Privacy Policy

DonorDialer — by Borich Hernandez Solutions LLC

Effective Date: [TO BE SET BY OWNER BEFORE DEPLOYMENT]

This privacy policy describes how DonorDialer ("the app," "we," "us") collects, uses, and protects information when you use the DonorDialer iPad application and related services.

1. Information We Collect

1.1 Account Information

When you create a DonorDialer account, we collect:

• Email address and password — used for authentication via Supabase Auth
• Full name — displayed within the app to your campaign team
• Campaign role — one of: candidate, finance director, field director, or caller
• Campaign details — campaign name, candidate name, office sought, and election date

1.2 Usage Data

While you use the app, we collect:

• Session data — call timers and activity logs generated during call time sessions
• App activity — actions taken within the app (calls made, outcomes logged, donors updated)

1.3 Biometric Authentication

DonorDialer supports Face ID and Touch ID to lock the app. Biometric data is processed entirely on your device by iOS. We never receive, transmit, or store your biometric data.

1.4 Donor Data You Enter

You input information about your campaign's donors into DonorDialer. This data may include:

• Donor names, phone numbers, email addresses, and mailing addresses
• Giving history, ask amounts, notes, and tags
• Employer and occupation (collected for FEC compliance on contributions over $200)
• Call outcomes, pledge status, and follow-up records

Important: Your campaign is the data controller for all donor data entered into the app. You are responsible for having appropriate legal authorization to store and process donor information under applicable law, including but not limited to GDPR, CCPA, state privacy laws, and FEC regulations. DonorDialer is a tool that stores data on your behalf — we do not independently collect donor information.

2. How We Use Your Information

We use the information described above to:

• Provide and operate the DonorDialer app
• Authenticate your identity and manage your account
• Sync your campaign data across devices
• Enforce TCPA time-zone calling rules using donor address data
• Maintain Do Not Call suppression lists
• Generate reports and export files you request

We do not use your data or your donors' data for any purpose other than operating the app for your campaign.

3. Data Storage and Security

• All data is stored on Supabase (project ID: yxtvjkuybqnjnkzcompo.supabase.co), hosted on Amazon Web Services (AWS) infrastructure in the United States.
• Data is encrypted in transit using TLS and encrypted at rest using Supabase's standard encryption.
• Row-level security in the database ensures that each campaign's data is isolated. Users from one campaign cannot access another campaign's data.
• Authentication tokens are stored in the iOS Keychain on your device.

4. Data Sharing

We are explicit about what we do and do not share:

• No third-party analytics. We do not use Firebase Analytics, Mixpanel, Google Analytics, Facebook SDK, or any other third-party analytics service.
• No advertising networks. We do not serve ads or share data with advertising platforms.
• No data sales. We do not sell your data or your donors' data to anyone, for any reason.

We may share data with the following service providers solely to operate the app:

• Supabase — database hosting, authentication, and real-time sync
• Apple — push notification delivery (capability enabled for future versions; no notifications are sent in v1)

5. Data Retention

• Campaign data is retained as long as your account is active.
• Users can request account and data deletion by emailing tommy@borichhernandez.com. We will delete all data within 30 days.
• After deletion, data may be retained in automated backups for up to 30 days before being permanently removed.

6. Your Rights

You have the following rights regarding your data:

• Access: You can view all of your campaign and donor data within the app at any time.
• Correction: You can edit any data stored in the app.
• Export: You can export call logs and donor lists as CSV files from within the app.
• Deletion: You can delete your account and all associated campaign data.

To exercise any of these rights beyond what is available in the app, contact us at the email address below.

7. Children's Privacy

DonorDialer is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

8. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify account holders by email before the changes take effect.

9. Jurisdiction

This privacy policy is governed by the laws of the United States. The operating entity is Borich Hernandez Solutions LLC, a Virginia limited liability company.

10. Contact Us

For privacy-related questions or requests, contact:

Email: tommy@borichhernandez.com