Our Commitment to Data Privacy and Security
We are deeply committed to privacy, security, and transparency. At every level of our operations, we take significant measures to safeguard data, working closely with our partners to prioritize privacy and security in everything we do.
How Is Private Data Managed to Ensure Its Confidentiality?
At the heart of our mission is the trust of our donors and the many nonprofits they support. That’s why we are committed to protecting data privacy in accordance with industry best practices and applicable regulations.
First and foremost, neither we nor our nonprofit partners ever directly access or store credit payment information. Payment details are securely captured and stored by a third-party payment processor, keeping them off our servers.
For sensitive contact data, we take extensive measures to safeguard it from loss or misuse, both during transmission and when stored. While in transit, data is protected with end-to-end encryption and SSL security protocols with parity. When stored, it resides in encrypted databases, retained only as long as necessary. Importantly, we will never sell, rent, or lease data to third parties.
However, we are required to share certain personal data with the nonprofit organizations receiving donations and with third-party partners who assist in processing those donations. For instance, our payment processing service will receive donor’s first and last name, email address, and any other information provided. Other payment-related data may also be shared with partners strictly for donation processing purposes.
For details on how individual nonprofits handle privacy and protect personal data, please reach out to them directly. You can also learn more about the security measures taken by our partners below.
We respect donors’ rights to control their data and adhere to the principles of the California Consumer Privacy Act and the more stringent standards set by the European Union’s General Data Protection Regulation (GDPR), striving to comply with these regulations wherever possible. For additional information, please refer to our Master Service Agreement, Terms of Use, and Privacy Policy.
Regarding our technical infrastructure, our website and services are hosted by RapydMerchant, a client of Amazon Web Services (AWS), a highly reliable platform that offers continuous operations, 24/7 support, and top-notch security, including firewalls, encryption, monitoring, and penetration testing. Learn more about AWS security.
Security
What kinds of measures ensure the complete security of Givr’s technology?
All our web-based tools and widgets are hosted on pages with a hyperlink starting “HTTPS,” meaning the data is completely secure. Even when our widgets are embedded on pages that do not include “HTTPS,” our widgets are still secure.
“HTTPS” stands for Hypertext Transfer Protocol Secure, which is a combination of the Hypertext Transfer Protocol (HTTP) – a basic mechanism that allows for data exchange on the web – and an extra Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocol. TLS is authentication and security protocol widely used by web browsers and servers to facilitate the transfer of encrypted data.
More specifically, our data in transit is TLS-protected through Cloudflare, which connects to our servers securely via SSL/TLS, and Heroku, which encrypts data from its server to its Postgres database using TLS.
PCI compliance refers to adherence to the Payment Card Industry Data Security Standard (PCI DSS), a global security standard for account data protection. Compliance involves continuous validation requirements for merchants, such as quarterly network scans and annual compliance assessments, with stringent validation requirements. Visit the PCI Security Standards Council for more information.
Stripe, our payment processor supporting donations and transactions with nonprofits, is what we use to process donations made using Givr fundraising technology. Stripe is PCI Level I-compliant, which means they maintain the highest level of data security when it comes to protecting payment information. Learn more about Stripe’s PCI compliance. Givr is required to complete a PCI Self-Assessment Questionnaire A and Attestation of Compliance, which we do on an annual basis and can provide on request.
BUSINESS CONTINUITY PLANS
Our Steadfast Commitment to the Nonprofit Community
We remain unwavering in our dedication to serving the nonprofit community. We are confident in our ability to support our nonprofit members, especially during challenging times. Their mission becomes even more vital when health, welfare, and economic challenges affect their populations and inhibit fundraising.
To guarantee the continuity of our operations during crises, we have implemented the following measures as part of our Business Continuity plan:
Due to the remote nature of our business, our team can deliver Givr services from virtually anywhere.
We have thoroughly assessed the resilience of our technical, support, and communication systems to facilitate remote work. Rest assured, our operations will remain secure and will continue to be monitored just as consistently as before.
Troubleshooting
Acknowledging the Reality of Data Security
While we strive to maintain the highest levels of data security and operational efficiency, it’s important to recognize that no system can be completely secure or free from errors. Unfortunately, service interruptions and failures can occur, even in rare instances of misuse within fundraising technology.
Our Commitment to Responsive Support
Regardless of the situation, we address all concerns as swiftly and comprehensively as possible. Our engineering and membership teams will diligently find solutions, communicate estimated timelines, suggest workarounds when necessary, and notify you once fixes have been implemented.
This process includes ongoing monitoring, proactive communication with all impacted nonprofit members, post-incident diagnostics, and overall system improvements.
If you ever suspect that Givr or its technology are not functioning as intended, or if you believe your account security may have been compromised, please reach out to us immediately at [email protected].
Please note: Givr is unable to process refunds on behalf of our nonprofit members, as outlined in our Terms of Use. Refunds can only be issued by the nonprofit using our donation receipt.
