DAFpay Security

Chariot is proud of our industry-leading technology, security and privacy standards. Below, you'll find a few of the best aspects of our offering that are most important in the protection of donors, nonprofits and DAFs.

A Secure Passthrough

The DAFpay modal presents a secure passthrough window for a donor to safely access, and take action within, their DAF account wherever they are inspired to give online. When a donor enters their account credentials in the modal, that information is fully encrypted and is not stored by Chariot at any time.

Meeting the Highest Standards of Data Privacy & Security

Chariot has undergone rigorous third-party security audits, including penetration tests, and has earned third-party certificates, including SOC II, Types 1 and 2. Chariot has also undergone robust diligence processes with some of the largest hospitals and universities in the country. We hold ourselves accountable to strict Information Security policies and vulnerability SLAs. We also work closely with Oneleet to establish and monitor a holistic security and compliance program that ensures the integrity and safety of all those who interact with Chariot's products.

No Use or Sale of Sensitive Data, Ever

Chariot has not and does not sell or share a donor’s account credentials, account balance, previous grant recommendations and amounts, total funds associated with the account, or investment profile with customers or third parties. In fact, Chariot’s technology does not even access any of this information beyond what is absolutely necessary to submit a successful grant request. The only information that is securely stored is the name and contact information the donor explicitly provides in the final “checkout” pane of the DAFpay modal experience. For convenience, our technology is able to automatically populate the name, email and address field from the donor's DAF account, and account holders are easily able to remove or change those details before submitting the grant request. For the convenience of the donor and the nonprofit recipient, the nonprofit can view the information provided by the donor (Name, Email, Address and Gift Size) so that they are able to properly track and acknowledge the gift. The only information Chariot securely stores and provides to a nonprofit customer is what a donor explicitly provides and consents to sharing with that organization. Some nonprofits elect to disallow anonymous gifts through DAFpay on their own website. If a donor is not comfortable with providing any of those details, they can exit the DAFpay modal at any time.

Industry-leading Technology, with More Advanced Security Features than Venmo, Mint, Rocket Money, Plaid, & Yodelee

Chariot provides secure donation facilitation services to DAF account holders who seek to initiate grant requests right when they are inspired to give online via a nonprofit’s website, a peer-to-peer campaign, a crisis response campaign, etc. The DAFpay technology has similar capabilities as other “aggregators” in the financial services industry, like Plaid, Stripe, and Yodelee (which are powering tools like Venmo, Mint, Rocket Money, etc.). With these applications, a user can access their account within a different platform. These actions must be triggered by the individual holder of account. One very common example of this is when someone receives a Venmo request. If they choose to pay the request via their connected bank account, the platform is triggering that specific action in their account on their behalf. Many nonprofits use Plaid or Stripe to perform the same kind of outside trigger for ACH / Bank transfer donations within their donation forms. Critically, and unlike services such as Plaid and Yodlee, Chariot does not stress providers’ servers or aggregate market data. Each donation request made by a donor via DAFpay is a standalone, ad hoc request, and DAFpay operates solely as a secure pass-through platform. A donor’s login credentials are passed through to each DAF provider to complete a user action and are not stored by Chariot. This is a security measure that is above and beyond what other market leaders practice.

Partnership with DAF providers

While Chariot offers a service to DAF account holders that does not require technical collaboration with DAF providers, Chariot has also entered into formal agreements with many DAF providers who want to develop deeper technical integrations and actively promote the DAFpay capability to their account holders. These DAF providers are truly living their mission of increasing generosity by making it as easy as possible to recommend grants from a DAF account and ensure these dedicated funds for charity are flowing to organizations in need as seamlessly as possible.

Transparent Fees

Chariot charges a standard initiation fee of 2.9% per DAFpay donation, similar to a credit card fee. Including a DAF payment option on a donation form ensures it’s as easy as possible for donors to give money that’s already been set aside for charitable giving. Chariot's fees are paid by the nonprofit. When DAFpay is implemented via a fundraising platform partner of ours, donors typically have the option to cover fees for the nonprofit, and that increased gift size flows through to the checkout in the DAFpay modal. Nonprofits also have the option to pay zero processing fees as part of a Chariot subscription plan, which come with a set limit of included DAFpay volume.