Privacy Policy

Last updated:

1. Introduction

This privacy policy applies to Sifr (also marketed as "MySifr") — the mobile app and website used by individual donors and community members to discover non-profit organizations, donate, register for events, and manage their giving (the "Service").

The Service is operated by NM Tech Solutions LLC, a North Carolina limited liability company ("we", "us", "our"). "Sifr" and "MySifr" are trade names of NM Tech Solutions LLC.

This policy explains what information we collect when you use the Service, how we use it, who we share it with, and the choices you have.

2. Information We Collect

Information you provide

  • Account information — name, email address, phone number (used for OTP login and donation receipts).
  • Donation and payment details — collected by Stripe on our behalf. We do not store full card numbers on our servers; we retain only the last four digits and a Stripe customer reference.
  • Event registrations, pledges, and form responses — when you register for events or submit fundraiser forms.

Information we collect automatically

  • Usage data — pages visited, organizations/fundraisers/events viewed, favorites and follows, donation funnel events.
  • Device information — device type, browser, operating system, app version (mobile).
  • Approximate location — derived from your IP address (city / region / country only). We do not use GPS.
  • Push notification token — an Apple/Google-issued identifier, only when you enable push notifications.
  • Diagnostic data — crash reports, performance traces, and error logs.

3. How We Use Your Information

  • To provide and operate the Service — process donations, deliver receipts, manage your account, send notifications.
  • To improve the Service — understand which features are used, diagnose bugs, measure performance.
  • To communicate with you — donation confirmations, event reminders, important account changes.
  • To comply with legal obligations — including donation record-keeping required by tax and charity regulations.

We do not sell your personal information, share it with third-party advertisers, or track you across other companies' apps and websites.

4. Third-Party Services

We use the following processors to operate the Service. Each is bound by their own privacy obligations:

  • Stripe — payment processing. Card data goes directly to Stripe.
  • MaxMind GeoLite2 — IP-based city/region lookup for analytics.
  • Sentry — mobile app crash reporting and error tracking.
  • AppSignal — backend performance monitoring and error tracking.
  • Resend — transactional email delivery (receipts, password resets).
  • Twilio — SMS message delivery for non-profit organizations (masjids, schools, and others) you have opted in to receive text messages from. Each participating organization uses its own toll-free number; your phone number is shared with Twilio only when you opt in to a specific organization's SMS communications.
  • Apple Push Notification Service and Firebase Cloud Messaging — push notification delivery on iOS / Android.
  • Hosting provider — Render and Railway (server infrastructure for the Service).

5. Data Retention

  • Account information — retained while your account is active and for a reasonable period after closure for legal and accounting purposes.
  • Donation records — retained as required by tax and charity regulations.
  • Detailed analytics events — 90 days, after which they are aggregated and the raw rows are deleted.
  • Visit records — 365 days, after which they are deleted.
  • Daily aggregate snapshots — retained indefinitely (no personally identifiable information).

Authorized Sifr staff may view aggregate and anonymized usage analytics for product analysis and growth measurement. Staff access requires two-factor authentication and every action is logged.

6. Your Rights and Choices

  • Opt out of analytics — toggle "Opt out of analytics" in your profile, or visit Privacy controls. We also honor browser Do Not Track signals.
  • Access, correct, or delete your data — contact us at the address below. We will respond within 30 days.
  • Unsubscribe from email — every non-transactional email contains an unsubscribe link.
  • Disable push notifications — in your device's notification settings.
  • Opt out of SMS — reply STOP to any SMS message from a participating organization, or contact us to be removed from all organization SMS lists.

7. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. Contact us if you believe we have inadvertently collected information from a child.

8. Security

We use industry-standard security measures, including encryption in transit (TLS), encrypted credentials, access controls, and regular security reviews. No system is perfectly secure; you are responsible for keeping your account credentials confidential.

9. Changes to This Policy

We may update this policy from time to time. We will update the "Last updated" date at the top and, for material changes, notify you in-app or by email before the change takes effect.

10. Contact Us

For privacy questions or to exercise any of the rights above, contact NM Tech Solutions LLC at info@sifrco.com.

Sifr