Web security for non-profits

Non-profit organizations process an enormous amount of sensitive personal data, such as: B. Donation and donation data, credit card numbers and bank details. All of this data needs to be protected.

As a software-as-a-service platform, we are 100% GDPR-compliant and guarantee you data security on three levels: via the cloud , via the product and in the way we work as a company.

Security through the cloud

As a cloud-based platform, it is our top priority to protect your data and the data of your donors as much as possible, to give you and your donors trust and a good feeling.

Tracking & analysis

Highest server security

The FundraisingBox runs in a highly secure cloud environment and we use the latest technology for the security of our servers.

  • Regular penetration tests
  • Regular vulnerability scans
  • Fail-safe firewalls
  • Redundant set-up of all hardware
  • Immediate connection of additional capacities in the event of an increase in traffic
  • PCI certification
  • SOC3 certification
  • ISO 27001 certification
Image of data on laptop
Smiley over Hamburg's HafenCity

Server location Germany

The high security area of the FundraisingBox only uses certified data centers in Germany for hosting the applications and data. These have strict access guidelines for staff, fail-safe energy supply and backup systems as well as fire and flood protection measures.

Datenschutz nach EU-DSGVO

Datenschutz und Informationssicherheit sind zentraler Bestandteil unserer Produkte der FundraisingBox. Der Schutz Ihrer Daten und Ihr Vertrauen sind uns wichtig. Daher haben wir in unserem SecurityWhitepaper alle wichtigen Informationen für Sie kurz zusammengefasst.

Hier Whitepaper herunterladen

Safety through the product

When developing and designing our product, we give data security a very central role and all new concepts, products, functions or features must meet our criteria.

Tracking & analysis

Maximum product safety

This is how we design our product with maximum security.

  • PCI certification included
  • Payment sandbox: Decoupling the payment flows from your systems in our payment sandbox
  • State-of-the-art technologies and standard banking procedures for data encryption
  • Compliance with HSTS through SSL and TLS protocols
  • Individual rights assignment for the team with a click for assignment of specific roles such as fundraiser, agency or accounting
Locks hang on a wall

PCI compliance

PCI certification

If you plan to raise donations and recurring payments by credit card, then you need to be PCI certified. The Payment Card Industry Data Security Standard, commonly abbreviated as PCI or PCI-DSS, is a set of rules designed to ensure the careful and secure use of credit card information.

The system applies to the entire card payment industry and is supported by all the major credit card companies (American Express, JCB, MasterCard, Discover Financial Services and Visa).

Every “merchant” who saves, processes or even transmits the card data is obliged to comply with the twelve extensive security requirements and to submit a corresponding organizational and technical security certification. Using the FundraisingBox eliminates the need for PCI implementation and regular compliance checks. We do this for you.

Lock icon

SSL encryption

We regularly check our encryption technology. For the FundraisingBox we only use Extended Validation certificates from CA GeoTrust, encryption algorithms that are considered secure, Perfect Forward Secrecy (PFS), HSTS and the latest TLS version. The SSL test laboratory SSL-Labs gives us an excellent grade of A +. To the report.

Thank you

SCA for non-profits

All accounts are protected against brute force attacks, so that if the login data is repeatedly entered incorrectly, access is automatically blocked. There is also protection against numerous other security risks, such as session hijacking. The FundraisingBox also offers the option of securing the system with a two-factor chip key.

Payment sandbox: decoupling of payment flows

With our sandbox technology, you create a dedicated high-security area within your website. This enables you to process both personal information and payment data on your website without your own server or content management system (CMS) coming into contact with this data.

This procedure corresponds to the recommendation of the Federal Office for Information Security (BSI) and the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT).

Security through us

Our employees receive extensive and regular training on the subject of security and are committed to data secrecy. We rely on strict password guidelines, consistent two-factor authentication and the logging of all relevant processes. All processes relevant in the company are documented in writing. We have an internal information security officer (ISB) and an external data protection officer who regularly audit our company.

Tracking & analysis

We work safely for you

We guarantee complete data protection and legally secure data storage.

  • Processing of personal data takes place in accordance with the GDPR and exclusively in the context of the performance of the contract.
  • SCC: Sie schließen mit uns ein entsprechendes Sicherheitszertifikat. Wir stellen Ihnen gerne ein SCC bereit.
  • The company headquarters are in Germany.
  • Regular security audits by internal and external data protection officers
  • Regular employee training courses, strict password guidelines and consistent two-factor authentication
  • Offsite backups are created daily for all your data and stored securely and encrypted at several server locations.
Two men clap each other

Highest data security and innovative products

The FundraisingBox is as secure as possible and offers you innovative software products for your digital fundraising that are easy to use.

To our products Contact us