bakoffice Privacy Policy

1. Our Commitment to Privacy

bakoffice believes in using data responsibly to advance the public good. We collect and process information only as needed to operate, improve, and secure our Services - never to sell, trade, or exploit your data for profit.

We follow the principles of lawfulness, fairness, transparency, data minimization, and purpose limitation, consistent with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

2. Information We Collect

We collect information from three primary sources:

a. Information You Provide

When you register, use our tools, or contact us, you may provide:

• Name, email, and organizational affiliation
• Account credentials and contact preferences
• Payment or donation information (if applicable)
• Any program or impact data you choose to upload or store

b. Information from Beneficiaries

Some bakoffice tools are used by nonprofits to manage or report on their beneficiaries or program participants. We may receive limited data about those individuals or organizations only as part of your organization's legitimate use of the Services.

We process such data strictly under data processing agreements and confidentiality safeguards. Where possible, we encourage anonymization or aggregation of beneficiary data.

c. Automatically Collected Data

When you visit or use the Services, we may automatically collect:

• Browser, device, and operating system details
• IP address and usage logs
• Cookies or analytics identifiers (for performance only)

We do not use cookies for advertising or third-party marketing.

3. How We Use Information

We use personal data to:

• Operate, maintain, and improve our Services
• Support users, members, and beneficiaries
• Conduct aggregated, anonymized analysis for mission-related insights
• Communicate about updates, support, or service changes
• Ensure security, compliance, and accountability consistent with our nonprofit status

All processing of personal data is based on one or more lawful bases under GDPR, including legitimate interest, consent, contractual necessity, or legal obligation.

4. How We Share Information

We do not sell or rent personal information.

We may share data only in the following limited situations:

• With trusted service providers (e.g., secure cloud hosting, analytics, payment processors) under binding confidentiality agreements
• To comply with laws, regulations, or valid legal requests
• In anonymized or aggregated form for public-interest research, reporting, or transparency initiatives

Any third-party processors acting on our behalf are required to protect your information to at least the same standard as this Policy.

5. Data from Beneficiaries and Stakeholders

When organizations use bakoffice tools to collect or manage data about their beneficiaries or stakeholders:

• The organization acts as the "data controller", responsible for ensuring proper consent.
• bakoffice acts as the "data processor", processing data only under the organization's instructions.
• We apply technical and organizational measures to safeguard this data and delete it upon request or project completion.

We never use beneficiary-level data for marketing, profiling, or unrelated analysis.

6. International Data Transfers

bakoffice is based in the United States. If you access our Services from outside the U.S., your information may be transferred to and processed in the United States or other countries where our vendors operate.

We take appropriate safeguards (such as Standard Contractual Clauses or equivalent agreements) to ensure that your data remains protected under GDPR standards.

7. Data Retention

We retain data only as long as necessary to fulfill the purposes outlined in this Policy or as required by law. You may request deletion or export of your data at any time by contacting info@bakoffice.org.

8. Security

We employ reasonable administrative, technical, and physical safeguards to protect information against unauthorized access, disclosure, or destruction. Despite these measures, no online system is completely secure. Users are encouraged to use secure passwords and devices.

9. Your Rights

Under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase data ("right to be forgotten")
• Restrict or object to processing
• Portability of your data to another controller
• Withdraw consent where processing is based on consent

You may exercise these rights by contacting info@bakoffice.org.

If you believe your data protection rights have been violated, you may lodge a complaint with your local Data Protection Authority (DPA).

Under CCPA/CPRA (California Residents)

If you are a California resident, you have the right to:

• Request disclosure of the categories and sources of data we collect
• Request deletion of personal information (subject to legal exceptions)
• Opt out of any sale or sharing of data (bakoffice does not sell data)
• Be free from discrimination for exercising privacy rights

To make a CCPA/CPRA request, contact info@bakoffice.org.

10. Children's Privacy

Our Services are not directed to children under age 18, and we do not knowingly collect personal data from them. If we discover such data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or mission-related changes. The "Last Updated" date above indicates the most recent version. We will notify users of significant updates via email or on our website.

12. Contact Us