Privacy Policy

Last updated: 28 April 2026

allSTEAM ("we", "us") is a not-for-profit organisation based in The Gambia. We are committed to protecting the privacy of visitors, donors, and programme participants. This page explains what data we collect, why, and the rights you have over it. It is written to align with the EU General Data Protection Regulation (GDPR) and similar privacy laws.

1. Who we are

Data controller: allSTEAM, The Gambia. Contact: info@allsteam.org.

2. What we collect

  • Donation data — when you donate by card, your name (optional), email (optional, for the receipt), donation amount, and frequency. Card details are entered directly into Stripe and never touch our servers.
  • Contact form messages — your name, email, and message content, used only to reply to you.
  • Technical data — IP address, browser type, and pages visited, stored in short-lived server logs for security and abuse prevention.

3. Why we use it

  • To process your donation and send you a receipt (legal basis: contract).
  • To manage recurring donations you set up (legal basis: contract).
  • To respond to enquiries you send us (legal basis: legitimate interest).
  • To prevent fraud and protect the site (legal basis: legitimate interest).
  • To meet accounting and tax record-keeping obligations (legal basis: legal obligation).

We do not use your data for advertising, and we do not sell or rent it to anyone.

4. Who we share it with

We rely on a small number of trusted processors:

  • Stripe — payment processing. See Stripe's privacy policy.
  • Cloudinary — hosting of programme images.
  • Lovable Cloud (Supabase) — application hosting and a database that stores donation records (excluding card numbers).
  • Namecheap — email hosting for the @allsteam.org mailbox we use to reply to you.

5. How long we keep it

  • Donation records: 7 years, to meet accounting requirements.
  • Contact-form messages: up to 24 months after our last reply.
  • Server logs: up to 30 days.

6. Your rights

You have the right to access, correct, export, restrict, or erase your personal data, and to object to its processing. To exercise any of these rights, email info@allsteam.org. Note that we may need to keep some records (e.g. donation receipts) for legal or accounting reasons even after a deletion request.

For monthly donations, you can update your card or cancel any time at allsteam.org/manage-donation.

7. Cookies

We use only the strictly necessary cookies required to make the site and Stripe checkout function. We do not use advertising or third-party tracking cookies. As a result, no cookie consent banner is required.

8. International transfers

Some of our processors (Stripe, Cloudinary, Lovable Cloud) store data outside The Gambia, including in the EU and the United States. Where required, transfers rely on Standard Contractual Clauses or equivalent safeguards.

9. Security

The site is served over HTTPS with strict security headers (Content Security Policy, HSTS, frame-deny). Card data is handled exclusively by Stripe under PCI-DSS. Database access is restricted by row-level security so donation records are not publicly readable.

10. Changes

We will update this page if our practices change. The "last updated" date at the top reflects the most recent change.

← Back to home