top of page
August 2, 2024
DAFpay Security: Meeting the Highest Standards
Chariot is proud of our industry-leading technology, security and privacy standards. Below, you'll find a few of the best aspects of our offering that are most important in the protection of donors, nonprofits and DAFs.
Secure Passthrough
A secure passthrough
The DAFpay modal presents a secure passthrough window for a donor to safely access, and take action within, their DAF account wherever they are inspired to give online. When a donor enters their account credentials in the modal, that information is fully encrypted and is not stored by Chariot at any time.
Meeting the highest standards of data privacy & security
Chariot has undergone rigorous 3rd party security audits, including penetration tests and has achieved 3rd party certificates, including SOC II, types 1 and 2. Chariot has also gone through robust diligence processes with some of the largest hospitals and universities in the country. We hold ourselves accountable to strict Information Security policies and vulnerability SLAs. We also work closely with Oneleet to establish and monitor a holistic security and compliance program that ensures the integrity and safety of all those who interact with Chariot products.
Data Privacy & Security
Sensitive Data
No use or sale of sensitive data, ever.
Chariot has not and does not sell or share a donor’s account credentials, account balance, previous grant recommendations and amounts, total funds associated with the account, or investment profile with customers or third parties. In fact, Chariot’s technology does not even access any of this information beyond what is absolutely necessary to submit a successful grant request.
The only information that is securely stored is the name and contact information the donor explicitly provides in the final “checkout” pane of the modal experience. For convenience, our technology is able to automatically populate the name, email and address field out of the DAF account and account holders are easily able to remove or change those details before submitting the request.
For the convenience of the donor and the nonprofit recipient, the nonprofit can view the details provided by the donor (name, email, address and gift size) so that they are able to properly track and acknowledge the gift. The only information we store and provide to a nonprofit customer is what a donor explicitly provides and consents to sharing with that organization.
Some nonprofits elect to disallow anonymous gifts through DAFpay on their own website. If a donor is not comfortable with providing any of those details, they can exit the modal at any time.
Industry-leading technology, with more advanced security features than Venmo, Mint, Rocket Money, Plaid, & Yodelee
Chariot provides secure donation facilitation services to DAF account holders who seek to initiate grant requests right when they are inspired to give online - a nonprofit’s website, a peer-to-peer bike ride, a crisis response campaign, etc.
The DAFpay technology has similar capabilities as “aggregators” (as they are commonly referred to in the financial services industry) like Plaid, Stripe, and Yodelee (which are powering tools like Venmo, Mint, Rocket Money, etc.). With these applications, someone can access their account within a different platform.
These actions are only triggered by the individual with the account. One very common example of this is when someone receives a Venmo request. If they choose to pay the request via their connected bank account, the platform is triggering that specific action in their account on their behalf. Many nonprofits use Plaid or Stripe to perform the same kind of outside trigger for ACH / Bank transfer donations within their donation forms.
Critically, and unlike services such as Plaid and Yodlee, Chariot does not stress providers’ servers or aggregate market data. Each donation request made by a donor via DAFpay is a stand-alone, ad hoc request and DAFpay operates solely as a secure pass-through platform. A donor’s login credentials are passed through to each DAF provider to complete a user action and are not stored by Chariot. This is a security measure that is above and beyond what other market leaders practice.
Industry-Leading Technology
Partnership with DAF providers
While Chariot offers a service to DAF account holders that does not require technical collaboration with DAF providers, Chariot has also entered into formal agreements with many DAF providers who want to develop deeper technical integrations and actively promote the DAFpay capability to their account holders. These providers are truly living their mission of increasing generosity by making it as easy as possible to recommend grants from a DAF account and ensure these dedicated funds for charity are flowing to organizations in need as seamlessly as possible.
DAF Provider Partnerships
Transparent fees
Chariot charges a standard processing fee of 2.9% that is in-line with credit card processing. Including a DAF payment option, much like a credit card, ensures it’s as easy as possible for donors to give–and, unlike credit cards, give money that’s already been set aside explicitly and only for charitable giving.
Chariot fees are paid by the nonprofit. When DAFpay is implemented within a donation form through a partner of ours, donors typically have the option to cover fees and that increased gift size flows through to the checkout in the DAFpay modal.
Nonprofits also have the option to pay zero processing fees as part of a Chariot subscription. These subscription plans come with a set amount of included free processing volume via DAFpay. These plans also include a higher level of technical and strategic support all focused on better engaging DAF donors.
Transparent Fees
—
Security is of the utmost importance to our technology and business. It is embedded into everything we build and do, and it is central to our mission of accelerating philanthropy for all.
For anyone with questions about the product functionality and security practices, we would be happy to answer them. Please reach out at security@givechariot.com
bottom of page