Data Security at Anedot
This article outlines Anedot's data security practices, including compliance with SOC 2 and PCI standards, privacy policies, and user guidelines for protecting payment information.
Table of Contents:
- Secure by Design
- PCI Compliance Guidelines
- SOC 2 Compliance
- Privacy and Data Ownership
- Legal and Privacy Terms
Secure by Design
Anedot is SOC 2 compliant and PCI compliant, and uses TLS encryption to protect all data in transit. Cardholder data is never exposed to staff or users—payment information is encrypted in the browser before transmission.
Security measures include:
-
Ongoing internal code and infrastructure audits
-
Monthly reviews by an external security analyst
-
Quarterly scans by an independent security firm
PCI Compliance Guidelines
To maintain PCI compliance on the organization’s side:
-
Never write down, email, or text credit card numbers
-
If card data is recorded, destroy it immediately after processing
Learn more in the PCI Compliance FAQ
SOC 2 Compliance
Anedot maintains an active SOC 2 Type I report.
To request a copy, contact our team.
Privacy and Data Ownership
-
Anedot does not sell or share personal information.
-
Personally identifiable information (PII) is fully owned by the organization that collects it.
-
Anedot is a direct payment processor—not a reseller—ensuring full control over payment data.
-
Data sharing policies of fundraising organizations and integration partners are independent of Anedot. Please consult them directly.