Home/Support/Privacy Policy

Privacy Policy

Effective from: 22 April 2026 · Last updated: 22 April 2026

1. Scope

This policy explains how Buyesi Youth Initiative handles personal data collected via the /support checkout page at buyesi.org.

It does not cover donations made through other channels (for example, GoFundMe), which are governed by those platforms' own privacy notices.

2. Data controller

Buyesi Youth Initiative is a UK charity in formation. Once registered, the UK charity will act as sole data controller for data collected through this page. In the interim, the Buyesi team administers your data under UK GDPR standards.

Privacy enquiries: info@buyesi.org.

3. What we collect

When you donate through /support, we collect the minimum data needed to process your donation and — where applicable — deliver the Goat Guardian package:

  • Your name and email address
  • Your billing and shipping address, where applicable
  • The amount, date, currency and frequency of your donation (recorded by Stripe)
  • Any information you choose to share in correspondence with us

We do not collect:

  • your card number, CVV, or bank account details (these are handled exclusively by Stripe)
  • your IP address or browser fingerprint for tracking, analytics, or profiling
  • behavioural data — this site uses no analytics tools, no advertising cookies, and no tracking pixels

Your IP address is processed transiently by our hosting and rate-limiting systems for abuse prevention, but is not stored long-term or correlated with your identity.

4. How we use your data

  • To process your donation through Stripe
  • To deliver the Goat Guardian package to UK addresses, where applicable
  • To send programme updates to Guardians (see section 12)
  • To meet legal, financial and tax-record obligations
  • To detect and prevent fraud

5. Legal bases (UK GDPR)

  • Contract — to process your donation and, for £140 Guardians, send the accompanying items
  • Legitimate interests — keeping supporters informed about our work and preventing fraud
  • Legal obligation — financial and tax record-keeping
  • Consent — for any communications beyond the automatic Guardian updates

6. Subprocessors we rely on

We use the following trusted third parties. Each has its own published privacy commitments.

  • Stripe — payment processing
  • Vercel — web hosting
  • Neon — database (hosted in EU-West-2)
  • Media CDN — image and video delivery
  • Google Fonts — self-hosted at build time, so no external request is made from your browser
  • Email delivery provider — still being selected; likely one of Resend, SendGrid, Postmark or Mailgun. This policy will be updated once chosen.

We do not sell or share your personal data with any other third party for marketing purposes.

7. International data transfers

Our database is hosted in the UK (Neon on AWS London, eu-west-2). Stripe, our payment processor, may transfer transactional data to the United States under its own standard contractual clauses — full detail at stripe.com/privacy.

Our Uganda-based programme team may receive anonymised information to coordinate on-the-ground work, but no personal donor data is transferred outside the UK.

8. How long we keep your data

We retain donor records for 7 years after your last contribution, in line with HMRC record-keeping norms for charitable organisations. After that, we delete or anonymise the data.

9. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you
  • have inaccurate data corrected
  • ask us to erase your data (subject to our legal retention obligations)
  • restrict or object to our processing
  • receive a portable copy of your data
  • withdraw consent for non-essential communications at any time

To exercise any of these rights, email info@buyesi.org. We will respond within 30 days.

You also have the right to complain to the UK Information Commissioner's Office (ICO) — ico.org.uk, 0303 123 1113 — if you believe we have mishandled your data.

10. Children and beneficiaries

This website is intended for adult supporters only. We do not knowingly collect personal data from anyone under 18.

Our programme supports children in rural Uganda. We hold written media consent from the parent or guardian of every child who appears in our photography and updates. We do not publish the names of children we support, and Guardians are not told the name of the specific child their contribution supports.

11. Security and breach notification

We protect data using encrypted transport (HTTPS) and encrypted-at-rest databases.

In the event of a personal data breach likely to affect your rights, we will notify the ICO within 72 hours and contact affected supporters directly.

12. Marketing and unsubscribing

Becoming a £140 Goat Guardian automatically subscribes you to programme updates about our work and the impact of your contribution. For child-safeguarding reasons, updates do not identify the specific child supported — see section 10. You can unsubscribe at any time by emailing info@buyesi.org. Unsubscribing does not cancel your donation — we will simply stop sending updates.

We do not currently operate a general newsletter for non-Guardians.

13. Changes to this policy

We may update this policy as our operations evolve. The “Last updated” date above always reflects the current version. For material changes we will notify existing supporters by email.

14. Contact

Data protection enquiries: info@buyesi.org.