Data security

Payment Security

Zeffy is committed to ensuring the data security of organizations and donors. Zeffy does not have access to any credit card data.
All credit card processing is done through Stripe, a leading payment platform worldwide in credit card processing. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1, This is the most stringent level of certification available in the payments industry. To accomplish this, Stripe uses best-in-class security tools and practices to maintain a high level of security. For more information, visit Stripe's documentation on their security measures.
Although Zeffy does not hold any credit card information, we still follow all security standards to ensure that the data can not be stolen. Zeffy was successfully analyzed by the independent company VuMetric in 2020 for a $1M charity donation campaign. Zeffy has also demonstrated its security before becoming the platform used by the Desjardins Bank, by being analyzed by their team of computer experts.

Data Storage

Zeffy is committed to storing your data safely and in Canada. Organization and donor data is stored on Amazon's RDS in Canada (ca-central-1d). Organization images are stored on S3 in Canada (ca-central-1). These include organization signatures, receipts, logos and banners. Some images inserted into the fundraising forms descriptions are stored in the United States for now.