Privacy Policy

Last updated: August 25, 2025
This Privacy Policy describes how Donna collects, uses, and protects your personal information when you use our services.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address and name
  • Organization/business information
  • Account preferences and settings
Business Data

Through our integrations with third-party services, we may access:

  • Transaction and payment data from Square, Stripe, and other POS systems
  • Financial records from QuickBooks, Xero, and other accounting systems
  • Customer and sales information for analytics purposes
  • Location and operational data for business insights
Usage Information

We automatically collect:

  • Log data including IP addresses, browser type, and access times
  • Usage patterns and feature interactions within the application
  • Error logs and performance metrics for service improvement

2. How We Use Your Information

We use your information to:

  • Provide our services: Process and analyze your business data to generate insights and reports
  • Maintain integrations: Connect with third-party services on your behalf using OAuth tokens
  • Improve our platform: Analyze usage patterns to enhance features and performance
  • Customer support: Respond to your questions and provide technical assistance
  • Security: Monitor for and prevent fraudulent or unauthorized activity
  • Communications: Send you service updates, security alerts, and support messages

3. Information Sharing

We do not sell your personal information. We may share your information only in these limited circumstances:

Service Providers

We work with trusted third-party service providers who help us operate our platform, such as:

  • Cloud hosting providers (for secure data storage)
  • Analytics services (for aggregated usage statistics)
  • Customer support tools (to help resolve your issues)
Legal Requirements

We may disclose your information if required by law, court order, or to protect the rights and safety of our users and the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction.

4. Third-Party Integration Privacy

When you connect third-party services (Square, QuickBooks, etc.), you grant us permission to access specific data from those services. We:

  • Only access data necessary for our services
  • Store OAuth tokens securely using industry-standard encryption
  • Respect the permissions and scopes you grant during connection
  • Allow you to disconnect integrations at any time

5. Data Security

We implement appropriate technical and organizational security measures:

  • Encryption: All sensitive data is encrypted both in transit and at rest
  • Access controls: Strict employee access controls and regular security training
  • Infrastructure: Secure cloud infrastructure with regular security updates
  • Monitoring: Continuous monitoring for security threats and vulnerabilities

6. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations. When you delete your account:

  • We delete your personal account information
  • Business data may be retained for legitimate business purposes or legal requirements
  • Aggregated, anonymized data may be retained for analytics and service improvement

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request your data in a portable format
  • Disconnect: Remove third-party integrations at any time through your account settings

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable privacy laws.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending you an email notification (if you have an account)
  • Displaying a notice in the application

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

Donna Privacy Team
Email: privacy@donnasays.com
Support: Visit our Support page
We will respond to privacy requests within 30 days.
← Back to Home View EULA