Legal

Privacy Policy

Last updated: March 22, 2026

1. Introduction

Vantage Software, Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Vantage platform ("the Service").

2. Information We Collect

2a. Account Information

When you create an account, we collect your name, email address, and password. If you join an organization, we also store your membership role and association.

2b. Donor Data (Your Data)

You and your organization upload and manage donor information within the Service, including names, contact details, addresses, donation history, notes, interactions, and tags. This data belongs to your organization—we process it solely to provide the Service.

2c. Usage Data

We automatically collect usage information such as pages visited, features used, browser type, device information, and IP address. This data is used to improve the Service and diagnose issues.

2d. Integration Data

When you connect third-party services (e.g., QuickBooks), we store OAuth tokens and sync metadata necessary to maintain the integration. We do not store your third-party passwords.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate users and manage organization access
  • Sync data with connected third-party services
  • Generate AI-powered donor insights and chat responses
  • Send transactional emails (e.g., donation receipts) on your behalf
  • Provide customer support
  • Detect and prevent fraud, abuse, or security incidents

4. AI Processing and PII Safeguards

The Service uses AI providers (OpenAI and Anthropic) to generate donor insights and power the chat assistant. Before sending any donor data to AI providers:

  • Personally identifiable information (PII) such as names, emails, phone numbers, and addresses is redacted and replaced with anonymous placeholders
  • AI providers receive only anonymized data and do not have access to raw donor records
  • AI-generated responses are un-redacted locally before being displayed to you

AI providers process data according to their own privacy policies. We do not permit AI providers to use your data for training their models.

5. Data Sharing and Disclosure

We do not sell your personal information or donor data. We may share information with:

  • Service providers — Third-party services that help us operate the platform (hosting, email delivery, analytics, AI processing). These providers are bound by contractual obligations to protect your data.
  • Connected integrations — When you explicitly authorize a third-party integration (e.g., QuickBooks), data flows as necessary to maintain the sync.
  • Legal requirements — We may disclose information if required by law, regulation, legal process, or governmental request.

6. Data Storage and Security

Your data is stored in Supabase-managed PostgreSQL databases with encryption at rest and in transit. We use industry-standard security measures including:

  • TLS/HTTPS encryption for all data in transit
  • Row-level security policies at the database level
  • Organization-scoped data isolation—each organization can only access its own data
  • Secure OAuth 2.0 token storage for third-party integrations
  • Security headers (HSTS, X-Frame-Options, CSP) on all responses

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your organization, all associated data (donors, donations, interactions, reports, and settings) is permanently deleted within 30 days.

Usage and analytics data may be retained in anonymized form for up to 24 months for product improvement purposes.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of your personal data and donor data
  • Export — Download your organization's data in CSV format via the Settings page
  • Correction — Update inaccurate personal information
  • Deletion — Request deletion of your account and associated data
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to certain processing activities

To exercise any of these rights, contact us at privacy@vantagedonorai.com.

9. Cookies

The Service uses essential cookies for authentication and session management. We use Vercel Analytics for basic usage metrics, which does not use cookies for tracking. We do not use advertising cookies or third-party tracking scripts.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Vantage Software, Inc.
privacy@vantagedonorai.com

© 2026 Vantage Software, Inc. All rights reserved.

Terms of Service