Donato Privacy Policy

Introduction

Last updated: March 2026

Donato (we, our, us) provides a website platform and a browser extension that help users discover discounts and support creators while shopping online. This Privacy Policy explains how we collect, use, store, and protect information when you use:

• The Donato website https://donato.digital
• The Donato Browser Extension (available via the Chrome Web Store)

Please read the section relevant to the service you use.

1. Website Privacy

This section applies to the Donato website.

1.1 Information We Collect

When you use the Donato website, we may collect:

• Email address (if you register or log in)
• Account information (username, profile data)
• Creator allocations or preferences
• Communication data (if you contact support)
• Basic technical data (IP address, browser type, device type, operating system)
• Cookies and similar technologies for authentication and functionality

1.2 How We Use Website Data

We use this information to:

• Create and manage user accounts
• Enable creator support functionality
• Authenticate users via Google OAuth
• Maintain platform security and prevent fraud
• Improve website performance and user experience
• Respond to support requests
• Comply with legal obligations

1.3 Cookies

We use cookies for authentication, session management, security, and core functionality. We do not use cookies to sell user data or for advertising profiling.

1.4 Infrastructure and Service Providers

To operate the platform, we use the following third-party infrastructure providers who process data on our behalf under our instructions:

• Google LLC — authentication via Google OAuth (Google's Privacy Policy: https://policies.google.com/privacy)
• Render Services, Inc. — cloud infrastructure hosting our backend API in Virginia, USA (US East region)

These providers act as data processors and do not use your data for their own independent purposes.

1.5 Data Sharing

We do not sell personal data. We do not share personal data with third parties except: when required by applicable law or valid government request, with professional advisors (legal, accounting) under confidentiality obligations, or in the event of a merger or acquisition (users will be notified).

1.6 Data Storage and International Transfers

Your data is stored on servers operated by Render Services, Inc. in Virginia, United States. If you are located in the European Union, your data is transferred to the US. We rely on Standard Contractual Clauses (SCCs) as required under applicable data protection law to protect such transfers.

1.7 Data Retention

We retain account data only as long as necessary to provide services or comply with legal obligations. You may request account deletion by contacting [email protected].

2. Browser Extension Privacy

This section applies specifically to the Donato Browser Extension. The extension helps users find discounts and support creators while shopping on supported online stores.

2.1 What the Extension Does

The extension may:

• Detect supported merchants based on the website hostname
• Identify checkout or cart pages
• Search for available coupon codes
• Test coupon codes when initiated by the user
• Redirect users through Donato attribution links to enable creator support
• Allow optional user login via Google OAuth

2.2 Information Collected by the Extension

When visiting supported e-commerce websites, the extension may collect and process:

• Website hostname (e.g., example.com) — to detect supported stores
• Current page URL — to detect checkout and cart pages
• Merchant identifiers — to match available discount codes
• Coupon codes being tested — to validate discounts
• Cart totals before and after coupon attempts — to measure savings
• Currency information
• Whether a coupon attempt succeeded or failed

The extension only processes information required for merchant detection, discount validation, and attribution. It does not access payment information, passwords, or unrelated browsing data.

2.3 How We Use Extension Data

Data collected by the extension is used strictly to:

• Determine if a store is supported
• Identify and validate discount codes
• Measure savings achieved for users
• Enable creator attribution and commission tracking
• Improve coupon accuracy and extension performance
• Maintain platform security

2.4 Authentication (Optional)

If you choose to log in via Google, we receive your email address and a secure authentication token. We do not receive or store your Google password. Login is entirely optional.

2.5 Infrastructure and Service Providers

Extension-related data is securely transmitted via HTTPS to https://api.donato.digital. The following third-party providers process data on our behalf:

• Google LLC — optional authentication via Google OAuth
• Render Services, Inc. — backend infrastructure in Virginia, USA

When a user activates a merchant link, anonymised attribution signals (click identifier, merchant ID) may be processed by affiliate tracking infrastructure (currently Impact, impact.com) solely for the purpose of attributing purchases. No personal identity data (name, email, or account information) is transmitted to affiliate networks.

2.6 What We Do NOT Collect

The extension does not collect:

• Credit card numbers or payment details
• Passwords or credentials for other websites
• Personal messages or private communications
• Full browsing history unrelated to supported merchant detection
• Sensitive personal data of any kind

2.7 User Controls

You can uninstall the extension at any time via Chrome settings, log out of your account, disable extension features, or request deletion of your data by contacting [email protected]. Uninstalling the extension stops all extension-related data processing immediately.

2.8 Data Storage and International Transfers

Extension-related data is stored on Render Services, Inc. servers in Virginia, United States. EU users: data is transferred under Standard Contractual Clauses (SCCs).

2.9 Data Retention

We retain extension-related data only as long as necessary to provide attribution services, improve discount accuracy, maintain security, and comply with legal requirements. You may request deletion at [email protected].

3. Security

We implement technical and organisational safeguards to protect user information. All communication with our servers uses HTTPS encryption. Access to personal data is restricted to authorised personnel only.

4. Your Rights

Depending on your location, you may have the right to: access your data, correct inaccurate data, request deletion, restrict processing, receive your data in portable format, or object to certain processing. To exercise any right, contact [email protected]. We will respond within 30 days.

5. Minors

Donato services are intended for users aged 18 and older. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, contact us at [email protected] and we will delete it promptly.

6. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the Last updated date. We encourage you to review this policy periodically.

7. Contact

For questions about this Privacy Policy or to exercise your data rights, please contact:

• [email protected]
• https://donato.digital