Effective Date: 25th August 2025
Last Updated: 4th September 2025
NGOSuite (“we,” “our,” or “us”) provides software solutions to non-governmental organizations (“NGOs”) to manage memberships, programs, fundraising, and beneficiary engagement, including services for youth and vulnerable groups.
We are committed to protecting the confidentiality, integrity, and availability of data processed through NGOSuite. This Data Protection Policy explains how we collect, use, store, secure, and disclose personal and organizational information, and sets out the responsibilities of NGOSuite, our clients, and end users.
By using NGOSuite, clients acknowledge that while we take robust measures to protect data, no system is completely immune to risk.
This policy applies to:
All clients using NGOSuite software and related services.
All data collected from or about NGOs, staff, volunteers, beneficiaries, donors, and youth program participants.
All employees, contractors, consultants, and third parties engaged by NGOSuite who may access or process data.
Personal Data: Any information relating to an identified or identifiable individual.
Sensitive Data: Data that requires extra protection, such as youth information, health data, or financial records.
Client Data: Data uploaded, processed, or stored by NGOs using NGOSuite.
Youth Data: Information related to individuals under 18 years of age.
Processing: Any operation performed on data, including collection, storage, transfer, and deletion.
NGOSuite may collect and process the following categories of data:
Personal Information: Names, contact details, login credentials, date of birth.
Organizational Information: NGO registration data, staff and volunteer records, project details.
Financial Information: Payment details, billing addresses, donation records.
Youth Information: Participant registration details, program engagement records, guardian/parental consent forms.
Usage Data: Device identifiers, IP addresses, login history, cookies, and analytics.
Communications: Emails, in-app messages, support requests, survey responses.
We process data for the following purposes:
Delivering and maintaining NGOSuite services.
Enabling NGOs to manage beneficiaries, memberships, and youth programs.
Processing donations, payments, and grants.
Protecting children and vulnerable individuals through safeguarding protocols.
Meeting contractual obligations with clients.
Complying with legal and regulatory requirements.
Preventing, detecting, and investigating fraud or misuse.
Communicating service updates and opportunities (with consent).
We comply with the Children’s Online Privacy Protection Act (COPPA) for users under 13 and follow best practices for minors up to 18.
Parental/Guardian consent is required for data collection from children under 13.
Youth data is collected only for legitimate program-related purposes and is never used for advertising or resale.
Youth records are subject to additional security measures, including restricted access and anonymization where possible.
Partner NGOs are responsible for obtaining necessary consents before sharing youth data with NGOSuite.
NGOSuite employs industry-standard technical and organizational measures, including:
Encryption of data in transit (TLS/SSL) and at rest (AES-256).
Role-based access controls with least-privilege principles.
Multi-factor authentication (MFA) for administrator accounts.
Firewalls, intrusion detection, and monitoring systems.
Regular penetration testing and vulnerability assessments.
Enforced password complexity and expiration rules.
Secure data centers located in the United States with physical security controls.
Regular staff training on cybersecurity and safeguarding.
We do not sell or rent personal data. Data may be shared only under the following circumstances:
Service Providers: With trusted vendors (e.g., hosting, payment processors, analytics tools) under confidentiality and security agreements.
Partner NGOs: Where data sharing is necessary for program delivery and with explicit user or guardian consent.
Legal Obligations: When required by law, regulation, or valid legal process.
Business Transfers: In the event of a merger, acquisition, or corporate restructuring.
Data will be retained only for as long as necessary to fulfill the purpose for which it was collected.
Youth data is deleted or anonymized once it is no longer required for program delivery or legal compliance.
Backups are retained for a limited period for disaster recovery.
Clients may request data deletion at any time, subject to legal obligations.
Depending on applicable state law (e.g., CCPA, VCDPA, CPA), users may have the right to:
Access their personal data.
Request corrections or updates.
Request deletion (“right to be forgotten”).
Opt out of certain types of processing (e.g., targeted ads — not applicable to NGOSuite).
Obtain a copy of their data in a portable format.
Requests should be directed to [Insert Contact Email].
For youth, these rights must be exercised by a parent or guardian.
In the event of a confirmed data breach, NGOSuite will investigate promptly and notify affected clients without undue delay.
Notifications will include the nature of the breach, categories of affected data, and recommended actions.
We will cooperate with clients and regulators as required.
NGOs remain responsible for notifying their own end users, beneficiaries, or members where legally required.
NGOSuite implements reasonable security measures to protect data.
However, no system is completely secure. NGOSuite cannot guarantee the prevention of all unauthorized access, cyberattacks, or data breaches.
NGOSuite shall not be held liable for:
Losses arising from hacking, data breaches, or unauthorized access beyond our reasonable control.
Client misuse of the system, including poor password practices or unapproved third-party integrations.
Breaches caused by third-party vendors outside of NGOSuite’s direct control.
Clients are responsible for:
Securing their own accounts and devices.
Training staff on safe data handling.
Obtaining proper consents before submitting data (especially youth data).
By using NGOSuite, clients acknowledge and accept these limitations.
NGOSuite is committed to child protection and safeguarding.
Staff handling youth or vulnerable group data must undergo safeguarding and data protection training.
Any suspected misuse of youth data will be investigated and, if necessary, reported to appropriate authorities.
NGOSuite may integrate with third-party platforms (e.g., payment gateways, communication tools).
These services have their own privacy and security practices, for which NGOSuite is not responsible.
Clients are encouraged to review third-party policies before enabling integrations.
While NGOSuite is designed for U.S.-based NGOs, international clients may also use our services. In such cases:
Data is still processed and stored in U.S. data centers.
NGOSuite will apply this policy and, where applicable, align with international frameworks (e.g., GDPR) to the extent possible.
We may revise this policy from time to time to reflect legal changes, best practices, or system updates.
Updated versions will be posted within the NGOSuite platform.
Significant changes will be communicated directly to clients.
For questions, concerns, or requests regarding this policy, please contact:
Email: Info@ngosuite.com
© 2025 | All rights reserved. | NGOSuite | Data Protection Policy
