Yes, Donorbox is PCI compliant under "PCI validation: SAQ A". We utilize Stripe Elements technology which has financial input fields that are done securely in Stripe's iframe. Stripe is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.


Donorbox also uses Stripe's secure token mechanism. Card numbers are tokenized (the number is changed to an undecipherable string, IE: `tok_fafds23423') before we charge the card. Saved cards & bank accounts for recurring donations are also tokenized. Therefore, Donorbox doesn't have any record of the donor's card number in our database and logs. This means hackers will never get sensitive card or bank information from us.


The transmission between the donors, the Donorbox form, and Stripe is encrypted using 256bit SSL/TLS. Stripe is one of the most secure and trusted payment providers. It is used by Twitter, Shopify, Kickstarter, and Lyft.