This article provides an overview of the steps Double the Donation takes to prioritize data security.
At Double the Donation, protecting your nonprofit’s and donors’ data is our highest priority. We maintain industry-leading security standards across our software, infrastructure, and data centers to ensure availability, resilience, and trust.
This article provides an overview of our security practices. For the most up-to-date compliance information, visit the Double the Donation Trust Center, hosted by Vanta.
SOC 2 Type 2 Compliance
Double the Donation is SOC 2 Type 2 compliant, with an unqualified opinion on our most recent audit. This means our systems and controls are independently validated for security, availability, and processing integrity.
Resilience and Availability
| Category | Details |
|---|---|
| System Availability | Consistently above 99.99% uptime. |
| Data Backups | Databases are backed up every hour to multiple encrypted sources. Backups are regularly tested. |
| Client Impact During Downtime | Donation forms remain functional. If our plugin fails to load, forms revert to standard input fields. Emails are queued and resume once services are restored. |
| System Monitoring | 24/7/365 monitoring with Uptime Monitor, Sentry.io, and multi-channel alerting to technical staff. |
If there’s ever a customer-impacting situation, email support@doublethedonation.com with the subject line “URGENT.”
Application Security
| Security Measure | Details |
|---|---|
| Data Encryption | All sessions use TLS 1.2 with 2,048-bit keys. |
| SSL (TLS) Support | Always enabled for all inbound/outbound traffic. |
| Web Application & Network Firewalls | High-grade WAF + tightly controlled network firewall. Includes DDoS prevention. |
| Secure Development (SDLC) | Best practices applied from design to deployment. Frequent, seamless code updates. |
Datacenter Protections
Our hosting providers are among the world’s most secure, with:
-
Physical Security: 24/7 staffed facilities, video surveillance, and strict access controls.
-
Certifications: SOC 2 Type II, ISO 27001.
-
Redundancy: N+1 redundancy for power, HVAC, and networking.
Software Security
| Category | Details |
|---|---|
| Rapid Response | Automated infrastructure allows rapid patching when threats are identified. |
| Attack Prevention | Enterprise-grade firewalls, intrusion prevention, and behavioral analytics. |
| Incident Response | Repeatable incident response program with predefined processes and ongoing refinement. |
Audits, Vulnerability Assessment & Penetration Testing
We continuously test for vulnerabilities across all technology layers:
-
Dynamic application scans
-
Static code analysis
-
Infrastructure vulnerability scans
Our data center providers also maintain SOC 2 Type II, ISO 27001, and many other certifications.
FAQs
Q: Is Double the Donation SOC 2 certified?
A: Yes, we are SOC 2 Type 2 compliant with unqualified opinion.
Q: How reliable is your uptime?
A: Our uptime is consistently above 99.99%.
Q: What happens to donations if your plugin goes down?
A: Donation forms still process gifts. Matching gift functionality may be unavailable, but no gifts are lost.
Q: How often is data backed up?
A: Every hour, to multiple encrypted sources.
Q: How quickly does Double the Donation patch vulnerabilities?
A: Security patches are applied immediately through our automated delivery process.
Q: Do you conduct penetration testing?
A: Yes, alongside ongoing application and infrastructure scans.