Trust and Security

The most secure choice you can make 

Rely on Benevity for Goodness solutions that meet the highest security standards — 24/7/365 

SecurityHeaderNew-57
Verification-3

Compliance

We undergo regular independent verification of our security, privacy and compliance programs — so you have peace of mind. 

22-4-22

Security

We partner with industry leaders, integrate the latest safeguards and continuously assess threats — so your data and donations are safe with us.   

62-62

Privacy

Privacy is a fundamental right and its requirements vary around the world. We comply with the strictest protocols — so you know (and control) how your information is used. 

60-60

Vetting & validation

We validate and monitor the legitimacy of each of the over two million nonprofits on our platform — so you can be confident that your funds are going to organizations in good standing. 

The world’s leading organizations
trust Benevity  

ADP-main2
ameriprise
levis-main
merck-main
john-deere-logo-1
Prudential
twitter (1)
visa-main
Starbucks
new-ups-logo-png-ups-logo-logotype-3410
Book a Demo

“We were impressed by Benevity’s industry-leading security practices.
This security review was the best we’ve seen.”

— Head of Security at a global Fortune 500 manufacturing company

Compliance

Benevity leads the way in compliance — it’s a key reason why companies with the strictest security standards choose us. We maintain the most comprehensive set of industry-recognized certifications and attestations to ensure your data remains secure.

SOC_NonCPA2

SOC 2 and SOC 1 Reports

Benevity undergoes annual independent evaluations on the effectiveness of our internal controls against the globally recognized System and Organization Controls (SOC) requirements, based on the Auditing Standards Board of the American Institute of Chartered Professional Accountants. These SOC reports provide assurance to our clients that our control descriptions are accurate, suitably designed and operating effectively. Benevity currently issues SOC 1 Type II and SOC 2 Type I reports, with our SOC 2 Type II report expected to be made available in December 2022. 

starone

CSA STAR Level 1

The Cloud Security Alliance (CSA) is a nonprofit organization dedicated to promoting best practices for security and privacy controls for cloud computing offerings. The CSA’s Security, Trust, Assurance and Risk Registry (CSA STAR) helps organizations assess cloud service providers.

pci

PCI Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is the global payments industry security standard. The Payment Card Industry Security Standards Council, which created the PCI DSS, develops resources for safe payments worldwide. Benevity partners with PayPal and BlueSnap, certified PCI DSS payment providers, to protect cardholder data. Benevity does not collect, store or process any cardholder data. Cardholder data is collected directly by our PCI DSS certified partners who specialize in payment processing services. To ensure we meet our obligations, Benevity completes an annual PCI SAQ-A for payment processing security.

FSQSR

U.K. Financial Supplier Qualification System certified

As part of Benevity’s ongoing commitment to our Financial Services clients, we have successfully attained our Stage 2 Qualification of the Financial Supplier Qualification System (FSQS). This includes responsible business practices through due diligence and is an accreditation tool used by leading financial organizations. This accreditation not only demonstrates our strong compliance with the EU’s General Data Protection Regulation (GDPR) but also requires us to be audited against other areas such as data security, health and safety, anti-corruption, fraud, supply chain and modern slavery, as well as our Environmental, Social and Governance commitments for diversity and inclusion and environmental and sustainability practices. For more information, click here.    

bcorp-logo

Certified B Corporation

B Corp certification verifies Benevity’s commitment to meeting high standards for performance, accountability and transparency on factors from employee benefits and charitable giving to supply chain practices and input materials. Unlike traditional corporations, Certified B Corporations are legally required to consider the impact of their decisions on their employees, suppliers, community, consumers and environment.  For more information, click here. 

Our security commitment

We ensure that your data is secure across all Benevity products and services.

Our product
Our security-by-design approach to product development means we build through the lens of security. We integrate with your identity providers for SSO to make your giving experience simple and seamless. 

Our people
Security and privacy is embedded into our culture. Our people take regular training to protect themselves, our clients and our business and are made aware of the latest security risks and threats.  

Our partners
Threats to cybersecurity are always evolving. Our security teams work with globally recognized partners to ensure our platform adopts the latest protections and is continuously scanned for threats and vulnerabilities. 

Security-2-55
Group 626430

Our privacy commitment

We ensure that every user’s privacy rights are respected, wherever they are in the world.  

Global regulations
With a global client base, Benevity’s privacy program is designed to meet the world’s strictest regulatory requirements. The EU’s General Data Protection Regulation (GDPR) is considered the world’s leading regulatory framework, setting the standard for all other jurisdictions. Benevity regularly monitors and updates our privacy program to ensure alignment with the changing regulatory landscape, recent EU decisions such as the invalidation of the EU-U.S. Privacy Shield and the U.K.’s exit from the EU.     

Global safeguards
Recent EU decisions like Schrems II have highlighted the necessity of employing additional safeguards to secure data during cross-border transfers. Benevity uses industry-leading encryption methods to protect data both in transit and at rest.

Benevity’s commitments are detailed below.  

  • Our Privacy Policy outlines our commitment to our user’s data privacy rights. 
  • Our Data Processing Addendum defines our standard commitments to our clients and includes the EU’s Standard Contractual Clauses and our up-to-date list of sub-processors.
GlobalSecurity
Group 626430

Our reliability commitment

To ensure our products are highly available and scalable, we partner with the world leader in cloud infrastructure hosting, AWS.  

Availability
The call for Goodness can come at any time, and your program should be ready to respond — 99.5% uptime is our promise to you.  

Rapid scalability
Developed using AWS’s Elastic Cloud Computing, our products scale rapidly when demand increases and certain thresholds are hit. 

Resiliency, continuity and recovery
When the unexpected happens, we’re ready. We have the people in place and the alternate infrastructure on standby. 

Security3-55
Group 626430

Our global vetting commitment

We ensure that every nonprofit on our platform is legitimate and in good standing.

Global reach
Maintaining the largest database of nonprofits in the world (over two million!) means that we employ highly sophisticated vetting processes so you can give with confidence.     

Vetting and validation partners
Our partnerships with TechSoup and Bureau van Dijk help us to monitor nonprofit legitimacy and ensure they meet their local jurisdiction’s regulatory requirements.   

Transaction monitoring
Benevity has dedicated teams monitoring for fraud, with automated detection and prevention measures in place to ensure the integrity of your giving program.   

Vetting
Group 626430

Trust and Security FAQs

What security and privacy measures does Benevity have in place to secure my data? 
flecha

Benevity has developed our information security program based on the globally recognized ISO/IEC 27001 security standard. Our program covers all areas of information security, including encryption at rest and in transit, network security hardening, logical and physical security, change management and secure development, as well as the continuous vulnerability scanning and regular penetration testing of our applications, network and infrastructure and processes to remediate threats. 

How does Benevity comply with GDPR, including the recent Schrems II decision? 
flecha

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of personal data of EU residents and governs the transfer of data outside of the EU. Benevity hosts our infrastructure and data in AWS data centers in the United States, and our Data Processing Agreement incorporates the EU’s Standard Contractual Clauses model to protect your data. Recent EU decisions like Schrems II have highlighted the necessity of employing additional safeguards to secure data during cross-border transfers, and Benevity uses industry-leading encryption methods to protect data both in transit and at rest.

Who can I contact with security or privacy questions? 
flecha

Benevity’s dedicated Risk & Compliance team guides our people, clients and stakeholders in understanding and mitigating the risks and challenges we face in a continually evolving security and privacy landscape. Our Security Operations team is constantly monitoring our environments for malicious attacks, protecting and defending our systems and infrastructure and also preparing for the next evolution of threats. Contact us at privacy@benevity.com.

Get a auote

See Benevity in action!

Book a live demo

1. Company information
2. Your information
3. Your request
 
ware_frame_img