Watch the newest episode of Give Smart: Charitable Soliciation Compliance Explained →
Change logo
For Law Firms
For Companies
Donations
Give to any nonprofit
Compliance
Understand & adhere to state laws
Resources
Blog
Keep up with Change’s latest
Customer Stories
How our customers use Change
Guides
Directories, how-to guides, and more
API Documentation
How to use Change API endpoints
Help Center
How to use the Change platform
Hot off the press
Download the free guide
Pricing
Pricing for Law Firms
Pricing for Companies
How it Works
Request a Demo
Request a Demo

Data Security & Compliance at Change

Change keeps your client data safe with world-class security and data privacy measures.
Request a Demo
Security and compliance at Change

Security Program Overview

Check icon

System Availability

Avoid slowdowns or disruptions. Enjoy virtually uninterrupted access to Change, with average annual uptimes exceeding 99.99%.
Lock icon

Encryption

All customer data is encrypted at rest with AES-256. Change’s cloud-based databases are isolated from other applications. All Change databases require encrypted connections, enhancing the security measures against potential data breaches
Identify verification

Identity Verification

Relationships with nonprofit organizations are verified manually and leverage publicly available information confirmed with multiple sources.

Password resets and account recovery are manually performed and leverage registered account email addresses.
Data backup and retention icon

Data Backup and Retention

Change retains data for as long as there is an administrative need to keep it to carry out its business or support functions, or for as long as it is required to demonstrate compliance for audit purposes or for legislative requirements.

Change backs up client data daily, and stores the data securely in AWS S3 as physical backups. The backups are protected for disaster recovery by storing both the base backup and write-ahead logs (WAL).

Compliant with SOC 2 Type 2 Security Standards

SOC 2 Type II badge
Change is SOC 2 Type 2 certified in security, availability, confidentiality, and privacy.

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The SOC 2 reports cover controls around security, availability, and confidentiality of customer data.

To request a copy of Change’s SOC 2 report, contact us at hello@getchange.io.

Additional Resources

PCI & Banking Compliance

Change uses Stripe, Inc. ("Stripe"), a fully compliant entity, as the third-party service provider for payment services (e.g., card acceptance, banking, merchant settlement, and related services). No credit card data touches Change's system. No Change system or personnel can access customer credit card data.

Change uses Finix Payments, Inc. ("Finix"), a fully compliant entity, as the third-party service provider for payment services (e.g., card acceptance, banking, merchant settlement, and related services). No credit card data toucs system. No Change system or personnel can access customer credit card data.

Customer Data

All customer data is encrypted at rest with AES-256. Change’s cloud-based databases are isolated from other applications. All Change databases require encrypted connections.

Identity Verification

Relationships with nonprofit organizations are verified manually and leverage publicly available information confirmed with multiple sources.

Password resets and account recovery are manually performed and leverage registered account email addresses.

Data Retention

Change retains data for as long as there is an administrative need to keep it to carry out its business or support functions, or for as long as it is required to demonstrate compliance for audit purposes or for legislative requirements.

Any data subject to deletion by local laws can be deleted at any time by request of users by contacting hello@getchange.io.

Dashboard Security

Change protects dashboard pages with strict same-origin content security policies to mitigate clickjacking.

Change protects dashboard actions with cross-site request forgery tokens to mitigate cross-origin access.

See Change in Action

Request a Demo

Stay up to date with Change

Solutions
For Law FirmsFor Companies
Use Cases
Round-UpsCommercial Co-VenturesProfessional FundraisersLoyalty ProgramsGiftingCorporate Foundation
Resources
BlogCustomer StoriesPricing for Law FirmsPricing for CompaniesFAQHelp CenterAPI Documentation
For Nonprofits
Claim Your NonprofitWhat is Change?FAQ for Nonprofits
Company
AboutPressSecurityContact UsPrivacy PolicyTerms
SOC 2 Type II badge
© 2025 GetChange Corp.
Request a demo
Request a demo
Request a demo
Request a demo
Request a demo