Privacy Policy

Last Updated:

Your Privacy Matters
Qiwako is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data.

Information We Collect

We collect information to provide better services to our users. The types of information we collect include:

1.1 Information You Provide

  • Account Information: Username, email address, password (encrypted), and organization/tenant name
  • Profile Information: First name, last name, and optional profile details
  • Content: Pages, blog posts, media files, and other content you create within the platform
  • Donation Information: Donor names, donation amounts, payment proof uploads, and campaign-related data
  • Contact Messages: Information submitted through contact forms including name, email, institution, and message content

1.2 Automatically Collected Information

  • Usage Data: Page views, click tracking, form submissions, and user behavior analytics
  • Device Information: Browser type, operating system, device type, and screen resolution
  • Log Data: IP addresses, access times, pages visited, and referring URLs
  • Cookies: Session cookies, preference cookies, and analytics cookies
  • Security Logs: Login attempts, failed authentication, and security events for audit purposes

1.3 Third-Party Information

  • OAuth Authentication: If you sign in with Google or Facebook, we receive basic profile information (name, email) from these services
  • Analytics: Google Analytics 4 data (when enabled by tenant administrators)

How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Qiwako CMS platform
  • Account Management: To create and manage your user account and tenant organization
  • Authentication: To verify your identity and secure your account (including MFA and biometric login)
  • Content Management: To store, display, and manage your content (pages, posts, media)
  • Analytics: To understand how users interact with the platform and improve user experience
  • Communication: To send important notifications, updates, and respond to your inquiries
  • Security: To detect, prevent, and respond to security threats, fraud, and abuse
  • Compliance: To comply with legal obligations and enforce our Terms of Service
  • Feature Development: To develop new features and improve existing functionality

Data Storage and Security

3.1 Multi-Tenant Architecture

Qiwako uses a multi-tenant architecture where:

  • Each tenant's data is logically isolated and scoped to their organization
  • Tenant administrators have full control over their organization's data
  • Cross-tenant data access is prevented through middleware and permission checks

3.2 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: Passwords are hashed using secure algorithms (bcrypt/Argon2)
  • HTTPS: All data transmission is encrypted using SSL/TLS
  • Access Control: Role-based access control (RBAC) with granular permissions
  • Authentication: Multi-factor authentication (MFA) support for enhanced security
  • Brute Force Protection: Account lockout and IP blocking after failed login attempts
  • DDoS Protection: Rate limiting and traffic pattern detection
  • Content Security Policy: CSP headers to prevent XSS attacks
  • Audit Logging: Complete audit trail of all administrative actions
  • File Upload Security: Extension and MIME type validation for uploaded files

3.3 Data Retention

  • Active Accounts: Data is retained as long as your account is active
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion
  • Audit Logs: Security and audit logs are retained for compliance purposes (typically 90 days to 1 year)
  • Backups: Backup data is retained according to our backup retention policy

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 With Your Consent

We will share your information when you explicitly authorize us to do so.

4.2 Within Your Tenant Organization

Information is shared with other users within your tenant organization based on their role and permissions.

4.3 Service Providers

We may share information with trusted third-party service providers who assist us in operating the platform:

  • Cloud hosting providers (for infrastructure)
  • Email service providers (for transactional emails)
  • Analytics providers (Google Analytics, when enabled)
  • Payment processors (for donation processing)

4.4 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, such as:

  • Court orders or subpoenas
  • Government or regulatory investigations
  • Protection of our legal rights
  • Prevention of fraud or security threats

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

5.1 Essential Cookies

  • Session Cookies: Required for authentication and session management
  • CSRF Tokens: Security tokens to prevent cross-site request forgery

5.2 Functional Cookies

  • User Preferences: Theme selection (light/dark mode), language preferences
  • Pop-up Tracking: "Show once" tracking for announcement pop-ups

5.3 Analytics Cookies

  • Google Analytics: When enabled by tenant administrators for usage analytics
  • Internal Analytics: Page view tracking, click tracking, and form submission tracking

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.

Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

  • Request a copy of your personal data
  • Export your content and data in a portable format

6.2 Correction and Update

  • Update your profile information at any time
  • Correct inaccurate or incomplete data

6.3 Deletion

  • Request deletion of your account and associated data
  • Delete specific content or media files

6.4 Opt-Out

  • Disable analytics tracking (contact your tenant administrator)
  • Opt out of non-essential communications
  • Disable push notifications

6.5 Data Portability

Tenant administrators can export their organization's data using the export functionality in the dashboard.

Children's Privacy

Qiwako is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately so we can delete it.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending a notification to registered users (for significant changes)

Your continued use of Qiwako after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Qiwako CMS

Email: [email protected]

Website: qiwako.com

Back to Home Terms of Service