Security & Reliability

Protect your community's trust

There’s secure, and then there’s Pushpay secure.

Beyond Compliance

It’s easy to check a few boxes and call yourself PCI compliant. But did you know there are four levels of compliance, and most of them are self-assessed? Pushpay is the only giving platform that is end-to-end PCI Level-1 compliant. Sounds fancy, but what does it actually mean? It means we have built our platform with security packed into its core. Every year we go through a full onsite assessment from an independent auditor who files our compliance report directly to the PCI Security Standards Council. We also conduct quarterly network scans by an approved vendor and have 24/7 active monitoring and alerting. Our team follows industry-standard secure coding guidelines. Our security policies and procedures are carefully documented and reviewed on a regular basis, and our incident response plans ensure proper protection of data in case of an emergency. Which means you can sleep easy at night, knowing someone from Pushpay’s security is wide awake, keeping your data and donations secure.

We Built This City

From design to transaction processing, we built our platform in house. Not only does this allow us to have better control of the product roadmap to build you better capabilities on our schedule, but it gives us full control over security from end to end. When a company uses an outside transaction processor, PCI compliance is a shared responsibility and applies to both the company processing the payments and the application company you’re actually doing business with. Often this creates a risk of what is called a man in the middle attack (think of it as someone eavesdropping on your conversation and overhearing your credit card information). Because we have gone through an end-to-end independent audit of the entire process, you know you and your members are safe with Pushpay through every step.

Fraud Detection Through Machine Learning

We stop fraud before it affects your organization. Utilizing machine learning algorithms, we are able to detect fraudulent transactions, stop them in their tracks, and contact you immediately to mitigate the situation. If the transaction is found to be legitimate, the donor is none the wiser, and you can sleep sound knowing we’ve got your back.

Your Data is Your Data

Pushpay is committed to protecting the privacy of you and your members. We use industry-leading Secure Sockets Layer (SSL) technology to keep all personal information secure. We do not sell, trade, or rent personal information about any of our customers or their members with third-party organizations. Your data belongs to you and is stored on our servers on your behalf. Through our strong relationships with our storage partner, Amazon Web Services (AWS), and our 24/7/365 customer support, we’re able to give you enterprise-level service level agreements (SLA) that guarantee uptime, support response time, and data freshness.

Security questions or issues?
If you have any questions about security, please get in touch with our security team.

Read more in our Privacy Policy and Terms of Service.

Learn More About the Power of Pushpay