Privacy Policy

Last Updated: April 18, 2026

1. Introduction

AZR Tech-Solutions, LLC (“AstraGive,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, store, and protect information about you when you access or use the AstraGive text-to-give platform, our website at astragive.com, our SMS donation services, our APIs, and any related products or services (collectively, the “Services”).

By using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Services.

2. Who This Policy Applies To

This Policy applies to three categories of users:

Donors — individuals who initiate donations by text message or through a donation checkout link.
Organizations — nonprofits, charities, religious institutions, and other recipients who sign up to receive donations through AstraGive.
Visitors — anyone browsing our website without signing up or donating.

3. Information We Collect

3.1 Information You Provide Directly

Donor data: mobile phone number, name, email address, billing address, and donation amount.
Payment information: card number, expiration date, and CVV are collected and processed directly by our PCI-compliant payment processor (Stripe). AstraGive does not store full card numbers on our servers.
Organization data: organization name, EIN/tax ID, 501(c)(3) or equivalent status, authorized signer contact details, banking or payout information (via Stripe), and campaign details.
Communications: messages sent to our support channels, survey responses, or any content you submit to us.

3.2 Information Collected Automatically

Device & log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
Cookies & similar technologies: session cookies, analytics identifiers, and (where enabled) performance cookies. See Section 9.
SMS metadata: inbound/outbound message timestamps, short-code or long-code routing information, and delivery status — provided by our telecom partner (Twilio or equivalent).

3.3 Information From Third Parties

We may receive information from payment processors (transaction status, dispute data), identity verification vendors (KYC/AML results for organizations), and fraud-prevention services.

4. SMS Data & Consent Integrity (Telecom Compliance)

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text-messaging originator opt-in data and consent; this information will not be shared with any third parties.

AstraGive complies with the Telephone Consumer Protection Act (TCPA), CTIA Messaging Principles & Best Practices, and A2P 10DLC carrier requirements. By texting a donation keyword, you consent to receive transactional SMS messages (checkout link, receipt, HELP response, and STOP confirmation) at the number you texted from. Opt-in is exclusively user-initiated; we do not purchase, rent, or import phone lists.

5. How We Use Your Information

We process personal data for the following purposes:

To facilitate donations, including generating checkout links, processing payments, and issuing receipts.
To send transactional SMS and email messages related to donations you initiate.
To verify organization eligibility, detect fraud, and comply with anti-money-laundering (AML) obligations.
To provide customer support and respond to your inquiries.
To maintain, secure, and improve the Services, including analytics and debugging.
To comply with legal obligations, court orders, and lawful government requests.
To enforce our Terms of Service and protect the rights, safety, and property of AstraGive, our users, and the public.

6. Legal Bases for Processing (GDPR / UK GDPR)

If you are in the European Economic Area or the United Kingdom, we process your data under the following legal bases:

Contract: to perform our agreement with you (e.g., processing a donation you initiated).
Legitimate interests: to operate, secure, and improve the Services, provided your rights do not override ours.
Consent: where required by law, including for non-essential cookies or marketing emails — you may withdraw consent at any time.
Legal obligation: to comply with tax, financial-reporting, and anti-fraud laws.

7. How We Share Information

We do not sell your personal information. We share information only in these limited circumstances:

Recipient organizations: when you donate, we share your name, email, donation amount, and (if applicable) designation with the receiving organization for receipting and acknowledgement.
Service providers: Stripe (payments), Twilio or equivalent (SMS delivery), Vercel (hosting), Supabase or equivalent (database), analytics and error-monitoring vendors — all bound by contractual confidentiality and data-protection terms.
Legal and regulatory disclosures: in response to valid subpoenas, court orders, or to comply with applicable laws, including tax-reporting and AML.
Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
With your consent: for any other purpose disclosed to you at the time of collection.

8. Data Retention

We retain personal data for as long as necessary to provide the Services and fulfill the purposes described in this Policy. Specifically:

Donation records: retained for at least seven (7) years to comply with IRS and financial recordkeeping requirements.
SMS opt-in and consent logs: retained while your number is opted in, plus a reasonable period after opt-out to evidence consent history as required by TCPA.
Account data for organizations: retained while the account is active and for up to three (3) years after closure for audit and legal-defense purposes.
Analytics and log data: typically retained for 12–24 months.

When retention periods expire, data is deleted, anonymized, or aggregated in a way that no longer identifies you.

9. Cookies & Tracking Technologies

We use cookies and similar technologies for essential functionality (authentication, fraud prevention), performance analytics, and — if you consent — marketing measurement. You can manage cookie preferences through your browser settings or our cookie banner where available. Disabling essential cookies may affect the Services.

10. Your Privacy Rights

10.1 U.S. State Privacy Rights (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, and others)

Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have the right to:

Know what personal information we collect, use, and disclose.
Request access to, correction of, or deletion of your personal information.
Opt out of “sales” or “sharing” of personal information (we do not sell or share for cross-context behavioral advertising).
Opt out of targeted advertising and profiling for significant decisions.
Limit the use of sensitive personal information.
Non-discrimination for exercising your rights.

10.2 GDPR / UK GDPR Rights

If you are in the EEA or UK, you have the right to access, rectify, erase, restrict processing, object, and port your personal data, and to lodge a complaint with your local supervisory authority.

10.3 How to Exercise Your Rights

Submit a request to privacy@astragive.com. We will verify your identity and respond within the timeframes required by applicable law (typically 30–45 days). You may designate an authorized agent.

11. Children’s Privacy

The Services are not directed to children under 13 (or 16 in the EEA/UK), and we do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly. Parents or guardians who believe a child has provided data may contact privacy@astragive.com.

12. International Data Transfers

AstraGive is based in Texas, United States, and the Services are hosted in the U.S. If you access the Services from outside the U.S., your information will be transferred to, stored, and processed in the U.S. Where required, we rely on Standard Contractual Clauses, UK International Data Transfer Addenda, or equivalent safeguards for cross-border transfers.

13. Security

We implement administrative, technical, and physical safeguards designed to protect your personal information, including TLS 1.2+ encryption in transit, encryption at rest for sensitive fields, strict access controls, and PCI-DSS-compliant payment handling via Stripe. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify you and applicable regulators as required by law.

14. Third-Party Links and Services

Our Services may link to third-party websites or rely on third-party services (e.g., Stripe, Twilio). Their privacy practices are governed by their own policies, and AstraGive is not responsible for their practices. We encourage you to review their policies before providing personal information.

15. Do Not Track

Our website does not currently respond to Do Not Track (“DNT”) browser signals because no industry standard has been established. We honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing where applicable.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last Updated” date and, for material changes, notify you by email or through the Services at least 30 days before they take effect. Your continued use of the Services after the effective date constitutes acceptance.

17. Contact Us

For privacy questions, requests, or complaints, contact:

AZR Tech-Solutions, LLC — Privacy Team (a Texas limited liability company)
Email: privacy@astragive.com
General support: support@astragive.com