Givebutter utilizes the world’s very best payment encryption technology and security. Payments are processed through our PCI-compliant payments partner Stripe, where funds are securely held until they are withdrawn via bank transfer. Givebutter does not have access to donor credit card information, and we take every measure to protect the personal information of users on our site.

Givebutter campaigns are regularly reviewed with scrutiny behind the scenes to protect visitors from fraud, hate, discrimination, and other violations of our terms of service and privacy policy. 

We also offer 2FA (two-factor authentication) for additional login security. If you log in from a new location, you will be required to login using 2FA. You can access 2FA options on your personal profile – 2FA options are specific to your own email login. We recommend enabling 2FA as a best practice to keep your account secure.

You can tell Givebutter has a valid SSL certificate by the lock icon in your browser in the URL bar. Click the icon to see more about the certification.

From a technical standpoint, Givebutter uses best-in-class security standards applied to all systems including but not limited to firewalls, network and database ACLs, VPNs, encryption where possible, log retention and auditing, data backups, and private server networks.

Givebutter never stores any payment information. When users enter payment information on Givebutter, or when administrators withdraw funds to their bank accounts, we never store, transmit, or otherwise use this private information in our system. All this data is used directly with the relevant payment processing service (i.e. Stripe) and upholds their security standards, as well as PCI compliance.

At Givebutter we use the access model of "least-privilege", which means that each network program, software, contractor, employee, or other users will be granted the fewest privileges necessary to complete their job. In addition, all parties that have access to sensitive information (typically only for limited customer support purposes) undergo training and must adhere to strict security practices such as 2-factor authentication, VPN usage, and regular audits.

Please don't hesitate to contact us at [email protected] if you believe someone is abusing our website.