Legal
Privacy Policy
Last updated: April 5, 2026 · Effective: April 5, 2026
We built Steward to help nonprofits — not to profit from their data. We collect only what we need, we never sell it, and we protect it seriously.
1. Who We Are
Steward ("we," "us," or "our") is a nonprofit CRM application operated by Decker Customs, based in Charlotte, North Carolina. You can reach us at hello@stewardorg.com.
2. Information We Collect
Information you provide directly
- Account information: Your name, email address, and password when you create an account.
- Organization information: Your nonprofit's name and email address.
- Donor data: Names, email addresses, phone numbers, and donation records you enter into the app.
- Volunteer data: Names, email addresses, phone numbers, and skills of volunteers you add.
- Grant data: Grant names, funders, amounts, deadlines, and status information you track.
- Payment information: When you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number — Stripe handles all payment data securely.
Information collected automatically
- Usage data: How you interact with the app, which features you use, and when.
- Device information: Device type, operating system, and app version.
- Push notification tokens: If you grant permission, we store a device token to send you notifications.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Steward application
- Send automated emails on your behalf (thank-you emails to donors, shift reminders to volunteers)
- Send you alerts about lapsed donors, grant deadlines, and upcoming shifts
- Process your subscription payments via Stripe
- Respond to your support requests and questions
- Improve and develop new features
- Comply with legal obligations
We do not use your data or your donors' data for advertising, and we never sell data to third parties.
4. How We Share Your Information
We share your information only with the following service providers, and only as necessary to operate Steward:
- Supabase — our database and authentication provider. Your data is stored securely on Supabase's servers in the United States.
- Stripe — payment processing for paid subscriptions. Stripe is PCI-DSS compliant.
- Resend — email delivery service used to send automated emails (thank-you emails, reminders, alerts) on your behalf.
- Expo — used to deliver push notifications to your device.
We do not share your information with any other third parties, and we never sell your data.
5. Data Security
We take security seriously. Here is how we protect your data:
- All data is encrypted in transit using HTTPS/TLS
- All data is encrypted at rest in our database
- Row-Level Security (RLS) is enforced at the database level — each organization can only access their own data
- Authentication tokens are stored securely on your device
- We use strong access controls and regularly review permissions
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Data Retention
We retain your account and organizational data for as long as your account is active. If you cancel your account, we will delete your data within 30 days upon request. Donor, volunteer, and grant data you have entered is deleted along with your account.
7. Your Rights
You have the right to:
- Access — request a copy of the data we hold about you
- Correction — request that we correct inaccurate data
- Deletion — request that we delete your account and associated data
- Portability — request your data in a portable format
- Opt-out — unsubscribe from non-essential emails at any time
To exercise any of these rights, contact us at hello@stewardorg.com.
8. Children's Privacy
Steward is intended for use by nonprofit organizations and their staff. We do not knowingly collect personal information from children under the age of 13. If you believe a child has provided us with personal information, please contact us immediately.
9. Third-Party Links
Steward may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through the app. Your continued use of Steward after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us: