Privacy and security are our #1 priority.

At CardUP, we understand the sensitivity of user data and are committed to retaining the trust of the world's most innovative charities around the world.

This is how we keep your data safe.

Our priority is to use every measure at our disposal to safeguard data at every technical touchpoint, which we accomplish through a multifaceted approach focusing on technical optimization, user defined retention, and highly restrictive access.
Security infrastructure
Data encryption
Customized retention
Access management


All customer data is transferred securely using TLS v1.2 and above from CardUP webpages to the cloud. All requests are routed through Cloudflare which acts as a firewall. At rest, data is encrypted using AWS for databases and Cloudflare for object storage. Both AWS and Cloudflare use AES256 for disk encryption. Our IT infrastructure is 100% cloud-based.


When your device is connected to internet, data syncs to CardUP automatically, and all records are stored in CardUP's database. Backups are taken every day and stored off-site in either the AWS US-East-1 data center in Virginia, US-West-1 data center in California, or US-West-2 data center in Oregon. AWS oversees the physical security of these facilities.


CardUP stores your data indefinitely while you’re a customer. We can delete data upon explicit request. Customer data is available for download as a CSV file through the dashboard. Data can be anonymized, which removes all personally identifiable information from your Order Log, upon request. CardUP may retain customer data for up to 30 days after account closure.

Privacy Policy

We have a strict to respect the privacy of sensitive customer data: we will never sell your donor or o data, and we will not contact your donors or employees without explicit permission. Our support team will only access your account in the event of a technical support issue that requires real-time access.

Third-Party Applications

CardUP provides in-product admin controls and both user and object-level permissions, plus the ability to define which third-party applications are able to access your account. Additional protocols can be utilized to integrate with your CardUP account to further regulate access for all account-level access and user-access upon request.


We have made significant efforts to ensure we are in compliance with the General Data Protection Regulation (GDPR) and to help our customers comply with GDPR contractual obligations. To enter into CardUP's Data Processing Addendum (DPA), please contact to receive a copy for review and signature.

Status Dashboard

CardUP offers transparency into real-time and historicaland a 99.9% uptime commitment to our Enterprise customers. To view our Status Dashboard, visit

Business Continuity

CardUP's infrastructure investments provide daily backups, regional backups, and recovery procedures for restoring services in the event of unavoidable failures. We are committed to proactive optimizations.

System Infastructure

CardUP's information security team continuously implements new security controls and monitors CardUP for malicious activity across physical data centers, networks, and IT devices to ensure optimal security.

Supporting your compliance needs

We understand the impact that compliance requirements have on your business. That’s why we're committed to providing features that may help you with your compliance strategies, in addition to enhancing our own body of compliance certifications.
EU General Data Protection Regulation (GDPR)
Service Organization Controls (SOC)
Federal Information Security Modernization Act (FISMA)

Get a personalized demo.

Get in touch with us  to take a deeper dive into CardUP's security practices and philosophy. You can also learn more today by downloading our Trust and Security Whitepaper.
By clicking "Request Product Tour," I agree to the Terms of Use and Privacy Policy of CardUP. I also agree to receive emails, texts (carrier data/message rates may apply), and other promotional communications from CardUP. I understand I can opt-out of my subscriptions at any time.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Keep on exploring.

Be a part of what's next with our Product Roadmap.

Discover our Platform and it's capabilities.

Get a personalized consultation on our apps.