Privacy Policy for ManageMyTrust

Last updated: 16 December, 2025

This Privacy Policy explains how Sudeep Ivan DSouza, operating as a sole proprietorship under the trade name "ManageMyTrust" (the "Owner," "we," "us," or "our"), processes personal data in connection with the ManageMyTrust platform (the "Service").

This Policy is designed to align with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and applies primarily in a business-to-business (B2B) context, where charitable trusts and non-governmental organizations (NGOs) use the Service to manage their own data.

We are committed to handling data lawfully, transparently, and securely.

1. Our Role in Data Processing

Because ManageMyTrust is used by organizations to manage their own operational data, our role differs depending on the type of data involved.

1.1 Data Processor – Customer Data (NGO Data)

For all data uploaded to the Service by or on behalf of an organization ("Customer Data"), including donor and beneficiary information:

• The organization using the Service is the Data Fiduciary under the DPDP Act.
• The Owner acts as a Data Processor and processes Customer Data strictly on documented instructions from the organization, as set out in the Terms and Conditions.
• We do not access, analyze, or use Customer Data for marketing, profiling, or any purpose unrelated to providing the Service.

1.2 Data Fiduciary – Service Data (Platform Operations)

For limited personal data required to operate and administer the Service ("Service Data"), such as administrator credentials and billing information:

• The Owner acts as the Data Fiduciary.
• This data is processed only for legitimate business purposes necessary to provide, secure, and maintain the Service.

2. Information We Collect

A. Customer Data (Processed on Behalf of Organizations)

Customer Data is uploaded and controlled by authorized users and may include:

• Donor information: names, contact details, donation history, and communication records.
• Beneficiary information: names, demographic data, project participation details, and, depending on the organization's activities, sensitive personal data such as health, caste, or financial information.
• Project and financial records: budgets, expenditures, and related operational data.

The Owner does not determine the content or legality of Customer Data and processes such data only as instructed by the organization.

B. Service Data (Collected Directly by Us)

• Account information: name, email address, phone number, and encrypted credentials of administrators and authorized users.
• Billing and subscription data: organization name, GSTIN (if applicable), billing address, invoices, and payment transaction references. Full payment card details are not stored by us.
• Technical and usage data: IP address, browser type, device identifiers, login timestamps, and interaction logs used for security, troubleshooting, and performance monitoring.

3. Legal Basis for Processing

• Performance of contractual obligations under the Terms and Conditions.
• Consent obtained by the organization from data principals where required.
• Legitimate uses necessary to operate, secure, and improve the Service.

4. How We Use Information

4.1 Use of Customer Data

• Storing, retrieving, and displaying data as instructed by authorized users.
• Generating internal reports and summaries.
• Providing technical support and maintaining platform security.

4.2 Use of Service Data

• Creating and managing user accounts.
• Processing subscriptions, payments, and invoicing.
• Communicating service-related notices and security alerts.
• Monitoring and improving system performance and security.

5. Disclosure and Sharing of Information

5.1 Sub-Processors

We use trusted third-party service providers who are contractually required to protect data and use it only to provide services to us.

5.2 Lawful Disclosure

We may disclose personal data if required by law, court order, or a valid governmental or regulatory request.

5.3 Business Transfer

In the event of a sale or transfer of the platform, data may be transferred to a successor entity subject to equivalent privacy protections.

6. Cross-Border Data Transfers

Data may be stored or processed in India or other jurisdictions in compliance with the DPDP Act and subject to safeguards and any restrictions notified by the Government of India.

7. Security Measures

• Encryption in transit and at rest.
• Role-based access controls.
• Regular system updates and monitoring.
• Secure cloud infrastructure.

8. Personal Data Breach Response

We will notify affected organizations without undue delay and assist them in meeting legal notification obligations where required.

9. Data Principal Rights

Organizations are responsible for handling rights requests related to Customer Data. For Service Data, individuals may contact us directly.

10. Data Retention and Deletion

Customer Data is retained only for the duration of active use. Upon termination, organizations have at least fifteen (15) days to export data before deletion or anonymization.

11. Changes to This Privacy Policy

Updates will be communicated via the Service or email. Continued use constitutes acceptance of the revised Policy.

12. Contact Information and Grievance Redressal

For the purposes of the Digital Personal Data Protection Act, 2023, the Owner acts as the Grievance Officer.