Join a 30min Demo to see how Donorbox can help you reach your fundraising goals!
Save your seat
We obsess over keeping donation data secure so you don't have to.
Nonprofits are 50% more likely to be the target of cyber attacks. Your organization’s best defense is a good offense. Donorbox is dedicated to safeguarding your data by maintaining the highest data security standards, including achieving SOC 2 Type I & II certification and PCI DSS compliance.
Our dedicated security team provides 24/7 protection for your campaigns, leveraging advanced automated monitoring, Stripe Radar, and proprietary anti-fraud technologies. Organizations that have transitioned to Donorbox have experienced a substantial decrease in chargeback fees.
No credit card information is ever stored on Donorbox servers, and no card information is ever shared with third parties other than the payment processors you choose to link. All card and bank account data are tokenized (each number is changed to an indecipherable string, i.e. 'tok_fafds23423") before cards are charged.
We maintain a high standard of protection against common threats, such as DDoS attacks, to ensure our users remain secure and experience minimal downtime on our platform. Advanced security measures are in place to prevent attacks, while our dedicated security team continuously monitors and swiftly eliminates any malicious activity.
Donorbox's security experts ensure data privacy and monitor malicious attempts around the clock. Rest assured our dedicated team is carefully protecting your donation data 24/7.
Protect donor and organizational data, even in the event of compromised account passwords. By enabling two-step verification, you add an extra layer of security, ensuring that even if someone obtains your password, they still won’t be able to access your account.
To automate your work, Donorbox lets you connect your account with other applications via Donorbox APIs. Proper Access Control and secure session tokens are used for the protection of these integrations.
Preventing spam and automated bot activity is an indispensable security measure for any website. We employ ReCaptcha for its highly effective ability to differentiate between human users and automated programs that have malicious intent.
We have advanced security features on our forms to recognize the various parameters of visitors and thwart malicious attempts.
Donorbox forms are protected by SSL/TLS encryption technology—ensuring the entire checkout process is secure. All communication in transit and data in REST is encrypted.
Donorbox is PCI DSS Level 1 compliant, the most stringent level of certification for payment processors. Every transaction is processed with the utmost security, protecting sensitive payment information and mitigating fraud.
Our online donation platform complies with the Strong Customer Authentication requirement of PSD2 regulations in Europe. SCA helps reduce fraud and increase security for many online transactions.
Donorbox has earned both SOC 2 Type I and SOC 2 Type II certifications, proving our commitment to safeguarding donor data. Backed by rigorous third-party audits, we deliver unmatched security, availability, and privacy—setting a new benchmark for trust and reliability in donor management.
At Donorbox, information security starts with our people. From day one, all employees receive comprehensive cybersecurity training and are educated on best practices to ensure your data stays protected. Our formalized internal security policies serve as a cornerstone for maintaining robust cybersecurity across every level of our organization.
To stay vigilant, we conduct frequent penetration testing and vulnerability assessments to find and patch any vulnerabilities or security flaws that our application might have.
In partnership with Intigriti, Donorbox has launched a Vulnerability Disclosure Program to fortify platform security by proactively identifying and addressing vulnerabilities. Visit the program page to learn more or participate.
At Donorbox, safeguarding nonprofit and donor data is our top priority. For more information about our security practices, visit our Trust Center.
If you’ve identified a security incident, please report it immediately to our dedicated security team at security@donorbox.org. Your prompt action helps us ensure the highest level of protection for all users.