We know how crucial privacy and security are in today’s world — at Chariot, security comes first. We’ve taken extensive steps to design and develop safeguards, including:
Third party audits
SOC II Compliance: We have completed SOC 2 compliance and are happy to provide a full report of our SOC 2 program upon request.
Penetration Testing: We have completed two penetration tests. The report from the third-party penetration test provider is available upon request.
Data Collection and Storage
Datacenter and Hosting: Our data and processes are hosted exclusively in AWS data centers within the United States. You can review AWS's security practices here.
Collected Data: During the donation process, we collect information that includes the donation amount and donor contact details.
Stored Data: Our storage includes user interactions with the Chariot button and donor and transaction details related to the grants we submit on behalf of donors. We ensure the confidentiality of donor information and use it solely to facilitate donations.
Data Security: All private data is encrypted both in transit and at rest, employing industry-standard encryption protocols (Transport Layer Security (TLS) and AES-GCM-256).
Security Page: For more detailed information or to request documentation, please visit our security page.
Note: To see the full list of information collected by DAFpay and shared with nonprofits see: what information will I see for each grant recieved via DAFpay?