You work hard to build donor relationships and manage them in your system. We honor that by keeping your data secure. DonorPerfect is a cloud-based platform that provides high-level encryption and maintains proper safety protocols.
On the back end, you can customize user-based permissions and security filters to give the appropriate individuals access to the data they need. And on the front end, you can give your donors a safe place to provide their sensitive information.
Best practices in nonprofit data storage
There are steps you can take today to better protect your donor data from data breaches and potential bad actors. Here are a few tips from the DonorPerfect team to get you started:
Create clear and comprehensive policies for gift processing and handling donor data. Document these policies and share them with everyone on your team who might interact with donor data as part of their job.
Do not store banking or credit card information in your fundraising system, including images of checks with account and routing details, or reply devices with handwritten credit card numbers on them.
Learn what types of donor data count as protected or confidential and how to handle them. If your nonprofit works in education or healthcare, for example, make sure to brush up on FERPA or HIPAA requirements at least annually.
Some nonprofit data can be subject to FOIA (Freedom of Information Act) requests. Don’t be afraid to put helpful details in your donor records, but don’t upload anything into your fundraising system that you wouldn’t want a reporter publishing in the newspaper.
An independent attestation of security
SofterWare and DonorPerfect regularly engage highly reputable, external security assessment organizations to perform detailed reviews and penetration testing of our infrastructure, hosting, and software in order to provide the highest level of assurance that our applications are secure.
In December of 2020, PivotPoint Security, an independent security assessment organization with extensive experience in the non-profit industry, performed an assessment and provided a letter of attestation. The test included an extremely detailed review of the DonorPerfect software and server infrastructure environment. Here is a copy of their attestation.
PivotPoint’s review determined that SofterWare’s systems were secured in a manner consistent with industry best practice, and notably better than those of peer organizations that they have tested.
The team responsible for conducting the security assessments was led by a Certified Information Security Auditor/IRCA ISO 27001 Auditor and included personnel appropriately qualified to render this opinion (e.g., Certified Information System Security Professionals, Microsoft Certified System Engineers, Certified Ethical Hackers, etc.)
Lean on our team to keep your data clean
We’re here to help you maintain safe and healthy data from implementation forward. DonorPerfect experts are ready to assist with your record-keeping, filtering, and reporting needs through individual and group training sessions, on-demand webinars, live chat, and more.
Get started today with our free resource, the Clean Data Checklist!
Manage your data securely with DonorPerfect
- Process credit cards with a PCI-compliant payment gateway
- Scalable systems preserve stable security
- End-to-end data encryption with TLS 1.2 protocol
- GDPR Guideline assistance from the DonorPerfect team
- Uphold high standards of data security with SOC2 compliance
Customize access: set user preferences and permissions
- Set custom user privileges for user groups or individual users
- Restrict user access to sensitive data with security filters
- Secure login and password recovery
- Maintain secure data in a remote world by defining individual IP addresses that are allowed to log in to any one user account, or global IP addresses that are allowed to log in to any account
Rest easy: backup and recover data as needed
- Create user backups to restore to previous system states
- Nightly automatic server backups save 30 days of restore points
- Backup system with local files with a Data Assurance plan
We didn’t have one specific location to store all our donor information. It was all over the place. We wanted to find a central hub to host all that information. (That’s why) DonorPerfect has been really beneficial to us. It allows us to use our information in a smarter way. There’s so much it can do – and it’s exactly what we needed to take the next step to grow as a company. We’re lucky to have found it.”
– Caitlin Mahon, Bringing Hope Home
Located in Canada?
All Canadian DPO customers are hosted in Canada by AWS Canada. AWS has a Canadian region located in Quebec. Data is physically hosted in Quebec and AWS facilitates access from Toronto and Vancouver.
For an in-depth look at how your nonprofit can assess your cybersecurity, the National Council of Nonprofits has a comprehensive resources page.