Security & trust
Your donor data is safer here than in your inbox.
GDPR by default. EU-only hosting. Encryption at every layer. Plain-English policies you can hand to your board.
Encrypted everywhere
All data in transit over TLS 1.3. All data at rest encrypted at the database layer. CRM integration credentials stored with encrypted key management.
EU-only hosting
Postgres on Supabase Pro, EU-west-1 (Ireland). No US data residency. No cross-Atlantic round trips on every page render.
Row-level security
Every charity sees only their own data, enforced at the database. Even a compromised admin token cannot read another charity’s donor list.
Multi-factor auth
TOTP-based 2FA on platform admin, vendor accounts and the production deploy chain. Domain lock on the registrar. FileVault on engineering laptops.
Daily backups
Daily automated backups, eight-day retention. Backup integrity checked at each deployment.
Need a deeper assurance pack?
Larger charities and corporates often ask for a vendor questionnaire or sub-processor list. Email security@impacturi.com and Dermot Dennehy (Founder, Clickonic Ltd) will respond personally. Penetration testing is planned for pre-commercial launch; a summary will be available once complete.
Book a 20-minute demo