What payment gateway is used to handle transactions?
Payment processing is handled by Stripe, a trusted third-party provider, thus ensuring a high-level of security, compliance and handling of sensitive information. We also have plans to integrate PayPal in the near future (coming month). As a clarification, Donaco does not hold any capital on behalf of its charity partners – this is facilitated by the payment providers (Stripe/PayPal) themselves through Stripe Connect and PayPal Marketplace – thus adding another layer of security (see more here).
Is it PCI compliant?
Stripe is PCI compliant, with a PCI DSS Level 1 certification. Please find out more information here.
When and how would the charity receive the money?
Payouts are scheduled by the charity directly on their account with the payment provider (can be daily, weekly, monthly, etc…) – Donaco does not interfere in this process. Please note that any payouts incurs a cost of £0.10.
What happens with the data? Who owns it?
Donaco handles minimal amounts of data – namely personal information on donors : home address (if provided as part of Gift Aid), name and email address (standard). However, this is not shared with the charity or used in any way by us without the prior consent of the donor. All donor information is stored on secure databases hosted by Microsoft and Google – this is owned by Donaco unless the donor provides consent to share with the charity in line with GDPR compliance.
Do charities get the data? How do charities export it?
Donaco would share the data with the charity solely if the donor provides consent. In that case, Donaco would provide this information to be exportable directly from your charity dashboard on the Donaco website (beta).
Opt in statement: can we amend the wording?
Yes, we use a standard opt in statement, but this is entirely customisable and most functionalities in the interface are entirely customisable as well – happy to elaborate if needed.