Grants

Information Security, Compliance, Risk Management, and Privacy

We follow best-in-class security practices to ensure your data stays safe, private, and compliant.

Protecting your data with industry-leading security and compliance.

At Groundswell, safeguarding your data is our top priority. We believe that security is not just about protection—it’s about accountability. While every team member plays a role in data protection, our Chief Information Security Officer (CISO) and Data Protection Officer (DPO) leads the charge, bringing deep expertise in security, privacy, and regulatory compliance. Under their leadership, we have built a comprehensive security and privacy program integrating advanced technical controls with rigorous governance, ensuring your data remains secure, private, and fully compliant with global standards.

Smarter Program Design

Our security framework is built on SOC 2 Type II compliance, verified through independent third-party audits. We leverage AWS’s secure infrastructure and industry-leading tools like AWS GuardDuty and Datadog for continuous monitoring and threat detection. Data is encrypted both at rest and in transit, and strict access controls ensure that only authorized personnel can handle sensitive information.

Governance and Oversight

Our security and privacy policies are regularly reviewed and updated to align with evolving threats and regulatory requirements, including GDPR, CCPA, and other global privacy laws. Our CISO/DPO provides quarterly updates to executive leadership and the board, ensuring continuous oversight of risk management and compliance efforts.

Risk Management and Incident Response

Groundswell employs a proactive, multi-layered risk management strategy that includes ongoing risk assessments, penetration testing, and vulnerability scanning. Our incident response plan is tested annually, ensuring swift and effective action during a security event.

Privacy Program

Our robust privacy framework is designed to protect user data, maintain compliance, and ensure transparency. We conduct regular data protection impact assessments (DPIAs) and enforce strict data retention and minimization policies. User consent management is a key component of our platform, ensuring data is handled clearly and with accountability.

A Commitment to Security and Privacy

By integrating best-in-class security measures, rigorous compliance protocols, and transparent governance, Groundswell provides a trusted and resilient environment for your data. Our team is dedicated to continuous improvement to stay ahead of emerging threats and evolving regulations so you can focus on what matters—your mission.

Compliance

SOC 2 Type I

SOC 2 Type II

GDPR

Trust Center

Access Groundswell’s Trust Center

Real-Time Impact

Charities shouldn't wait months for funds. We've reduced payment times to just 24 hours, so you can make an impact when it matters most.

Easy to Administer

Reduce your admin burden by up to 90% with admin-free payroll giving, automated donation matching, and easy volunteer management.

Access for Everyone

Bring equal access to your social impact programs and ensure every employee can contribute to the company’s mission.