Skip to content
English
Sign in
Raise an urgent issue (out of office hours)
  • There are no suggestions because the search field is empty.

How Financial Transactions are Secured on Trellis

Learn how Trellis keeps every transaction safe, compliant, and trusted by nonprofits.

1. PCI Level-1 Payment Processor 

We partner with Stripe, a global leader in online payments, to manage all credit-card and bank-account transactions. Stripe is audited by PCI-certified auditors and is certified as a PCI Service Provider Level 1 — the highest level of certification in the payments industry. (Learn more about Stripe security)

2. Encryption & Secure Transmission

Every time a donor enters payment details on your fundraiser page, the connection is secured using TLS/SSL encryption. All data in transit is encrypted, and any sensitive information handled by Stripe is encrypted at rest using AES-256 encryption.

In short: what your donor types, what we transmit, and what the payment processor stores — all follow industry-standard protections.

4. Transaction Verification & Payment Safety

Before a payment is approved, Stripe uses built-in verification tools to confirm the card is valid and belongs to the donor:

  • CVV validation — the card’s security code must match the issuer’s records.

  • AVS (Address Verification Service) — the donor’s billing zip or postal code must match what the card issuer has on file.

These checks help reduce the chance of unauthorized or fraudulent card use while keeping the donation process simple for legitimate donors.

3. Minimal Storage of Sensitive Data

Trellis does not collect, process or store full credit-card numbers or bank-account credentials. Instead:

  • Payment card data is tokenized and handled by Stripe.

  • Trellis stores only the minimal metadata required for your financial and donor-reporting needs.

  • Because Trellis doesn’t collect, process or store payment details, your organization’s liability in that area is reduced.

4. Transparency & Your Role in Security

Trellis provides the platform and infrastructure, but your organization also has responsibilities. To maximize security:

  • Ensure your Trellis admin accounts use strong, unique passwords and enable MFA via Google Oauth when available.

  • Limit the number of users with refund or payout-management permissions.

  • Regularly reconcile your payouts and transaction reports to catch anything unexpected early.

  • Keep your systems (admin computers, networks) up to date and secured behind appropriate firewalls/antivirus.

Need Help?

If you have questions or need assistance, reach out to our Product Engagement Team via the blue chat icon or email support@trellis.org.