Sign in Support FAQs Contact About us

Donorfy Security


Protecting data to and from your browser

Data that is transferred between your browser and our servers is encrypted using SSL. You can see that in the address bar – it starts https:

Data centre security

Donorfy is hosted in Microsoft Azure, a highly secure and scalable cloud computing platform. As one of the world’s leading platforms, Microsoft take security extremely seriously. Read more about it here:

Where is my data?

Donorfy is hosted in Microsoft Azure’s European Azure data centres in Republic of Ireland and the Netherlands. The data does not travel to US unless you connect it to services that are US-based. So you should be aware that when integrated with US-hosted services such as MailChimp or Eventbrite the data necessary to perform the integration does transfer from our European Azure data centres in the European Economic Area (EEA) to their servers. You should check the integrated services' privacy policies for their participation in, and commitment to data protection agreements such as the EU-US Privacy Shield agreement. The MailChimp privacy policy can be found here, and the Eventbrite one here.

If you choose to use Donorfy with your own Azure subscription you can choose the location of your Azure SQL database. Please see this page for more information.

Security testing

Donorfy is developed and tested according to the standards of the Open Web Application Security Project (OWASP). For authentication, access control and encryption we use components and technology provided by Microsoft and other major technology companies. Periodically our software is reviewed and tested by external experts and their findings and recommendations are fed back into our development processes and wider business practices. Beyond the above we do not publicise further details of our security.

Data Protection

In the eyes of the GDPR we are the Data Processor. As such we have a comprehensive data processing agreement which sets our commitments and obligations as your data processor. This is updated from time to time in line with legislation and improvements. The full DPA can be viewed here.

Sensitive data

Credentials such as passwords and API keys are strongly encrypted. Donorfy does not store any usable credit card or bank account details. They are stored by the payment processors’ systems (see Integrations) which themselves are subject to the strictest compliance regulations.


Donorfy notifies users of logins from previously unknown locations. This enables you to take necessary action (eg. changing passwords) should you suspect anything.


Data is backed up daily to Amazon Web Services storage in the EU.


We monitor and log access to the service 24/7 and receive alerts for any unexpected incidents that may need our intervention.

User access

You have control over who can access your organisation’s Donorfy account. You invite the users you want. We too have access for support purposes – it helps us answer any questions you have much more effectively and quickly.

Getting access to your data

You can download your data at any time from Donorfy using the Lists feature.