GDPR Data Processing

Our Commitment to GDPR

AgarCo is committed to protecting the privacy of EU/EEA residents in compliance with the General Data Protection Regulation (GDPR). This policy outlines how we handle personal data under GDPR.

Data Controller vs Data Processor

For your account data (name, email, payment info), AgarCo acts as the Data Controller. For donor data processed through the plugin, you (the nonprofit) are the Data Controller and AgarCo is not a processor — donor data stays in your WordPress database and never reaches our servers.

Legal Basis for Processing

• Contract performance — processing your account data to provide the service you purchased
• Legitimate interest — anonymized usage analytics to improve the product
• Consent — marketing emails (opt-in only, unsubscribe anytime)

Your GDPR Rights

If you are in the EU/EEA, you have the following rights:

• Right to access — request a copy of all personal data we hold about you
• Right to rectification — correct inaccurate personal data
• Right to erasure — request deletion of your personal data ("right to be forgotten")
• Right to portability — receive your data in a machine-readable format
• Right to restriction — restrict processing of your data
• Right to object — object to processing based on legitimate interest

To exercise any of these rights, email legal@agarco.org. We will respond within 30 days.

GDPR Tools in the Plugin

AgarCo Donate Pro includes built-in GDPR compliance tools for your donors: consent checkboxes on donation forms, data export (one-click donor data export), and data deletion (remove a donor's personal data while preserving anonymized financial records for accounting).

Data Transfers

We do not transfer personal data outside the EU/EEA without appropriate safeguards. Our servers use Standard Contractual Clauses (SCCs) for any data processing that occurs outside the EEA.