Trust and Security
The most secure choice you can make
Rely on Benevity for Goodness solutions that meet the highest security standards — 24/7/365
Compliance
We undergo regular independent verification of our security, privacy and compliance programs — so you have peace of mind.
Security
We partner with industry leaders, integrate the latest safeguards and continuously assess threats — so your data and donations are safe with us.
Privacy
Privacy is a fundamental right and its requirements vary around the world. We comply with the strictest protocols — so you know (and control) how your information is used.
Vetting & validation
We validate and monitor the legitimacy of each of the over two million nonprofits on our platform — so you can be confident that your funds are going to organizations in good standing.
Compliance
Benevity leads the way in compliance — it’s a key reason why companies with the strictest security standards choose us. We maintain the most comprehensive set of industry-recognized certifications and attestations to ensure your data remains secure.
SOC 2 and SOC 1 Reports
Benevity undergoes annual independent evaluations on the effectiveness of our internal controls against the globally recognized System and Organization Controls (SOC) requirements, based on the Auditing Standards Board of the American Institute of Chartered Professional Accountants. These SOC reports provide assurance to our clients that our control descriptions are accurate, suitably designed and operating effectively. Benevity currently issues SOC 1 Type II and SOC 2 Type II reports.
CSA STAR Level 1
The Cloud Security Alliance (CSA) is a nonprofit organization dedicated to promoting best practices for security and privacy controls for cloud computing offerings. The CSA’s Security, Trust, Assurance and Risk Registry (CSA STAR) helps organizations assess cloud service providers.
PCI Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is the global payments industry security standard. The Payment Card Industry Security Standards Council, which created the PCI DSS, develops resources for safe payments worldwide. Benevity partners with PayPal and BlueSnap, certified PCI DSS payment providers, to protect cardholder data. Benevity does not collect, store or process any cardholder data. Cardholder data is collected directly by our PCI DSS certified partners who specialize in payment processing services. To ensure we meet our obligations, Benevity completes an annual PCI SAQ-A for payment processing security.
Certified B Corporation
B Corp certification verifies Benevity’s commitment to meeting high standards for performance, accountability and transparency on factors from employee benefits and charitable giving to supply chain practices and input materials. Unlike traditional corporations, Certified B Corporations are legally required to consider the impact of their decisions on their employees, suppliers, community, consumers and environment. For more information, click here.
Our security commitment
We ensure that your data is secure across all Benevity products and services.
Our product
Our security-by-design approach to product development means we build through the lens of security. We integrate with your identity providers for SSO to make your giving experience simple and seamless.
Our people
Security and privacy is embedded into our culture. Our people take regular training to protect themselves, our clients and our business and are made aware of the latest security risks and threats.
Our partners
Threats to cybersecurity are always evolving. Our security teams work with globally recognized partners to ensure our platform adopts the latest protections and is continuously scanned for threats and vulnerabilities.
Our privacy commitment
We ensure that every user’s privacy rights are respected, wherever they are in the world.
Global regulations
With a global client base, Benevity’s privacy program is designed to meet the world’s strictest regulatory requirements. The EU’s General Data Protection Regulation (GDPR) is considered the world’s leading regulatory framework, setting the standard for all other jurisdictions. Benevity regularly monitors and updates our privacy program to ensure alignment with the changing regulatory landscape, recent EU decisions such as the invalidation of the EU-U.S. Privacy Shield and the U.K.’s exit from the EU.
Global safeguards
Recent EU decisions like Schrems II have highlighted the necessity of employing additional safeguards to secure data during cross-border transfers. Benevity uses industry-leading encryption methods to protect data both in transit and at rest.
Benevity’s commitments are detailed below.
- Our Privacy Policy outlines our commitment to our user’s data privacy rights.
- Our Data Processing Addendum defines our standard commitments to our clients and includes the EU’s Standard Contractual Clauses and our up-to-date list of sub-processors.
Our reliability commitment
To ensure our products are highly available and scalable, we partner with the world leader in cloud infrastructure hosting, AWS.
Availability
The call for Goodness can come at any time, and your program should be ready to respond — 99.5% uptime is our promise to you.
Rapid scalability
Developed using AWS’s Elastic Cloud Computing, our products scale rapidly when demand increases and certain thresholds are hit.
Resiliency, continuity and recovery
When the unexpected happens, we’re ready. We have the people in place and the alternate infrastructure on standby.
Our global vetting commitment
We ensure that every nonprofit on our platform is legitimate and in good standing.
Global reach
Maintaining the largest database of nonprofits in the world (over two million!) means that we employ highly sophisticated vetting processes so you can give with confidence.
Vetting and validation partners
Our partnerships with TechSoup and Moody's help us to monitor nonprofit legitimacy and ensure they meet their local jurisdiction’s regulatory requirements.
All nonprofits are vetted before onboarding and periodically reviewed to determine they are operating in accordance with Benevity's Terms of Use and Platform Eligibility Guidelines.
Transaction monitoring
Benevity has dedicated teams monitoring for fraud, with automated detection and prevention measures in place to ensure the integrity of your giving program.
Learn more about our security and vetting processes and our commitment to nonprofit organizations here.
Trust and security FAQs
What security and privacy measures does Benevity have in place to secure my data?
Benevity has developed our information security program based on the globally recognized ISO/IEC 27001 security standard. Our program covers all areas of information security, including encryption at rest and in transit, network security hardening, logical and physical security, change management and secure development, as well as the continuous vulnerability scanning and regular penetration testing of our applications, network and infrastructure and processes to remediate threats.
How does Benevity comply with GDPR, including the recent Schrems II decision?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of personal data of EU residents and governs the transfer of data outside of the EU. Benevity hosts our infrastructure and data in AWS data centers in the United States, and our Data Processing Agreement incorporates the EU’s Standard Contractual Clauses model to protect your data. Recent EU decisions like Schrems II have highlighted the necessity of employing additional safeguards to secure data during cross-border transfers, and Benevity uses industry-leading encryption methods to protect data both in transit and at rest.
Who can I contact with security or privacy questions?
Benevity’s dedicated Risk & Compliance team guides our people, clients and stakeholders in understanding and mitigating the risks and challenges we face in a continually evolving security and privacy landscape. Our Security Operations team is constantly monitoring our environments for malicious attacks, protecting and defending our systems and infrastructure and also preparing for the next evolution of threats. Contact us at privacy@benevity.com.
How are nonprofits vetted?
All nonprofits are vetted and validated in advance of acceptance to the nonprofit portal; as a part of these eligibility guidelines, they are also periodically reviewed against adherence of their programs and operations with Benevity’s Terms of Use and Platform Eligibility Guidelines. Benevity's Terms of Use include a comprehensive guideline for conduct that prohibits a range of activities including but not limited to hate speech, discrimination, military use of funds, and financial crime. Nonprofits may be further subject to periodic reviews and screening processes in order to maintain their eligibility in Benevity's database.
How do I flag a nonprofit in the Benevity portal for breach of terms of use?
Users and program administrators have the ability to flag nonprofits that may be in violation of the Terms of Use.
- Benevity users can visit the Help Center using our chat bot Grace and submit a request
- Program administrators can visit the B-Hive to submit a support request.