Privacy policy.

Donor data belongs to your organization. We process it on your behalf to render the dashboards your authorized users see. We do not sell data, we do not share data across tenants, and we do not use your donor records to train any model. If you stop being a customer, we delete your data on request within 30 days.

This policy covers Islamic centers, mosques, and Islamic nonprofits ("tenants") who use BetterWayIQ Donations, the staff and volunteers those tenants invite into the dashboard ("authorized users"), and visitors to betterwayiq.com and its product subdomains (including donations.betterwayiq.com).

It does not create privacy obligations between BetterWayIQ and your individual donors directly — that relationship belongs to your organization, not to us. We act as a processor on your behalf.

Three categories:

• Tenant donor data — transactions, donor profiles, pledges, recurring schedules, campaign codes, and bank deposit records. We sync these from the donation platforms you connect (Neon CRM, MadinaApps, MyMasjidHub, MOHID, GiveWP, generic CSVs) or read from CSVs you upload.
• Authorized-user account data — email address, name (optional), tenant memberships, and audit log of dashboard actions. Authentication is handled by Supabase Auth.
• Operational telemetry — error reports, page-load timings, and feature usage counts. We do not record session replays of dashboard activity, and we do not attach donor PII to telemetry events.

Tenant donor data is used only to render the dashboards your authorized users see, to compute the analytics shown on those dashboards, and to generate exports you request. We do not use donor data to:

• Train, fine-tune, or evaluate machine-learning models.
• Sell, rent, or share with third parties for marketing.
• Cross-tenant analytics or benchmarking.
• Anything we haven't explicitly described in your contract.

Every tenant's data lives behind row-level-security policies in Postgres. A bug in application code cannot leak data across tenants — the database enforces isolation independently of the app. The same isolation applies to ingestion workers, exports, and analytics. See our security page for the technical details.

We rely on a small set of vetted infrastructure vendors. Each one processes a specific kind of data on our behalf:

• Supabase (US) — primary database, authentication, file storage for raw CSVs.
• Vercel (US) — application hosting and edge network for the marketing site and dashboard.
• Railway (US) — ingestion worker hosting (Python jobs that pull from your donation platforms).
• Stripe (US) — billing. Stripe handles subscription state and any payment information; we never see your card number.
• Resend (US) — transactional email (welcome, trial reminders, payment notices, contact-form replies).
• Sentry (US) — error reporting. We scrub donor names, emails, and amounts from error context before sending.

A current data processing agreement (DPA) is available on request at hello@betterwayiq.com.

Your donor data is stored in the United States (Supabase US-East region). Operational backups run daily and are retained for 7 days on the Free tier; longer retention is available on paid Supabase tiers. Raw CSVs you upload are kept in Supabase Storage so you can audit ingestion runs against the original file you provided.

While you're a customer, we keep your data as long as your account is active. If you cancel:

• Within 30 days of cancellation, you can request a full export.
• On request, we delete your tenant's donor records, raw CSVs, and all associated rows from our database within 30 days. Sentry error logs and aggregated billing records may persist beyond that under the relevant processor's own retention policies.
• If you make no request, we automatically purge inactive-tenant donor data 12 months after the subscription ends.

To request export or deletion, email hello@betterwayiq.com from an address tied to an admin user on the tenant.

Most BetterWayIQ tenants are US-based Islamic centers and mosques whose donors are also US-based, but we recognize a tenant may collect data from EU or California residents. Because BetterWayIQ acts as a processor — your organization is the controller of donor data — donor-side requests (right to access, right to erasure, right to opt out of sale, etc.) are routed through your organization, not through us. If you receive a donor request you need our help fulfilling, email hello@betterwayiq.com and we'll respond within 5 business days.

We do not sell donor data; the CCPA "right to opt out of sale" is therefore moot — but for clarity: there's no mechanism in our product that would surface donor data outside your tenant.

If we identify a security incident affecting your tenant's data, we will notify your tenant's admin contact within 72 hours of confirming the incident, with the scope, suspected cause, and remediation steps we're taking. See the security page for our defense-in-depth model (RLS, encrypted credentials, audit logs, JWT short-expiry sessions).

BetterWayIQ is sold to and used by adults running finance and development functions at Islamic centers, mosques, and Islamic nonprofits. We do not knowingly collect personal data from children under 13. Donor records ingested from your platform may include minors only if your organization has chosen to record them (e.g. youth program donations); that data is treated identically to adult donor data and is governed by your organization's relationship with those donors.

When we change this policy in a way that affects your rights, we'll update the "last updated" date above and email an admin contact on every active tenant at least 14 days before the change takes effect. Minor wording changes that don't change rights or data flows are pushed silently with the date updated.

Privacy questions, data-handling requests, DPA requests, or anything else covered by this policy: hello@betterwayiq.com. We aim to reply within one business day.