Privacy Policy

Last updated: March 1, 2026

Overview

AgarCo ("we", "us", "our") operates the AgarCo Donate WordPress plugin and the agarco.org website. This Privacy Policy describes how we collect, use, and protect your personal information when you use our products and services.

We collect only what's necessary to provide our service. We never sell your data. We never share donor information with third parties for marketing purposes.

Information We Collect

Account information

When you create an AgarCo account, we collect your name, email address, and payment information (processed securely by your chosen payment gateway — we never store card numbers).

Plugin usage data

When the plugin is activated, it may send anonymized, non-personal data to our servers including the WordPress version, PHP version, plugin version, and active gateway count. This helps us prioritize compatibility. You can opt out in plugin settings.

Donor data

Donor data (names, emails, donation amounts, addresses) is stored exclusively in your WordPress database. AgarCo does not have access to your donor data. If you use our Phase 2 Django ERP (coming soon), donor data is transmitted via signed webhooks that you configure and control.

How We Use Your Information

We use collected information to provide and improve our service, process license payments, send transactional emails (receipts, renewal reminders, security alerts), and provide customer support. We do not use your information for targeted advertising.

Data Storage & Security

Account data is stored on secure servers with encryption at rest and in transit (TLS 1.3). We use industry-standard security measures including regular security audits, access controls, and monitoring. Payment processing is handled by PCI DSS certified gateways including Stripe, PayPal, Paystack, Flutterwave, Mollie, Square, Razorpay, and Authorize.net.

Third-Party Services

We use the following third-party services that may process limited data on our behalf:

  • Payment gateways — Stripe, PayPal, Paystack, and other supported gateways for license purchases and donation processing
  • Your SMTP provider — email delivery via any SMTP service you configure (Mailgun, SendGrid, Amazon SES, Zoho, etc.)
  • ExchangeRate-API — live currency conversion rates (no personal data transmitted)

Your Rights

You have the right to access, correct, or delete your personal data at any time. You can export or delete your account data from your account dashboard, or email us at legal@agarco.org. For EU/EEA residents, see our GDPR policy for additional rights.

Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this policy from time to time. We'll notify you of material changes via email or a notice on our website at least 30 days before changes take effect.

Questions about this policy?
Email us at legal@agarco.org and we'll respond within 2 business days.
Other legal pages