Legal

Privacy Policy

Lavaa is an AI copilot that works with sensitive donor data. This policy explains exactly what we collect, why we collect it, how it moves through our systems, and the controls you keep at every step.

Last updated: June 10, 2026

01

Who this policy covers

This policy applies to the Lavaa web application and the lavaa.com marketing site, operated by Lavaa ("Lavaa", "we", "us"). It covers visitors to our site, users who sign in to the product, and the donor data our customers connect to it.

Lavaa processes donor information on behalf of the organizations that use it. Your organization remains the controller of its donor data; we act as a processor under your instructions and the agreement between us.

02

Information we collect

We collect three categories of information:

  • Account information. Your name, work email address, and organization, used to create and secure your account and to send sign-in links.
  • Connected-system data. When your organization connects an integration, we ingest the data needed to power the product: constituent records, gift history, notes, and actions from Blackbaud Raiser's Edge NXT; email content and calendar events from Google Workspace or Microsoft 365 accounts you explicitly authorize; and voice notes you record in the capture feature.
  • Usage information. Standard application logs (timestamps, feature usage, errors) used to operate, secure, and improve the service.

We do not collect data from systems you have not connected, and we do not buy or append third-party data about your donors.

03

How we use information

We use the data described above solely to provide the service:

  • Generating donor briefs, engagement signals, outreach drafts, and contact reports for your team.
  • Keeping donor profiles current by syncing with the systems you connect.
  • Maintaining the audit trail your organization relies on for compliance.
  • Operating, securing, and supporting the platform.

We never sell personal information, never use donor data for advertising, and never use one customer's data to benefit another.

04

AI processing of donor data

Lavaa's briefs, signals, and drafts are generated by large language models operated by Anthropic. When you request an AI output, the relevant donor context (such as giving history and recent interactions) is sent to the model to ground the response.

  • Our AI provider processes this data only to return the requested output and does not use it to train models.
  • Every AI output is logged, along with the data it was grounded in, to an audit trail your administrators can review.
  • AI outputs are drafts for human review — Lavaa does not send outreach or write back to your CRM without your action.
05

OAuth scopes and connected accounts

Integrations are authorized through OAuth 2.0 — we never see or store your passwords for Blackbaud, Google, or Microsoft.

  • Blackbaud Raiser's Edge NXT: read access to constituent, gift, note, and action records. Raiser's Edge remains your system of record.
  • Google Workspace: read access to Gmail messages and Calendar events for the connected account, used to surface donor interactions.
  • Microsoft 365: read access to Outlook mail and calendar for the connected account, for the same purpose.

OAuth tokens are encrypted at rest with AES-256-GCM. You can disconnect any integration at any time from Settings, which revokes our access; you can also revoke access directly from your Google, Microsoft, or Blackbaud account.

06

How we protect your data

  • All data is encrypted in transit (TLS) and at rest.
  • OAuth tokens are additionally encrypted with AES-256-GCM before storage.
  • Role-based access controls govern who in your organization can see, edit, and manage each portfolio.
  • Every AI output and significant system action is recorded in an immutable audit trail.
  • Access to production systems is restricted to authorized Lavaa personnel with a need to operate the service.
07

Data retention and deletion

We retain connected-system data for as long as your organization uses Lavaa, subject to the retention settings in your agreement. When you disconnect an integration, we stop syncing from it immediately. When your organization terminates its agreement, we delete its data — including synced donor records, email and calendar content, AI artifacts, and encrypted tokens — within 30 days, except where law requires longer retention.

You can request deletion of specific records at any time by contacting us.

08

Subprocessors

We use a small number of vetted service providers to operate Lavaa. Each is bound by data-protection terms consistent with this policy:

  • Anthropic — AI model inference for briefs, signals, and drafts.
  • Cloud infrastructure providers — application hosting and managed database services in the United States.

Blackbaud, Google, and Microsoft are not subprocessors — they are systems you connect under your own agreements with them. We will notify customers before adding a new subprocessor that processes donor data.

09

Your rights

Depending on where you are located, you may have rights to access, correct, export, or delete personal information we hold, and to object to or restrict certain processing. Because Lavaa processes donor data on behalf of our customers, donors should direct requests to the organization that holds their relationship; we support our customers in fulfilling those requests promptly.

Product users can exercise their rights by contacting us directly at the address below.

10

Changes to this policy

If we make material changes to this policy, we will notify customer administrators by email and update the date at the top of this page before the changes take effect.

11

Contact us

Questions about privacy at Lavaa? Email sales@lavaa.com and we'll route you to the right person.