Privacy Policy - Museum Donation Portal

1. Introduction

This Privacy Policy describes how Museum Donation Portal ("we," "us," "our") collects, uses, and protects information when you use our Service.

2. Information We Collect

Museum Account Information

Museum name and contact details
Email address and phone number
Billing information (processed by Stripe)

Donor Information

Name, email address, and phone number
Donation item descriptions and details
Communication preferences

Technical Information

IP addresses and browser information
Usage data and analytics
Cookies and similar technologies

3. How We Use Your Information

We use collected information to:

Provide and maintain the Service
Process subscriptions and payments
Send transactional emails (donation confirmations, status updates)
Improve and optimize the Service
Respond to support requests
Detect and prevent fraud or security issues

            🔒 Data Separation: Each museum's data is logically separated within our database. Museums can only access their own donation records and cannot view data from other museums.
        

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data only in the following circumstances:

Service Providers: Third-party services that help us operate (e.g., Stripe for payment processing, AWS for hosting)
Legal Requirements: When required by law, court order, or government regulation
Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Storage and Security

Your data is stored on secure servers hosted by Amazon Web Services (AWS) in the United States. We implement industry-standard security measures including:

SSL/TLS encryption for data in transit
Encrypted database storage
Regular security updates and monitoring
Access controls and authentication

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account cancellation, data is retained for 90 days to allow for recovery, then permanently deleted unless required for legal compliance.

7. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data
Export: Request a portable copy of your data
Objection: Object to certain processing of your data

To exercise these rights, contact us at privacy@vasari.art

8. Cookies and Tracking

We use cookies and similar technologies for:

Authentication and session management
Analytics and usage tracking
Preference storage

You can control cookies through your browser settings. Disabling cookies may limit functionality.

9. International Data Transfers

If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use after changes constitutes acceptance.

12. Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@vasari.art
Support: support@vasari.art

← Back to Home