Clear on privacy, cookies, and how your data is handled.

We collect information you provide directly to us when you create a contribution group or make a contribution. This may include your name, phone number and payment information.

We use the information to:

• Process your contributions and withdrawals.
• Verify your identity and prevent fraud.
• Communicate with you about your contribution groups and contributions.
• Maintain the security of our platform.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

You can manage your cookie preferences at any time by clicking the link on this page, or from your Account page. See Section 5 for full details on withdrawing consent.

You have the right to withdraw your consent to analytics data collection at any time. Withdrawing consent is as easy as giving it. You can do so using one of the following methods:

We process your personal data under the following legal bases as defined by GDPR Article 6:

• Consent (Article 6(1)(a)): Analytics and performance cookies are only set after you provide explicit consent via our cookie banner or consent dialog. You may withdraw this consent at any time, as described in Section 5.
• Contractual Necessity (Article 6(1)(b)): Processing your personal data is necessary for the performance of the contract between you and Autotreasurer, specifically to facilitate campaign creation, process contributions, and execute contribution withdrawals via M-Pesa.
• Legitimate Interest (Article 6(1)(f)): We process certain data to maintain the security and integrity of our platform, prevent fraud, and ensure essential service operations. This includes authentication session management and identity verification.

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): You have the right to request correction of any inaccurate or incomplete personal data.
• Right to Erasure (Article 17): You have the right to request deletion of your personal data, subject to legal retention obligations.
• Right to Restriction of Processing (Article 18): You have the right to request that we limit the processing of your personal data under certain circumstances.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object (Article 21): You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.

To exercise any of these rights, contact us at contact@autotreasurer.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account Data: Retained for the lifetime of your account and for 30 days after account deletion to allow for recovery.
• Transaction Data: Retained for 7 years after the transaction date, as required by financial record-keeping regulations.
• Analytics Data: Firebase Analytics data is retained for 14 months, after which it is automatically aggregated and de-identified. Raw analytics data is not retained beyond this period.
• Authentication Logs: Retained for 12 months for security and fraud prevention purposes.

When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with you.

The data controller responsible for your personal data is:

If you have any concerns about how your data is processed, you may contact our data protection contact at the email address above, or lodge a complaint with your local supervisory authority.

Our platform uses Google Firebase for authentication, database, and analytics services. Firebase servers are located in the United States. This means your personal data may be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

We ensure that such transfers are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): Google's data processing terms incorporate EU Standard Contractual Clauses approved by the European Commission, ensuring an adequate level of data protection for transfers outside the EEA.
• EU–U.S. Data Privacy Framework: Google LLC is certified under the EU–U.S. Data Privacy Framework, providing additional safeguards for transatlantic data transfers.

For M-Pesa payment processing, transaction data is processed by Safaricom in Kenya. Safaricom is subject to the Kenya Data Protection Act, 2019, which provides comparable protections for personal data.

If you have any questions about this Privacy Policy, your rights, or how we handle your personal data, please contact us at contact@autotreasurer.com.