GDPR Compliance

What is GDPR

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). GDPR came into effect across the EU on May 25, 2018.

If your organization is based in the EU or you process the personal data of individuals in the EU, then the GDPR affects you.

Key points regarding the GDPR:

How we help you with compliance

Custom Donations forms can easily be configured to gain consent and so your constituents can opt-in to your email marketing.

  1. Click on "GDPR and Email Consent" from your Account tab at
  2. Enable the GDPR option. This enables you to set the GDPR toggle on any giving form (when the GDPR option is not enabled, you will not see the toggles on the Giving Form page). Enabling the GDPR option for a giving form will present a checkbox on the Gift Review step so that the user can give their consent. Edit the GDPR Consent Label to set the text that appears with the checkbox.
    Enable GDPR
  3. Additionally, you can add up to two links to your specific policies. These links will appear with the consent checkbox on your giving forms.
    Configure external links
  4. If you want to add donors to your email list, you must first get consent. You can set what you want the opt-in checkbox to say as well as add a link to your relevant privacy policy.
    Configure external links
  5. Once you have enabled GDPR and/or set your Email Consent options, you can enable those options on each Giving Form where you want them to appear.
    Add opt-ins to forms
  6. The options will now show up on your giving form, right before the payment button. That's it -- any form can now gain consent!
    End result

Our compliance with GDPR

Custom Donations [we] collects personal information about users [you] who conduct transactions through our forms. At a minimum, this includes your IP and email address. Additional information, beyond IP and email address, is determined by the organization with whom you are conducting the transaction [our clients].

The information collected on behalf of our clients allows them to conduct and manage that transaction.

The information is securely passed to our clients through the payment processor (Stripe). Please visit their site for more information on their policies.

Additionally, certain information may be passed to our clients' data processors if the client has opted to do so. Please refer to their policies for more detail. Links to this information should be available, when relevant, on our donation forms (see How we help you with compliance section). This may include:

Personal information is encrypted and securely stored on our servers.

Outside of passing your information to our clients and their data processors, we do not leverage or share your personal information. It is strictly used to manage your transaction or recurring payment.

At any time, you may request that your information be removed.

You may request a copy of the data we have on file at any time.

We do not store credit card numbers or financial data.

Our donation forms do not use cookies.