Compliance & Trust

Our Verification Process

Every organization listed on EasyToGive is reviewed before appearing on our platform. Our verification process includes:

• IRS 501(c)(3) status confirmation — We verify each organization's tax-exempt status directly through the IRS Tax Exempt Organization Search database. Organizations must hold active 501(c)(3) status to be listed.
• EIN validation — We confirm that the Employer Identification Number (EIN) provided by the organization matches the name and status on record with the IRS.
• Watchlist screening — We screen organizations against relevant government and regulatory watchlists, including OFAC sanctions lists, to ensure we do not facilitate donations to prohibited entities.
• Ongoing monitoring — We periodically re-verify listed organizations and remove any organization that loses its tax-exempt status or is flagged for compliance issues.

Verification confirms legal status — it is not an endorsement of an organization's programs, effectiveness, or use of funds. Donors are encouraged to conduct their own due diligence before giving.

Data Protection

We take the security of your personal and financial information seriously. Our data protection practices include:

• Encryption in transit — All data exchanged between your browser and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest — Sensitive data stored in our database is encrypted at rest using industry-standard algorithms.
• Minimal data collection — We collect only the information necessary to operate the Service. We do not sell your personal data and do not use advertising cookies or tracking pixels.
• Access controls — Access to production systems and user data is restricted to authorized personnel on a need-to-know basis.
• Supabase infrastructure — Our database is hosted on Supabase, which operates on AWS infrastructure with row-level security (RLS) policies enforced at the database layer. This ensures users can only access their own data.

For full details on how we collect, use, and protect your personal information, see our Privacy Policy.

Payment Security

All payments on EasyToGive are processed by Stripe, Inc., a global leader in payment infrastructure. Stripe is a certified PCI DSS Level 1 service provider — the highest level of payment card industry certification. This means:

• Your credit and debit card details are entered directly into Stripe's secure, hosted payment fields and are never transmitted to or stored on EasyToGive's servers.
• Stripe uses advanced fraud detection and machine learning to identify and block suspicious transactions in real time.
• All payment data is encrypted end-to-end and stored by Stripe in compliance with PCI DSS requirements.

EasyToGive never sees your full card number, CVV, or billing details. We only receive a tokenized reference from Stripe confirming that a payment was successfully authorized.

Charitable Solicitation

Many U.S. states require organizations that solicit charitable contributions to register with state authorities before doing so. EasyToGive is a for-profit marketplace — we facilitate donations between donors and independent nonprofit organizations but do not ourselves solicit charitable contributions on behalf of any charity.

Nonprofit organizations listed on EasyToGive are responsible for their own compliance with state charitable solicitation registration requirements in the states where they operate and solicit funds.

Donors are responsible for verifying that recipient organizations are registered to solicit in their state, where required. EasyToGive provides IRS registration information to assist with this verification but cannot guarantee compliance by individual organizations.

Report a Concern

We take reports of fraud, misuse of funds, misrepresentation, or other compliance concerns very seriously. If you believe a listed organization is fraudulent, has lost its tax-exempt status, or is misusing donor funds, please contact us immediately.

We also welcome reports of technical security vulnerabilities, data privacy concerns, or any suspected unauthorized access to EasyToGive systems.

To report a concern, email us at seth@easytogive.com with the subject line “Compliance Concern” or “Security Report.” We review all reports and aim to respond within two business days. Credible concerns about listed organizations are investigated and may result in immediate removal from the platform pending review.