We Believe in Data Privacy and Security.

We feel strongly about privacy, security and transparency. At every level of what we do, we take appropriate steps to protect data, undertaking with our partners to keep privacy and security a top priority in our operations.

SUMMARY

We never sell, rent or lease personal or business details to any third parties. Ever. When we share data with nonprofits and partners, it is always in keeping with our Privacy Policy.

We never charge a card, digital wallet or bank account without authorization. Our security safeguards protect all purchases and payments, ensuring that confidential information is never vulnerable.

When faced with unexpected tech issues or security concerns, we mobilize immediately to tackle the issues and find responsible solutions.

We work to terminate all uses of our technology that promote activities we deem to be in violation of our values, as stated in our Terms of Use.

THE FULL STORY

Data Privacy

How is private data handled so that everyone can be sure it stays private?

Nothing is more significant to us than the goodwill of donors and vitality of the nonprofits they support. That is why we spare no effort to ensure data privacy in accordance with the law, best practices and what is right.

First and foremost, we and our nonprofit members never directly see or store any donor payment information. (Saved payment details are captured by and stored securely in a payment processor without passing through our servers. That data can nevertheless be deleted upon request.)

With any data we do collect and retain, we take every reasonable action to protect against its loss or misuse, both in transit and at rest. While in transit, it is protected using end-to-end encryption and SSL protected web pages (see more below). At rest, it resides in encrypted databases. Most importantly, we only store data for as long as required, and, critically, we will never sell, rent or lease it to third parties.

We are however obligated to disclose some personal data to nonprofit members receiving donations and to third-party partners who help process those donations, as fully described in our Privacy Policy. With nonprofits, we share donor first and last name, email address and any other provided information. Other personal payment data may be passed through to partners for the purpose of processing donations.

For more about individual nonprofits’ privacy policies and how they use and protect personal data, contact the nonprofits directly. For more about some of our partners, see More About Our Partners’ Security below.

These details aside, we acknowledge and respect donors’ right to control their data. With that in mind, we will always abide by any donor’s wish to delete personal data, when requested. We are also in compliance with the European Union’s General Data Protection Regulation (GDPR), which governs data protection and privacy. Although it officially applies only to EU citizens, we set store by the spirit of it and have adjusted our data protection policies to suit. For more regarding this, see our Master Service Agreement, Terms of Use, and Privacy Policy.

In terms of hardware, our website and technology are hosted by Amazon Web Services (see more below), a robust and reliable platform that ensures continuous operations, round-the-clock support and top-quality security, including firewalls, encryption, monitoring, penetration testing and more. Learn more about AWS security.

Security

What kinds of measures ensure the complete security of Give Lively’s fundraising technology?

End-to-End encryption and SSL protected web pages

All our web-based tools and widgets are hosted on pages with a hyperlink starting “HTTPS," meaning the page is completely secure. Even when our widgets are embedded on pages that do not include “HTTPS,” our widgets are still secure. 

“HTTPS” stands for Hypertext Transfer Protocol Secure, which is a combination of the Hypertext Transfer Protocol (HTTP) – a basic mechanism that allows for data exchange on the web – and an extra Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocol. TLS is an authentication and security process widely used by web browsers and servers. SSL allows for the transfer of encrypted data.

More specifically, our data in transit is TLS-protected through Amazon Cloudfront, which connects to our servers securely via SSL/TLS, and Heroku, which encrypts data from its server to its Postgres database using TLS.

PCI Level 1 Compliance

PCI compliance refers to adherence to the Payment Card Industry Data Security Standard (PCI DSS), a global security standard for account data protection. Compliance involves conformity with numerous security requirements, such as quarterly network scans and annual compliance assessments with stringent validation requirements. Visit the PCI Security Standards Council for more information.

Stripe and PayPal, two industry-leading payment processors trusted by thousands of companies and nonprofits, are what we use to process donations made using Give Lively's fundraising technology. Stripe and PayPal are PCI Level 1 compliant, which means they maintain the highest level of data security when it comes to protecting payment information. Learn more about Stripe’s PCI compliance and PayPal’s PCI compliance.

SOC 1 and 2 reports

System and Organization Controls (SOC) is a suite of reports that look at system-level controls at a service organization. The SOC 1 report focuses on financial matters, while SOC 2 addresses operations and compliance. As Give Lively’s technology is hosted on Amazon Web Services (see below), see the AWS SOC reports about platform operations. Our payment processors' information security policies and controls are also certified to SOC 1 and SOC 2 standards and guidelines.

More about our partners' security

Donation Disbursement

We believe all money donated to nonprofits should get to those nonprofits as quickly as possible. 

The speed of disbursement is in part a function of the form of payment and whether the nonprofit is a Give Lively member. For Give Lively member nonprofits, funds processed through Stripe are delivered to designated accounts within two business days for credit and debit card donations, and seven business days for bank transfers. (Remember, for this to happen, all nonprofits must have activated Stripe accounts that are connected to Give Lively.) It takes slightly longer – three to seven business days – for funds processed through PayPal to be transferred to a nonprofit’s bank account.    

When nonprofits are not Give Lively members, these transfers take longer and involve mailing paper checks. Read more about How Give Lively Disburses Donations.

Troubleshooting

What happens when something goes wrong?

While we do everything we can to keep data secure and operations seamless, there is no such thing as 100% secure and error-free systems. Unfortunately, service interruptions and failures happen, as do unexpected and very rare instances of fundraising tech misuse.

Whatever the event, we respond to any and all concerns as quickly and thoroughly as possible. Our engineering and membership teams search for solutions, communicate how long they may take, recommend workarounds, if needed, and then advise of fixes once they have been implemented. Followup monitoring, proactive communication with all nonprofit members affected by the interruption, after-the-fact diagnostics and systemwide improvements are all part of the process.

If there is ever any reason to believe that Give Lively and its technology are not doing what they should or that the security of an account has been compromised, please contact us immediately at support@givelively.org

Remember: Give Lively is unable to issue refunds on behalf of our nonprofit members, due to our Terms of Use. Refunds can only be made by the nonprofit named on the donation receipt.

Values

What are the values that Give Likely holds dear and why are they mentioned here?

Our commitment to nonprofits goes beyond buttressing their fundraising efforts. We also support values that inspire nonprofits to tackle tough challenges and complex issues such as gender equality, LGBTQ+ rights, social and environmental justice and more.

In view of this, we work to terminate all uses of our technology that promote activities not in alignment with our values. These unacceptable uses include:

  • discrimination on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation or military status in any activities, programs or operations 
  • advocating against or denying the rights of women,
  • advocating for the sale, ownership and/or civilian use of assault weapons, weapons of war, high capacity magazines, automatic weapons or any mechanism that can convert a firearm into an automatic weapon 
  • disseminating hate speech or dangerous speech, promoting or inciting violence online or offline.

We have included this here (and in our Terms of Use) because we place great significance on the safety of the space we are proud to share with donors and our nonprofit members.