This Privacy Policy describes how weFundraise (“we,” “us,” or “our”) collects, uses, stores, processes, and discloses personal data obtained through the weFundraise platform. This Policy is prepared in accordance with the Uganda Data Protection and Privacy Act, 2019, and applicable data protection principles including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. By accessing or using the platform, you confirm that you have read and understood this Policy.

For the purposes of applicable data protection law, weFundraise acts as the Data Controller in respect of personal data collected through the platform. This means we determine the purposes and means of processing your personal data. Where third-party service providers process data on our behalf, they act as Data Processors and are bound by contractual obligations to process data only in accordance with our instructions and applicable law.

WeFundraise collects personal data that users voluntarily provide when registering an account, creating or supporting fundraisers, or interacting with the platform. This may include identification information such as name, email address, phone number, National Identification details where required by law, and financial transaction information processed through licensed third-party payment service providers. We may also collect technical and usage data including IP address, device identifiers, browser type, operating system, and interaction logs through cookies and similar technologies.

The lawful bases for processing personal data include user consent, contractual necessity for the provision of platform services, compliance with legal obligations, and the legitimate interests of weFundraise, including fraud prevention, platform security, service improvement, and risk management. Where consent is relied upon, users may withdraw consent at any time, subject to legal or contractual restrictions.

Personal data is processed for specific and explicit purposes including providing platform functionality, facilitating fundraising activities, processing payments, verifying identity, preventing fraud and abuse, complying with legal and regulatory obligations, responding to lawful requests from public authorities, and improving platform performance and user experience.

WeFundraise does not sell personal data. However, we may share personal information with trusted third-party service providers including payment processors, identity verification services, cloud hosting providers, and analytics providers. Such disclosures are limited to what is strictly necessary and are subject to confidentiality and data protection obligations. We may also disclose personal data where required by law, court order, or regulatory authority, or where necessary to protect the rights, property, safety, or security of users or the public.

Personal data may be transferred, stored, or processed outside Uganda where our service providers operate infrastructure or systems in other jurisdictions. In such cases, weFundraise ensures that appropriate safeguards are in place, including contractual data protection clauses and security measures designed to ensure an adequate level of protection consistent with applicable law.

WeFundraise implements appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, alteration, disclosure, or destruction. These measures include access controls, encryption where applicable, secure storage systems, and internal data handling policies. However, no method of electronic storage or transmission over the internet is completely secure, and we cannot guarantee absolute security.

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting obligations, dispute resolution, fraud prevention, and enforcement of agreements. Where data is no longer required, it is securely deleted or anonymized in accordance with applicable retention practices.

Subject to applicable law, users have the right to request access to their personal data, request correction of inaccurate data, request deletion of data, object to or restrict certain processing activities, and obtain information regarding how their data is processed. Requests may be subject to identity verification and legal limitations, including obligations to retain certain data.

Users also have the right to lodge complaints with the Personal Data Protection Office in Uganda if they believe their rights under applicable data protection laws have been violated. WeFundraise encourages users to contact us first so that concerns may be resolved directly.

This Privacy Policy may be updated from time to time to reflect legal, regulatory, operational, or technical changes. Updates will be posted on the platform and take effect upon publication. Continued use of the platform after updates constitutes acceptance of the revised Policy.

To the maximum extent permitted by law, weFundraise shall not be liable for indirect, incidental, or consequential damages arising from unauthorized access, data breaches, or misuse of personal data, except where such limitation is prohibited by applicable law.

By using weFundraise, you acknowledge that you have read, understood, and agreed to this Privacy Policy in full.