This article addresses questions about how the location of Double the Donation's servers may impact Canadian clients.
At Double the Donation, we work with some of the largest nonprofit organizations in Canada, providing them with essential tools to maximize their fundraising efforts. As we partner with these organizations, we often receive inquiries regarding the location of our servers and whether this might lead to any compliance issues with current Canadian privacy laws.
Understanding the importance of data privacy, we have conducted research and engaged in meaningful discussions with our Canadian clients. We are pleased to report that Double the Donation's servers being located in the United States does not pose any compliance issues. For more information, please refer to the FAQs below.
FAQs:
Q: Does Canadian law prohibit data from being stored on servers in the United States?
A: No, Canadian law, including the Personal Information Protection and Electronic Document Act (“PIPEDA”), does not strictly prohibit storing personal information in other countries. Instead, it requires organizations to ensure that personal data is properly protected. Double the Donation is SOC 2 Type 2 compliant and follows industry best practices for protecting personal data. To learn more about Double the Donation's security policies and commitment to data privacy, please visit our Trust Center.
Q: How does Double the Donation comply with Canadian privacy legislation (PIPEDA)?
A: Although Double the Donation is a U.S. provider, we follow internationally recognized privacy and security standards. We do the following to align with PIPEDA’s requirements:
- Security Safeguards: We employ encryption in transit (HTTPS/SSL) and at rest, strong password policies, multi-factor authentication for system access, and robust intrusion detection and monitoring.
- Data Minimization: We only collect and store the minimal donor data necessary to provide our workplace giving tools.
- Openness and Transparency: We can work with our Canadian clients to ensure their privacy policies explain that donor data will be stored and processed in the United States.
- Breach Notification: In the unlikely event of a data breach, we have protocols in place to notify affected parties.
For more information about how Double the Donation follows industry best practices for data security, visit our Trust Center.
Q: Why does Double the Donation only use servers located in the United States?
A: Double the Donation is headquartered in the U.S. and leverages a robust U.S.-based data center with industry-leading security features, reliability, and compliance measures (e.g. ISO 27001, SOC2 Type II, etc.). Centralizing our servers in the U.S. helps us maintain consistent infrastructure, security oversight, and performance. Learn more about the server here.
Q: Does storing data in the U.S. subject it to the Patriot Act or other U.S. government access?
A: Data stored in any country could, under specific legal circumstances, be accessed by that country’s government. Under U.S. law, there are frameworks (including the Patriot Act) that can compel data disclosure. However, Canada's Mutual Legal Assistance Treaties (MLATs) with various countries, including the United States, are more likely to be invoked for cross-border data disclosure requests. Additionally, many countries—including Canada—have similar laws enabling government access under tightly controlled conditions.