Privacy Policy
Last Updated: 20.11.2025
1. Who We Are
LLC Kisa.ge (Kisa.ge) - ID 400428319 - operates a donation platform that helps people easily receive contributions (hereinafter referred to as 'donations').
By using our services or accessing the platform, you confirm that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part, please do not use our platform.
2. Introduction
We take the protection and security of your personal data very seriously. This document explains what data we collect, on what legal basis, and for what purposes we process it, how we technically protect it, and what rights you have.
We may periodically update this Privacy Policy to reflect changes in our services, legal requirements, or security systems. The updated version will be published on this page and will take effect immediately upon publication.
Using our services after publication of an updated Privacy Policy means you agree to these changes.
If you have questions or comments regarding this Privacy Policy, you can contact us at: [email protected]
3. What Information Do We Process About You?
We collect only the data necessary for account creation, service provision, security, and compliance with legal obligations.
Below are the main categories of data that may be processed:
- Authentication and authorization data - Google account ID, first name, last name, email, profile picture; when using YouTube OAuth - channel ID, channel title, custom URL, and channel images.
- Personal and financial information (for verification/payment purposes) - first name, last name, personal ID, phone number, date of birth, gender, residential and legal address, citizenship, IBAN, income category, verification status, commission rate, and other data required by law or payment partner.
- Profile data - name, profile picture, username (for donation page), minimum donation amount, roles (e.g., user, YouTuber).
- Donation data - donor name (or anonymous), donation amount, message, order/transaction ID, associated goal.
- Social media data - TikTok, YouTube, Facebook, Instagram profiles or channels, respective usernames, and verification status.
- File upload data - file name, size, type, image dimensions, upload time, tags, and secure file URL.
- Payment and billing data - transaction ID, amount, status, type, payment method or partner. Card numbers are not stored; only encrypted data is stored when cards are saved, which doesn't allow full recovery.
- Technical and activity data - IP address, browser type, device type, request time, and error-related records for security and bug fixing.
- SMS verification data - phone number and one-time code (OTP), stored temporarily only for verification purposes.
- Deleted account archive - upon account deletion, we may retain a limited archived record (e.g., deletion date, reason, and minimal identification data) for legal obligations and dispute resolution.
4. Google and YouTube OAuth Data
You can register and access the platform using your Google account or YouTube channel (OAuth). During this process, we only receive the data you consent to share in the authorization window.
With Google OAuth, this includes, for example, your first name, last name, email, and profile picture. When using YouTube OAuth, we additionally receive basic public information about your channel (ID, name, channel picture, custom URL if applicable).
This data is used to create an account, for authentication, and to create your public profile on the platform (e.g., donation page with your name and picture).
Use and processing of Google user data fully complies with Google's requirements. Sensitive or restricted information received from Google is not used for advertising and is not shared with third parties outside the scope of this policy.
5. How We Collect Data
We collect data through various means:
• OAuth authorization - data received during Google and YouTube OAuth, necessary for account creation and authentication.
• Registration and verification forms - for verification, KYC requirements, or payment security, we may collect personal and financial information through special forms, including SMS code verification.
• Payment partners - certain data is received and transmitted to trusted payment providers during the payment process within legal and contractual obligations.
• Cookies, local storage, and technical logs - our web application may use cookies, localStorage, and server logs to help ensure security and functionality.
6. What Purposes Do We Use Data For?
We process your data only for purposes communicated to you in advance and in compliance with applicable law.
The main purposes of data processing are:
- Account creation and management - ensuring your registration, authentication, and profile management.
- Donation and service delivery - processing donations, displaying them in your and donors' interfaces, managing goals, and showing status and progress.
- Payment processing and financial accountability - executing and recording payments, maintaining necessary financial and accounting records to fulfill legal obligations.
- Security and fraud prevention - detecting, preventing, and monitoring unauthorized account access, abuse, and technical attacks.
- Service improvement - analyzing anonymized data to improve platform functionality, design, and stability.
- Communication - to notify you of important changes to terms, policies, service functionality, or security matters.
- Legal compliance - where we are legally required to retain or provide certain information to supervisory authorities or financial institutions.
7. Cookies and Local Storage
Our web application may use cookies and browser local storage (localStorage) to:
• Remember your language preference and certain settings;
• Ensure session management and authentication;
• Improve platform performance and security.
You can manage cookie usage through your browser settings. Disabling cookies may limit certain platform features.
8. Third-Party Services and Data Sharing
We do not sell user personal data.
Data is shared only in the following cases:
- Payment and financial partners - with trusted payment providers and banks that facilitate transactions, KYC/verification processes, and payment receipt/disbursement.
- Authentication and identity providers - for example, Google and YouTube for OAuth, to enable your authentication and account linking.
- SMS and communication services - to send OTP codes or other technical notifications to phone numbers.
- Analytics and monitoring services - to monitor platform performance, load, and errors; such services receive only the data necessary for monitoring and analytics.
- Law enforcement or regulatory authorities - only when required by law or necessary to protect our legal rights.
- User consent - when you request integration with third-party services or information sharing.
9. Publicly Visible Information
Part of our platform is designed to display public profiles and donation activity. For example:
• Your donation page contains your display name, profile picture, active goals, and optionally, social media links.
• In the donation feed and stream overlays, donor name (or 'anonymous'), donation amount, message, and associated goal may appear.
If you don't want your name to appear, you can choose anonymous donation mode when donating, where only the amount will be publicly visible.
10. Data Security
We use appropriate technical and organizational security measures to protect your data from unauthorized access, use, alteration, or disclosure.
Such measures may include encryption, access controls, logging and monitoring systems, regular technical reviews, and security best practices.
However, information transmitted over the internet or stored electronically cannot be 100% secure. We take all reasonable efforts to protect your data, but absolute security guarantees don't exist.
11. Data Retention Periods
Our goal is to minimize data retention and keep it only as long as necessary:
• To fully provide services;
• To comply with applicable law and financial/accounting obligations;
• To resolve disputes, complaints, or audits within a reasonable period.
Technical logs and temporary verification codes (e.g., SMS OTP) are retained for a limited, reasonable period and then deleted or anonymized. KYC/financial data may be retained longer due to financial and legal obligations.
Upon account deletion, core service data is deleted or anonymized, while a limited archive of data required by law or legitimate interest (e.g., for disputes) may be retained.
12. International Data Transfers
Your data may be processed and stored in various jurisdictions where our or our trusted partners' servers and infrastructure are located.
We only work with service providers who use appropriate security and data protection standards. For international transfers, contractual and legal mechanisms are used as needed to ensure adequate data protection.
By using the platform, you understand you're informed about the possibility of such international transfers.
13. Your Rights
Please note that the scope of specific rights may vary depending on applicable law. Generally, you have the right to:
• Receive information about what data we process about you;
• Request correction, update, or editing of your data if it is inaccurate or incomplete;
• In certain cases, request deletion of your data or restriction of its processing;
• Object to data processing if you believe it violates your rights;
14. Children's Privacy
Our services are not intended for individuals who have not reached age 18 or a higher age established by applicable law for using financial services or online payments.
If we learn that a minor has provided personal information without parental or legal guardian permission, such data will be deleted.
If you believe a minor has provided us with personal data, please contact us immediately at [email protected].
16. Contact Information
If you have questions, comments, or requests regarding this Privacy Policy or processing of your personal data, you can contact us at [email protected].
Also, under applicable law, you have the right to contact the relevant supervisory authority if you believe your personal data protection rights are being violated.
