portal account, you can download a complete copy of your data at any time by going to **Account → Download your data**. You can also email us at admin@donorseek.com and we’ll provide the information within 20 working days.
  • Correct any personal information that is inaccurate or incomplete. Use the donor portal to update most of your details directly, or email us if you need help.
  • Request deletion of your personal information. You can delete your donor portal account directly from the app (Account → Delete My Account). Note that this does not remove records held by individual charities — those are subject to their own retention obligations.
  • Object to certain types of processing.
  • Lodge a complaint with the Office of the Privacy Commissioner at www.privacy.org.nz if you believe your privacy rights have been breached.

To exercise any of these rights, contact us at admin@donorseek.com. We will respond within 20 working days as required by the Privacy Act 2020.

If you believe your privacy rights have been breached, you may also lodge a complaint with the Office of the Privacy Commissioner at www.privacy.org.nz.

10. Children’s Privacy

DonorSeek is designed for use by adults. We do not knowingly create accounts for children under 18. If you are a charity using DonorSeek, you may hold donor records relating to minors (for example, where a parent has donated on behalf of a child) — those records are managed by the charity under its own privacy obligations. If you believe we have inadvertently created an account for a child under 16, please contact us at admin@donorseek.com.

11. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or legal obligations. We will notify you of material changes by email or via a notice within the application. The date at the top of this page indicates when the notice was last revised.

12. Contact Us

For any privacy-related questions, requests, or complaints, please contact us.

Scroll to Top