Privacy policy

This privacy policy describes how Jesus Christ for Everyone Foundation (INCARE) collects, uses, and protects your personal data. We are committed to ensuring your privacy is protected. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

Data controller

Jesus Christ for Everyone Foundation (INCARE)
Plovdiv, 1 May St. №13
Email: icare@jcfe-charity.com
Website:  https:// www.jcfe-carity.com

Data we collect

We collect the following types of personal data from visitors to jcfe-charity.com:

  • Name
  • Email address
  • Donation amount, currency, and method
  • Communication preferences

Please note that we do not store card details; payments are processed securely by Stripe/PayPal/Donorbox.

How we use your data

We use the data we collect for the following purposes:

  • Processing donations
  • Issuing receipts and required accounting documents
  • Providing impact updates and thank you messages (only if you opt in)
  • Ensuring security and preventing fraud

Our legal bases for processing your data are:

  • Contract (donation processing)
  • Legal obligation (accounting and tax requirements)
  • Legitimate interests (security)
  • Consent (updates)

Your data may be processed by the following processors/recipients:

  • Donorbox
  • Stripe
  • PayPal
  • Google Workspace
  • Our accountant
  • Hosting provider

Data is only shared as needed. Cross-border transfers, if any, rely on Standard Contractual Clauses (SCCs).

We retain accounting records for up to 10 years and marketing data until consent is withdrawn.

You have the following rights regarding your data:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Objection
  • Withdrawal of consent

To exercise these rights, please contact incare@jcfe-charity.com

Third-party sharing

We only share visitor data with service providers acting on our behalf. We do not sell data, and we do not share data with advertisers or data brokers.

Here's who we use and what they receive:

  1. Webador (website hosting & DNS)
    • Data: IP address, device/browser info (user agent), pages visited, basic logs, and strictly necessary cookies.
    • Purpose: run the site, security, performance, error logs.
  2. Donorbox (donation forms & pages)
    • Data: information you enter in the form (name, email, amount/currency, message), plus IP/device info for fraud prevention.
    • Purpose: process donations, issue receipts, donor communications (only if you opt in).
  3. Stripe and PayPal (payment processing)
    • Data: payment details (tokenized card/PayPal info), billing details you provide, IP/device info for fraud checks.
    • Note: we do not see or store full card numbers or CVV.
    • Purpose: process payments, prevent fraud, comply with financial rules.
  4. Google Workspace (email & file storage)
    • Data: emails you send us (content + headers/metadata), attached files, and our replies.
    • Purpose: correspondence, receipts, record-keeping.
  5. Accounting / auditors (if applicable)
    • Data: minimal donation records required by law (name, amount, date, method).
    • Purpose: statutory accounting and audits.
  6. Analytics / pixels
    • Current status: *We do not use advertising pixels and do not run marketing cookies by default.* If we later enable privacy-friendly analytics, we will update this page and ask for consent where required.
  7. Legal disclosures
    • We may disclose data if required by law, to protect our rights, users, or the public.

Some providers may process data outside the EEA. Where they do, they use safeguards such as the EU Standard Contractual Clauses (SCCs).

Security measures

We have implemented the following security measures to protect the personal data collected on jcfe-charity.com:

Website & transport

  • Site is served exclusively over HTTPS (TLS); HTTP requests redirect to HTTPS.
  • Donation forms are embedded from Donorbox in a secure iframe; data is submitted directly to Donorbox/Stripe/PayPal (not through our server).

Payments

  • Card data is processed by Stripe and PayPal (PCI-DSS–compliant processors).
  • We do not store card numbers or CVV on our systems.

Email & domain security

  • Outbound email is authenticated: SPF + DKIM + DMARC configured for jcfe-charity.com.
  • Admin mailboxes protected with multi-factor authentication (MFA).

Accounts & access control

  • MFA required for admin access to Google Workspace, Donorbox, Stripe, and Webador.
  • Least-privilege roles; access granted on a need-to-know basis; periodic access reviews.
  • Strong, unique passwords via a password manager.

Data handling & storage

  • Data minimization: we collect only what’s needed to process donations and communicate if you opt in.
  • Donor and operational files are stored in Google Workspace with provider-level encryption in transit and at rest and role-restricted sharing.
  • Retention: financial records kept up to 10 years (legal requirement); marketing/updates until consent is withdrawn.

Hosting

  • Managed hosting with Webador (provider-managed patches, TLS certificates, firewalling at the platform edge).
  • No custom server code on our side that handles payment data.

Monitoring & logging

  • Access and error logs reviewed for anomalies; admin-login alerts enabled where available.
  • Change history/versioning used for donor documents.

Incident response

  • Documented process for triage, containment, and remediation.
  • GDPR-aligned notification: we will notify the Bulgarian DPA and affected individuals within 72 hours when required.

Third-party sharing

  • Shared only with processors acting on our behalf (Donorbox, Stripe, PayPal, Google Workspace, accounting provider, hosting).
  • No data sales; no advertising pixels by default.

Contact : incare@jcfe-charity.com

Privacy Policy: https://jcfe-charity.com/privacy