How Givebear protects donor data and funds
When a board evaluates a giving platform, the real questions are simple: who touches the card data, where does the money sit, and who can see donor records. The answers here are short because the architecture is simple: Stripe handles cards, your own Stripe account holds the money, and you control access.
No card data on our servers
Card numbers go straight from the donor's device or the kiosk reader to Stripe. Givebear stores a token, never the card. There is no card database to breach.
Your money, your Stripe account
Donations settle into a Stripe account owned by your organization, not a pooled Givebear account. We never hold or touch your funds.
PCI DSS Level 1 processing
All payments run on Stripe, audited annually at the highest certification level in the payments industry. Your organization stays out of PCI scope for card handling.
Role-based access control
Granular permissions decide who sees donation amounts, who edits campaigns, and who only checks in event guests. Custom roles match your real org chart.
Hardened kiosk hardware
Stripe Terminal readers encrypt at the point of tap. Enclosures are tamper-resistant, and remote device management deactivates a lost unit in seconds.
No lock-in by design
Donor records and reports export as CSV any time. Transaction history lives in your own Stripe account and stays with you if you ever leave.
What happens when someone donates
Online, the card form on your giving page is served by Stripe inside the donor's browser. The card number travels encrypted from that form to Stripe directly; Givebear's servers receive a token that says "this donor authorized this amount" and nothing more. At a kiosk, the certified Stripe Terminal reader encrypts the card at the moment of the tap, so even the kiosk app never sees a number.
The charge is created on your organization's own Stripe Connect account. That detail matters more than any feature: it means donated funds are never pooled with other organizations' money, never pass through a Givebear bank account, and pay out to your bank on Stripe's standard schedule whether or not Givebear is reachable. Receipts are generated automatically and emailed to the donor with the fund name, amount, and your tax details, so there's no manual handling of donor information at any step.
Inside the dashboard, access follows the roles you assign. Every session runs over TLS, authentication supports passwordless email sign-in, and donors managing a recurring gift get scoped magic links that grant access to their own subscription and nothing else.
Questions boards and finance committees ask
Does Givebear store donor card numbers?
No. Card data goes directly from the donor's browser or the kiosk's certified card reader to Stripe, a PCI DSS Level 1 service provider (the most stringent certification level in the payments industry). Givebear's servers see a tokenized reference to the payment method, never the card number itself. Your staff and volunteers never handle or see card data at any point.
Where does donated money actually sit?
In your organization's own Stripe account. Givebear is built on Stripe Connect: every donation settles directly into a Stripe account that belongs to your organization, with payouts on Stripe's standard schedule to your bank. Givebear never holds your funds, cannot delay your payouts, and if you ever leave the platform your Stripe account and its history remain yours.
Who on our team can see donor data?
Whoever you decide. Givebear has role-based access control with granular permissions: a board treasurer can see financial reports without being able to edit campaigns, a volunteer can check in event attendees without seeing donation amounts, and a kiosk volunteer needs no dashboard account at all. Owners and admins manage these roles from the dashboard, and custom roles let you match permissions to how your organization actually divides work.
Are kiosk payments as safe as online payments?
Yes. Givebear kiosks run Stripe Terminal with certified card readers: a tap or insert produces a single-use encrypted token, and card data is encrypted from the moment it touches the reader until it reaches Stripe. The kiosk app itself never has access to card numbers. Hardware ships in tamper-resistant enclosures, and devices are managed remotely so a misplaced or stolen unit can be deactivated without touching it.
Can we export our data if we leave?
Yes, at any time and without asking us. Donor records, donation history, fund reports, and event registrations export from the dashboard as CSV. Because payments run on your own Stripe account, your full transaction history also remains available directly in Stripe regardless of your relationship with Givebear.