Security

Built to protect your donors’ trust

Your donor data is some of the most sensitive information your organization holds. We treat it that way — with strong encryption, trusted payment infrastructure, and the principle that your data is always yours.

Encryption everywhere

All data is encrypted in transit with TLS and encrypted at rest in our database. Your information is protected the moment it leaves your browser.

We never store card numbers

Payments are processed by Stripe, a PCI-DSS Level 1 certified provider. Donor card details are sent directly to Stripe and never touch our servers.

Your data is isolated

Each organization's records are scoped to that organization, and access is enforced on every request so one customer can never see another's data.

Role-based access

Granular permissions let you control exactly who on your team can view donors, manage donations, or change settings.

Backups & recovery

Your data is backed up regularly by our infrastructure provider so it can be restored if the unexpected happens.

You own your data

Export your contacts and donations whenever you like. If you ever leave SAGA, you take everything with you.

Our ongoing commitment

Security is never finished. As SAGA grows, we continue to invest in our practices and work toward meeting recognized industry standards. We build on trusted, audited infrastructure — including Stripe for payments and a managed, encrypted database — so the foundation your data sits on is held to a high bar.

Reporting a vulnerability

If you believe you’ve found a security vulnerability, we want to hear from you. Please email security@sagacrm.io with the details. We’ll investigate every credible report and appreciate responsible disclosure.

Fundraise with confidence

Give your donors a platform they can trust.

Start Free