Security
Your donor data is some of the most sensitive information your organization holds. We treat it that way — with strong encryption, trusted payment infrastructure, and the principle that your data is always yours.
All data is encrypted in transit with TLS and encrypted at rest in our database. Your information is protected the moment it leaves your browser.
Payments are processed by Stripe, a PCI-DSS Level 1 certified provider. Donor card details are sent directly to Stripe and never touch our servers.
Each organization's records are scoped to that organization, and access is enforced on every request so one customer can never see another's data.
Granular permissions let you control exactly who on your team can view donors, manage donations, or change settings.
Your data is backed up regularly by our infrastructure provider so it can be restored if the unexpected happens.
Export your contacts and donations whenever you like. If you ever leave SAGA, you take everything with you.
Security is never finished. As SAGA grows, we continue to invest in our practices and work toward meeting recognized industry standards. We build on trusted, audited infrastructure — including Stripe for payments and a managed, encrypted database — so the foundation your data sits on is held to a high bar.
If you believe you’ve found a security vulnerability, we want to hear from you. Please email security@sagacrm.io with the details. We’ll investigate every credible report and appreciate responsible disclosure.