Privacy Policy

ChaiRaise collects only the data necessary to power your fundraising CRM:

• Account data: Email address, name, and organization affiliation when you sign up.
• Donor data: Names, contact information, giving history, and engagement data that YOU enter or import into the CRM. We never independently collect donor data.
• Usage data: Page views, feature usage, and error logs to improve the product. No tracking pixels or third-party analytics.

• To provide CRM functionality — storing, organizing, and analyzing your donor data.
• To power AI features — donor briefs, email generation, and cause matching. AI prompts include donor context but never raw PII beyond what is necessary.
• To send emails on your behalf via our email service (Resend) when you use the email feature.
• To improve ChaiRaise — aggregated, anonymized usage patterns only.

When you use AI features (email generation, donor briefs, org research), donor context is sent to our AI provider (Anthropic) via server-side API calls. Specifically:

• AI requests are processed through our secure server — your API keys and donor data never leave the server.
• We send only the minimum context needed (donor name, community, giving history, org mission) — never full database exports.
• Anthropic does not train on API inputs per their commercial terms.
• You can disable AI features entirely in Settings.

• Database: Donor data is stored in Neon Postgres, hosted on AWS infrastructure with encryption at rest (AES-256) and in transit (TLS 1.3).
• Authentication: Managed by NextAuth.js with JWT sessions. Passwords are never stored in plaintext.
• Infrastructure: Hosted on Vercel with automatic DDoS protection, WAF, and SOC 2 compliant infrastructure.
• Access control: Role-based permissions (Admin, Manager, Fundraiser, Viewer) restrict data access within your organization.

We do NOT sell, rent, or share your donor data with anyone. Period. Your data is shared only with:

• Anthropic — AI provider, for generating email drafts and donor insights (minimal context, no training).
• Resend — Email delivery service, only when you send emails through ChaiRaise.
• Neon — Database hosting provider (encrypted at rest).
• Vercel — Application hosting (SOC 2 compliant).

• Access: You can export all your data at any time via the Exports page.
• Deletion: You can delete any donor record. To delete your entire account and all associated data, contact us.
• Portability: Export your complete donor database as CSV or JSON.
• GDPR: If you or your donors are EU residents, you have the right to access, rectify, erase, and port your data. Contact privacy@chairaise.com.

We recognize that donor data for Jewish organizations carries additional sensitivity considerations:

• Religious affiliation is classified as special category data under GDPR Article 9.
• We implement additional security measures for donor lists, including audit logging of all data access.
• We never expose donor lists publicly or to other organizations on the platform.
• Each organization's data is fully isolated — no cross-org data access is possible.

• Active account data is retained as long as your account exists.
• Deleted donor records are permanently removed within 30 days.
• Account deletion removes all associated data within 30 days.
• Audit logs are retained for 2 years for compliance purposes.

For privacy questions, data access requests, or concerns:

Email: privacy@chairaise.com