Facebook informed me today about an anniversary. Exactly one year ago I posted about earning GuideStar's gold seal of transparency. Well guess what? Today I'm here to announce that for 2018 Charitocracy has earned their platinum seal. That's GuideStar's highest level of transparency.
Indulge me for a moment while I pretend it's been a major endeavor. Wait for it... okay... The jig is up. Achieving this status is pretty much just a matter of sharing data that already exists. No sweat. We share details about our organizational structure, finances, mission and programs. GuideStar makes it super easy, so with a few hours effort, any 501(c)(3) could progressively qualify for silver, then gold, then platinum levels.
Another one to note in passing: we've dotted the i's and crossed the t's for credit card data handling.
We've always used Stripe for all our donations. They offer the best nonprofit discount we've found in the industry. Fees are 2.2% + 0.30 per transaction, with no fees on the first $15,000. That saved us hundreds of dollars last year. I'm grateful for that. But they've also offered the easiest and most attractive credit card entry UI in my opinion. (Maybe I need to rethink my life choices that have led me to blogging about the sexiness of credit card UIs.)
Stripe is also a breeze to setup and maintain on the backend. And one of their features is easy filing of PCI compliance documentation. This should be easy, since Charitocracy never touches your credit card data. It's stored only in Stripe's data vault, which I picture to exist deep in a mountain cavern guarded by Velociraptors. When you enter your credit card number on what appears to be Charitocracy's web site, really it's going into a separate browser "iframe" talking directly to Stripe's servers. Charitocracy simply gets a transaction reference token we can use to confirm that the donation went through okay.
All of that is to say: Stripe makes it easy for us to file our PCI SAQ A, attesting that they've taken on all the risk and corresponding security requirements themselves. We simply need to ensure Charitocracy uses encrypted protocols. And we do, via our free TLS certificates from Let's Encrypt.
We're doing everything we can think of to put you at ease, safely making your donations at Charitocracy! Let us know if there's anything else you can think of that will give you peace of mind or answer burning questions you have about Charitocracy.