Payment Privacy and Security
Privacy and security are of critical importance when it comes to your charitable activity. Please review the steps we take to ensure your comfort when using Cherryfish.
Public Contributions
When you choose your contributions to be "Public", anyone can see to whom and how much you've contributed. Your contributions include ticket purchases, donations, volunteer hours, and winning auction bids. Public contributions are visible to the public if you have chosen particular fundraisers to support.
Private Contributions
When you choose your contributions to be "Private", the public cannot see to whom and how much you've contributed.  Charity administrators and event organizers that you are contributing to will see relevant information on your contributions. If you have given to a particular individual fundraiser, they will also receive information about your contribution.  Private contributors are labeled as "Private Donor" on public profiles.
Security
There are many steps taken to ensure your security when making payments on Cherryfish.
First, every transaction is secured and encrypted end-to-end. In fact, all activity on Cherryfish is encrypted through a variety of technologies including TLS 1.2.
Cherryfish does not store or save any credit card details. All sensitive information is managed entirely by our PCI compliant payment processor, Stripe. Stripe is a secure payment processor trusted by a wide variety of reputable businesses worldwide. Stripe handles billions of dollars worth of transaction every year. Stripe processes all Cherryfish transactions. To learn more about Stripe, please visit https://www.stripe.com/. For connected nonprofits, you can review the Stripe Services Agreement and Stripe Connect Account Agreement for more details regarding Stripe security.
Every transaction is directly connected to a verified nonprofit bank account. Cherryfish does not use a central foundation or donor-advised funds to reroute contributions - those methods are inefficient and less transparent.
PCI Compliance
Since Cherryfish does not store or save credit card details or directly process any payments, Cherryfish is not required to undergo a PCI compliance audit. However, every year, Cherryfish does complete an assessment provided by the PCI Security Standards Council, and shares that assessment with Stripe.
 Kate Doheny
        Kate Doheny
      