Universal Charity

Privacy

Privacy and data processing.

This MVP privacy page explains what data the platform expects to handle and why. Final privacy notices should be reviewed against applicable data protection law.

Data we expect to collect

Registration may collect name, email, phone, password credentials, account role, consent records, and account status information.

Giving workflows may collect transaction references, payment intent data, wallet records, audit records, and public display preferences.

KYC and beneficiary workflows may collect identity, address, verification status, supporting evidence, and review information.

How data is used

Data is used to create accounts, verify eligibility, process giving workflows, prevent fraud, maintain public transparency, and support operational reporting.

Public transparency should use anonymised names unless a user opts in to public display.

Consent and requests

Registration captures privacy policy acceptance and data processing consent because account workflows depend on personal data.

Users should have a clear channel to request correction, account support, or deletion review where legally and operationally possible.

Security

The MVP is designed to use hashed passwords, HTTP-only auth cookies, role checks, audit trails, and provider abstractions for payment and KYC integrations.

Production launch should include a full security and privacy review, retention policy, breach process, and approved data processor list.