← Back to donation page

Privacy Policy

Last updated: March 2026  ·  Applies to aidproof (the "Website")

1. Who we are (Controller)

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Rauf Boudenne
Jägerstraße 18, 85757 Karlsfeld, Germany
Email: aidproof@gmail.com

Aidproof is a private, non-commercial humanitarian initiative. It is not a registered charity, association, or company. No tax-deductible donation receipts are issued.

2. What data we collect

Data you provide voluntarily

When you fill in the donation form, you may — entirely optionally — provide:

• Your name
• Your email address
• A messenger handle (WhatsApp, Telegram, or Signal) for proof-of-delivery
• A free-text note or message

If you activate the "Donate anonymously" option, none of the above is collected or stored. The donation still proceeds normally.

Regardless of anonymity, we also record the items you selected, the amount you entered, a donation reference ID (generated in your browser), and the timestamp of submission.

Data generated automatically

When you use this Website, your browser transmits technical data to our backend service (Google Apps Script). This may include your IP address. We do not log or store IP addresses ourselves; see Section 4 for Google's role.

Payments are made directly through PayPal. We never see your PayPal credentials, card number, or bank details. See Section 4 for PayPal's role.

3. Why we collect it and legal basis

We process your personal data solely to:

• Record and verify your donation
• Generate and store your donation receipt (PDF)
• Send you a personalised proof of delivery (photo/video) via the contact method you provided
• Send you a confirmation email (if you provided an email address)

The legal basis is your freely given, specific, informed consent under Art. 6(1)(a) GDPR, which you give by checking the consent box in the donation form.

4. Who receives your data

a) Google LLC (United States)

We use the following Google services to operate this Website:

• Google Apps Script — receives and processes your form submission
• Google Sheets — stores donation records (name, email, contact, items, amount)
• Google Drive — stores your PDF receipt (shared via link only)
• Gmail — sends confirmation emails to donors and notifications to us

Google acts as a data processor on our behalf. Data is processed in accordance with Google's Privacy Policy. Google LLC participates in the EU–US Data Privacy Framework and applies Standard Contractual Clauses (SCCs) for transfers to the United States (details).

b) PayPal (S.à r.l. et Cie, S.C.A., Luxembourg)

Payments are processed through a personal PayPal pool. When you click "Donate via PayPal", you are redirected to PayPal's own platform. PayPal is an independent data controller for that transaction; we receive no access to your PayPal account or payment credentials. Please review PayPal's Privacy Policy.

c) No other third parties

This Website does not use any advertising networks, social media trackers, or analytics services. All fonts and scripts are served from our own server — no external CDN requests are made when you visit this page.

5. Data transfers outside the EU

Google LLC is a US company. Transfers to the United States are safeguarded by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR, and Google's participation in the EU–US Data Privacy Framework (Art. 45 GDPR adequacy decision).

PayPal S.à r.l. et Cie, S.C.A. is headquartered in Luxembourg (within the EU/EEA) and subject to GDPR directly.

6. How long we keep your data

We retain personal data for as long as necessary to process and document your donation and to send proof of delivery — typically no longer than 3 years from the date of donation, after which records are deleted.

If you request deletion before that period, we will erase your data promptly unless a legitimate interest (e.g. resolving a dispute) requires us to retain it longer.

PDF receipts stored in Google Drive may be deleted at any time upon your request.

7. Session storage

This Website uses your browser's sessionStorage to temporarily save your form entries while you complete the PayPal payment, so that your data is not lost if you navigate away and return. SessionStorage is stored only in your browser and is automatically deleted when you close the browser tab. It is never transmitted to any server independently of your deliberate form submission.

8. No cookies, no analytics

This Website does not set any cookies — neither session cookies nor persistent cookies. We do not use Google Analytics, Meta Pixel, or any other tracking or analytics tool. No user profiles are created and no behavioural data is collected.

9. Your rights

Under the GDPR you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — you may request a copy of the data we hold about you.
• Right to rectification (Art. 16 GDPR) — you may ask us to correct inaccurate data.
• Right to erasure (Art. 17 GDPR) — you may ask us to delete your data ("right to be forgotten").
• Right to restriction (Art. 18 GDPR) — you may ask us to restrict processing in certain circumstances.
• Right to data portability (Art. 20 GDPR) — you may request your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR) — you may object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3) GDPR) — at any time, without affecting prior processing.

To exercise any of these rights, please email aidproof@gmail.com. We will respond within one month (Art. 12(3) GDPR).

10. Right to complain to a supervisory authority

Without prejudice to any other remedy, you have the right to lodge a complaint with a data protection supervisory authority if you believe that your personal data has been processed in violation of the GDPR (Art. 77 GDPR).

The competent authority for our location (Bavaria, Germany) is: