Privacy Policy — DonateBloodNow

1) Who we are

DonateBloodNow is provided by Saifullah Ahad ("we", "us", "our"). Our website is: https://donatebloodnow.app.

2) What this policy covers

This Privacy Policy explains what information we collect, how we use it, and the choices you have when you use DonateBloodNow (the "App"), available as a website at donatebloodnow.app and as an Android application.

3) Information we collect

We collect the following categories of information depending on which features you use:

• Account information: Name, email address, phone number, and password (hashed using PBKDF2) when you create an account to register as a donor.
• Donor registration details: Blood type, date of birth, gender, city, country, health information (medical conditions, medications, smoking status, recent travel, dental work, tattoos/piercings), availability preferences, and optional blood type proof and ID documents.
• Blood request information: Patient name, blood type needed, hospital name, city, country, urgency level, contact person details, and additional notes.
• Contact messages: Name, email, subject, and message content when you use the contact form.
• Urgent contact requests: Seeker name, phone number, hospital name, and reason when using the urgent donor contact feature.
• Uploaded documents: ID documents (front and back) and optional blood type proof uploaded during donor registration, stored securely in cloud storage.

4) How we use information

• Match blood seekers with compatible donors based on blood type and location.
• Send email notifications to compatible donors when a blood request is submitted.
• Facilitate secure communication between seekers and donors without exposing donor contact information directly.
• Verify donor identity and eligibility through uploaded documents (reviewed by administrators).
• Send verification codes for email confirmation and password resets.
• Save and restore donor registration progress across sessions.
• Respond to contact form messages and support requests.

5) Sharing and disclosure

We do not sell your personal information.

We share information only in these limited cases:

• Donor-seeker communication: When a seeker uses the urgent contact feature, only the seeker's phone number is shared with the donor via email. The donor's contact information is never directly exposed to seekers.
• Donor response notifications: When a donor responds to a blood request, the requester receives an email with the donor's name and contact information so they can coordinate.
• Email service (Resend): We use Resend (privacy policy) to send transactional emails (verification codes, donor notifications, request alerts). Only the recipient email address and message content are shared with Resend.
• Hosting (Cloudflare): The app and database are hosted on Cloudflare Pages and D1 (privacy policy). Document uploads are stored in Cloudflare R2.
• Legal requirements: If required by law or to protect rights, safety, and security.

6) Data storage and security

• All data is transmitted over encrypted HTTPS connections.
• Account passwords are hashed using PBKDF2 with random salts (never stored in plain text).
• Uploaded documents are stored in Cloudflare R2 cloud storage with restricted access (admin review only).
• The database is hosted on Cloudflare D1 (SQLite at edge) with access restricted to authenticated API endpoints.
• Admin access requires username/password authentication with session tokens (24-hour expiry) and account lockout after failed attempts.

We keep information as long as needed to provide the service. Donor registrations remain active until the donor requests removal or an administrator deactivates the account.

7) Your choices and controls

• Permissions: The Android app requires only the INTERNET permission for network communication. No camera, location, contacts, or other sensitive permissions are requested.
• Account data: You can request access to, correction of, or deletion of your account and donor registration data by contacting us at the email address above.
• Notifications: Email notifications are sent based on your donor registration. You can request to stop receiving notifications by contacting us.

8) Security

We use reasonable administrative, technical, and physical safeguards designed to protect information. This includes PBKDF2 password hashing, HTTPS encryption in transit, restricted admin access with session-based authentication, and rate limiting on sensitive endpoints. No method of transmission or storage is 100% secure, but we work to protect your data.

9) Children's privacy

DonateBloodNow is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children. Blood donation eligibility typically requires being at least 16-18 years old depending on jurisdiction.

10) International transfers

DonateBloodNow serves donors and seekers worldwide. Your information may be processed in different regions through Cloudflare's global edge network. We take steps to protect information in accordance with this policy regardless of where it is processed.

11) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy at https://privacy.saifullah.ai/DonateBloodNow and update the effective date above.

12) Contact

If you have questions or requests, contact: Saifullah Ahad
Email: www.saifullah.ai@gmail.com
Phone: +8801711134346
Website: https://donatebloodnow.app
Location: Dhaka, Bangladesh