Effective Date: March 29, 2026
We collect information you provide (name, email, entity details) and usage data (page views, feature usage). We do not sell your data to third parties.
For GDPR purposes, Ummeco Organization acts as both data controller (for account and billing data) and data processor (for entity management data processed on behalf of our customers). Entity administrators are data controllers for the personal data of their members, donors, and constituents. We process this data only according to their instructions as defined in our Data Processing Agreement, available at [email protected].
Your data is used to provide the Service, improve features, send transactional emails (account verification, password resets), and comply with legal obligations. We process your data on the basis of contract performance (service delivery), legitimate interest (security, fraud prevention), and legal obligation (tax/compliance records). We do not process data based on consent for core service features.
Data is stored on servers in Germany (Hetzner, Falkenstein data center). We use PostgreSQL with encryption at rest. Backups are encrypted and retained for 30 days.
We use Stripe for payments (see Stripe Privacy Policy), Cloudflare for CDN/DNS, Vercel for web hosting, and Elastic Email for transactional and newsletter delivery (see elasticemail.com/privacy-policy). Each has their own privacy policies.
You may request access to, correction of, or deletion of your personal data at any time by contacting us. Entity data you manage belongs to the entity, not to you individually.
We use essential cookies for authentication (session tokens). We do not use advertising or tracking cookies. Analytics are privacy-preserving and do not track individual users.
The Service is not intended for children under 13. We do not knowingly collect data from children.
We retain account data for the duration of your subscription plus 7 years for tax and legal compliance. You may request deletion of personal data not subject to legal retention obligations. Entity data is exported and purged within 90 days of account closure.
Privacy questions: [email protected]