How We Protect Your Data
Your data security is our foundation
Charities trust us with sensitive donor information — names, addresses, donation histories, and Gift Aid declarations. That responsibility shapes every decision we make, from the infrastructure we choose to the way we process a single record.
We know that data breaches don’t just cause regulatory headaches — they damage the trust between a charity and its supporters. That trust is irreplaceable. So we’ve built Gift Aid Boost from the ground up with security at every layer, not bolted on as an afterthought.
Here’s exactly how we protect your data.
What we protect
Our platform handles sensitive personal data at every stage of the Gift Aid recovery process:
- Donor names, addresses, and contact details
- Donation amounts and dates
- Gift Aid declarations
- Charity account information
Every security decision we make starts from the assumption that this data will be targeted. We build accordingly.
Encryption everywhere
All data is encrypted in transit between your browser and our servers using TLS. Donor personal data — names, emails, addresses, phone numbers, and dates of birth — is also encrypted at rest in our database using field-level encryption.
Encryption keys are managed separately from database access. Even if someone gained access to the database, encrypted fields would be unreadable without the separate encryption key.
Your data stays isolated
Every charity’s data is completely separated at the database level. Multi-tenant isolation means Charity A cannot access Charity B’s data under any circumstances.
This isn’t application logic that could be bypassed — it’s enforced by the database itself through row-level security policies applied across all data tables. We run automated cross-tenant tests to verify this continuously.
AI that never sees your donors
This is one of our strongest privacy guarantees.
When we map your spreadsheet columns, we use AI to understand the structure. But we never send donor names, emails, addresses, or any personal details to the AI service. Instead, we replace all personal data with anonymised patterns before it leaves our servers: names become [NAME], postcodes become [UK_POSTCODE], amounts become [CURRENCY_GBP].
The AI sees the structure. It never sees the people.
We chose this approach deliberately. Many platforms send data to AI services for processing. We engineered a privacy boundary that makes that unnecessary.
Where your data goes — and doesn’t
We’re transparent about exactly which services touch your data and what they see:
| Service | What it receives | Why |
|---|---|---|
| Our database (EU) | All donor data (encrypted) | Primary storage |
| Email delivery | Donor email + first name | Declaration emails |
| Address lookup (UK) | Postcodes only | Verifying and completing addresses |
| Electoral roll (UK) | Names + postcodes | Confirming donor identity |
| Virus scanner (EU) | Uploaded file contents | Malware detection |
| AI mapping | Anonymised patterns only | Column structure recognition |
| Payment processing | Charity name + billing email | Invoice payments |
No donor data is used for marketing, shared across charities, sold, or retained beyond what HMRC requires.
Full sub-processor details are available in our compliance pack.
Every file is scanned for threats
All uploaded files pass through automated virus scanning before they enter our processing pipeline. This happens immediately on upload, before any data is extracted or stored.
If a file is flagged as infected or malicious, it is rejected immediately and never processed. We enforce strict limits on file size and structure to prevent abuse.
Files are automatically deleted
Original uploaded files are automatically deleted after 14 days by an automated process — not manual cleanup. Once we’ve extracted and processed the data from your files, the originals serve no purpose, so we remove them.
What we retain is the minimum needed for your audit trail:
- File name and upload date
- Number of records processed
- Processing outcome (success, errors, warnings)
The raw files don’t linger on our servers. This minimises your exposure and ours, and it aligns with the data minimisation principle under UK GDPR.
Every action is logged
We maintain an immutable audit trail for every significant action. Security monitoring detects and alerts on suspicious activity, including failed login attempts, unusual access patterns, and rate limit breaches.
These logs cannot be modified or deleted — even by us. If HMRC queries a donation, you can trace it from the claim file back to the original upload in seconds.
Access controls at every layer
Security isn’t only about encryption — it’s about controlling who and what can interact with your data:
- Two-factor authentication on every account, with no exceptions
- Session binding ties tokens to your browser — they can’t be reused from elsewhere
- Automated abuse prevention blocks suspicious activity before it reaches your data
- Admin access is separated from charity access with additional controls and full audit logging
We test our own defences
- Automated vulnerability scanning runs on every code change
- Dependency monitoring catches known security issues in third-party libraries within hours of disclosure
- Content Security Policy prevents cross-site scripting attacks
- We follow OWASP Top 10 and OWASP API Security Top 10 guidelines
We’re building towards a formal penetration test. In the meantime, we conduct rigorous internal security assessments and document our findings. If your organisation requires a detailed technical security report, we’re happy to share it — contact us at james@giftaidboost.com.
Compliance at a glance
| Area | Status |
|---|---|
| UK GDPR compliance | Data Processing Agreement, DPIA, and ROPA maintained |
| Data processor role | We process on your instructions only (Article 28) |
| Lawful basis | Legitimate interests for Gift Aid recovery |
| Data retention | 6 years (HMRC requirement), files deleted after 14 days |
| Breach notification | Within 72 hours (contractual commitment) |
| Data subject rights | We assist with access, erasure, and rectification requests |
| Sub-processor register | Maintained and available in our compliance pack |
For your legal team
We know data protection decisions often involve trustees, a DPO, or external legal advisors. We’ve prepared everything they need:
- Compliance pack — DPA summary, sub-processor register, retention schedule, data flow diagram, lawful basis register, and GDPR Article 28 compliance statement. Print or save as PDF.
- UK GDPR guide — Plain-English explanation of the controller/processor relationship and your obligations.
- Full Data Processing Agreement — Available during registration and linked from the compliance pack.
If your legal team has questions not covered in these documents, contact james@giftaidboost.com.
Start claiming and recover what your charity is owed. Or get in touch if you have questions about our security measures.