S
StewardLedger

Privacy Policy

Last updated: January 27, 2026

This Privacy Policy describes how StewardLedger ("we", "us", or "our") collects, uses, and shares information when you use our service at stewardledger.com and app.stewardledger.com.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us:

  • Account Information: Name, email address, organization name, password
  • Billing Information: Payment method details (processed by Stripe)
  • Service Data: Financial data, donor information, transaction records you enter into the Service
  • Communications: Messages you send us through support or contact forms

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Usage Data: Pages viewed, features used, time spent
  • Device Information: Browser type, IP address, operating system
  • Cookies: We use essential cookies for authentication and session management

1.3 Information from Third Parties

We may receive information from:

  • Planning Center: Donor data when you connect your account
  • PayPal: Transaction data when you connect your account
  • Payment Processors: Payment confirmation and billing details

2. How We Use Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send technical notices, updates, and security alerts
  • Respond to your comments and questions
  • Monitor and analyze trends and usage
  • Detect, prevent, and address fraud and security issues
  • Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell your personal information. We share information only in these situations:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

  • Cloud infrastructure providers (AWS, Google Cloud)
  • Payment processors (Stripe)
  • Email service providers
  • Analytics providers

All service providers are bound by data protection agreements.

3.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests.

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred.

3.4 With Your Consent

We share information when you give us consent to do so.

4. Data Retention

We retain your information for as long as your account is active or as needed to:

  • Provide the Service
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

After account cancellation, we retain data for 90 days for recovery purposes, then permanently delete it. Audit logs may be retained for 7 years for compliance.

5. Your Rights (GDPR)

If you are in the European Economic Area, you have these rights:

5.1 Access

You can request a copy of your personal data.

5.2 Rectification

You can correct inaccurate or incomplete data.

5.3 Erasure

You can request deletion of your data.

5.4 Restriction

You can request that we limit how we use your data.

5.5 Portability

You can request your data in a machine-readable format.

5.6 Objection

You can object to our processing of your data.

To exercise these rights, contact us at privacy@stewardledger.com.

6. Cookies and Tracking

We use cookies and similar technologies:

6.1 Essential Cookies

Required for authentication and security. These cannot be disabled without affecting Service functionality.

6.2 Analytics Cookies

Help us understand how you use the Service. You can opt out in your account settings.

6.3 Cookie Management

Most browsers allow you to control cookies through settings.

7. International Transfers

We process data within the European Union. If data is transferred outside the EU, we ensure adequate safeguards through:

  • Standard Contractual Clauses
  • Privacy Shield frameworks (where applicable)
  • Other approved mechanisms

8. Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for sensitive data at rest
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection

While we strive to protect your data, no method of transmission or storage is 100% secure.

9. Children's Privacy

The Service is not intended for individuals under 16. We do not knowingly collect information from children under 16.

10. Contact Information

For privacy-related questions:

Email: privacy@stewardledger.com
Data Protection Officer: dpo@stewardledger.com

Address:
StewardLedger
[Street Address]
[Postal Code, City]
[Country]

11. Policy Updates

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect.

The "Last updated" date at the top indicates when the policy was last revised. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Last updated: January 27, 2026

ende