For GivingFor NonprofitsFor AdvisorsPricingAbout
Contact Us →

Security

Last Updated: February 25, 2026

Our Commitment

At Daffodil, protecting your data is a foundational responsibility. We build our platform on enterprise-grade infrastructure and adopt security best practices throughout our systems — from how we store your information to how we handle payments. This page describes the key measures we take to keep your data safe.

Infrastructure

Daffodil is hosted on industry-leading cloud infrastructure providers that maintain their own rigorous security certifications and physical controls. Our systems benefit from:

  • Globally distributed, redundant data centers with physical access controls
  • Continuous monitoring and automated threat detection
  • Regular infrastructure updates and security patches
  • Network-level firewalls and traffic isolation between environments

Data Encryption

Your data is encrypted both in transit and at rest:

  • In transit: All data exchanged between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all of our services.
  • At rest: Data stored in our databases is encrypted at rest using AES-256 encryption, a standard used across the financial services and healthcare industries.

Payment Security

Daffodil never stores payment credentials — including credit card numbers, bank account details, or other sensitive payment information — on our systems. All payment processing is handled by PCI-compliant third-party payment processors. These processors are independently audited and certified to handle sensitive financial data securely.

When you provide payment information on Daffodil, it is transmitted directly to our payment processor via encrypted channels and tokenized before any reference is stored on our platform.

Access Controls

We apply the principle of least privilege across our internal systems. This means:

  • Employees are granted only the access necessary to perform their role
  • Access to production systems and sensitive data is tightly restricted and logged
  • We use multi-factor authentication (MFA) for internal system access
  • Access permissions are reviewed regularly and revoked promptly when no longer needed

Authentication

User authentication on the Daffodil platform is handled through a secure authentication provider. Sessions are managed with time-limited tokens, and we support multi-factor authentication for user accounts. Passwords are never stored in plaintext — they are hashed using modern, industry-standard algorithms.

Personal Information

We take the protection of personally identifiable information (PII) seriously. The technical controls described on this page — encryption, access restrictions, and secure infrastructure — apply to all personal data we hold. For details on what information we collect, how we use it, and your rights as a user, please refer to our Privacy Policy and Terms of Service.

Responsible Disclosure

If you believe you have discovered a security vulnerability in our platform, we ask that you report it to us responsibly. Please contact us at hello@getdaffodil.com with a description of the issue and steps to reproduce it. We will acknowledge your report promptly and work to address confirmed vulnerabilities in a timely manner.

We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate it.

Questions

If you have questions about our security practices, please reach out to us at hello@getdaffodil.com.