Yes, Donorbox is PCI compliant under "PCI validation: SAQ A". We utilize Stripe Elements technology which has the financial input fields are done securely in Stripe's iframe.  Stripe is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.


Donorbox also uses Stripe's secure token mechanism. Card numbers are tokenized (the number is changed to an undecipherable string eg `tok_fafds23423') before we charge the card. Saved cards & bank account for recurring donations are also tokenized. Therefore, Donorbox doesn't have ANY record of the donor's card number in our database and logs. That means hackers will never get the sensitive card or bank information from us.


The transmission between the donors, the Donorbox form, and Stripe is encrypted using 256bit SSL/TLS. Stripe is one the most secure and trusted payment provider. It is used by Twitter, Shopify, Kickstarter, and Lyft.