Security and Accessibility
      Back to home
      1. Knowledge Base | Double the Donation
      2. Security and Accessibility

      How does Double the Donation handle Canadian organizations and data storage?

      This article addresses questions about data storage and how the location of Double the Donation's servers may impact Canadian clients.

      Data Privacy and Server Location

      Double the Donation works with nonprofit organizations in Canada, providing tools to help them maximize their fundraising efforts. Many of these organizations have questions about the location of our servers and potential compliance issues with Canadian privacy laws.

      Data Privacy and Compliance

      • Server Location: Double the Donation’s servers are located in the United States.

      • Canadian Privacy Law: Under PIPEDA (Personal Information Protection and Electronic Documents Act), Canadian law does not prohibit storing personal information in other countries. However, it requires that personal data be properly protected.

      • Compliance: Double the Donation is SOC 2 Type 2 compliant, ensuring that we follow industry best practices to protect personal data.

      To learn more about Double the Donation's security policies and commitment to data privacy, please visit our Trust Center.

      Compliance Measures

      Double the Donation follows several best practices to ensure compliance with Canadian privacy legislation (PIPEDA):

      1. Security Safeguards

        • Encryption: Data is encrypted in transit (HTTPS/SSL) and at rest.

        • Access Control: Strong password policies and multi-factor authentication for system access.

        • Monitoring: Robust intrusion detection and monitoring.

      2. Data Minimization

        • We only collect and store the minimal donor data required to provide our workplace giving tools.

      3. Openness and Transparency

        • We work with our Canadian clients to ensure their privacy policies explain that donor data is stored and processed in the U.S.

      4. Breach Notification

        • In the unlikely event of a data breach, we have protocols in place to notify affected parties.

      For more information about how Double the Donation follows industry best practices for data security, visit our Trust Center.

      Why U.S. Servers?

      • Centralized Infrastructure: Double the Donation is headquartered in the U.S., and we use a U.S.-based data center for consistency in infrastructure, security oversight, and performance.

      • Certifications: The U.S. data center is ISO 27001 and SOC 2 Type II certified, ensuring industry-leading security and reliability.

      Learn more about the server here.

      Legal Considerations

      Does storing data in the U.S. subject it to U.S. government access?

      Under U.S. law, including the Patriot Act, data stored in the U.S. could potentially be accessed by the U.S. government under certain circumstances. However, Canada's Mutual Legal Assistance Treaties (MLATs) with various countries, including the U.S., are more likely to be invoked for cross-border data disclosure requests