Security that never sleeps, so you can rest easy.

We obsess over keeping donation data secure so you don't have to.

Contact SalesSecurity that never sleeps, so you can rest easy.

Industry-leading security

Online, your best defense is a good offense.

Stay safe with fraud detection & monitoring

Our dedicated security team safeguards your campaign 24/7 against fraud using automated security monitoring, Stripe Radar, and our own anti-fraud wizardry. Organizations that switched to Donorbox have seen a drastic drop in chargeback fees.

Keep donor credit cards secure

No credit card information is ever stored on Donorbox servers, and no card information is ever shared with third parties other than the payment processors you choose to link. All card and bank account data are tokenized (each number is changed to an indecipherable string, i.e. 'tok_fafds23423") before cards are charged.

Stay safe with fraud detection & monitoring

Stay protected from attacks like DDOS

We have a high standard of protection against common attacks like DDOS so our users stay secure and face minimum downtime on our application. Vigilant security products are in place to stop attacks, and our dedicated security team is monitoring to kick out any malicious actors.

Enjoy a dedicated security team

Our dedicated security team keeps data safe and secure for Donorbox and our users (both organizations and donors). Being highly experienced and well-qualified, our team keeps your data secure by working mostly at different times of the day and covering most of the day dealing with malicious attempts.

Stay safe with fraud detection & monitoring

Don’t go without two-factor authentication

Ensure donor and organizational data isn’t stolen, even if organization account passwords are compromised. Simply put, enabling two-step verification means that if someone steals your password alone, they still won’t be able to access your account.

Protect your third-party integrations

To automate your work, Donorbox lets you connect your account with other applications via Donorbox APIs. Proper Access Control and secure session tokens are used for the protection of these integrations.

Stay safe with fraud detection & monitoring

Encryptions and compliances


SSL/TLS encrypted forms

Donorbox forms are protected by SSL/TLS encryption technology—ensuring the entire checkout process is secure. All communication in transit and data in REST is encrypted.


PCI compliance

Donorbox is PCI compliant under "PCI validation: SAQ A". We utilize Stripe Elements technology with financial input fields that are done securely in Stripe's iframe. Stripe is certified as a PCI Level 1 Service Provider.


Strong Customer Authentication

Our online donation platform complies with the Strong Customer Authentication requirement of PSD2 regulations in Europe. SCA helps reduce fraud and increase security for many online transactions.


Penetration testing and vulnerability assessments

To stay vigilant, we conduct frequent penetration testing and vulnerability assessments to find and patch any vulnerabilities or security flaws that our application might have.


Information security policies and cyber security education

Our employees are all educated on cyber security and trained on security measures from the start because our staff remaining secure helps keep your data secure as well. Our internal information security policies are in place to be more formalized when it comes to cyber security.

Report a security concern

As a leading donation platform, Donorbox is committed to the protection of nonprofit and donor data.

If you have any security questions or concerns, you can reach our security team at [email protected]

Think you’ve found a potential Donorbox security vulnerability? Please refer to our Responsible Disclosure Policy.

Report a security concern

The fundraising engine of choice for 50,000+ organizations from 96 countries

Donations raised
Countries served
Fundraising campaigns
Organizations trust us
Top rated on Capterra
4.8/5 Top rated on Capterra
Free to start