Generous1000™ Control Tower
Security & Privacy FAQ
Generous1000™ Control Tower is a proprietary AI system installed inside each client’s environment. It analyzes your nonprofit CRM to surface the most likely donor upgrade candidates. Additional customized, privacy-first features are available to help nonprofit leaders save time, focus attention, and act with more confidence.
Answers below to the questions nonprofits ask most about how their donor data is stored, protected, and used.
Where is my donor data stored?
All data is securely stored in the United States on Supabase's enterprise-grade PostgreSQL servers. Your data never leaves US data centers unless you explicitly request it. We use daily automated backups with point-in-time recovery to protect against loss.
Will Generous1000™ Control Tower sell my donor data?
Absolutely not. Your donor data is never sold, shared, rented, or transferred to external organizations. We don't broker data. Your nonprofit owns your donor relationships, and we help you manage them better. That's it.
How is my data encrypted?
Data is encrypted both in transit (TLS 1.2+) and at rest (AES-256). All API keys and sensitive credentials are stored as secrets, never exposed in code or the browser. Only your nonprofit's staff can access your organization's data.
What happens if there's a security breach?
We have a 24-hour breach notification policy. If a breach occurs, we'll contact your organization immediately with a detailed incident report and next steps. We maintain audit logs of all data access to minimize risk.
How does Generous1000™ Control Tower use AI with my donor data?
Generous1000™ Control Tower's AI agents scan your data and suggest actions. They never act alone. You, the nonprofit, always make the final decision. AI recommendations are transparent and explainable, so you can see the data and logic behind each suggestion. No autonomous actions on sensitive donor information.
What consent do you need from donors?
Your nonprofit controls consent and privacy decisions. Generous1000™ Control Tower supports opt-out mechanisms and helps you honor donor preferences. We recommend maintaining clear privacy policies so donors know how you use their data, including AI-assisted recommendations.
Can a donor ask to have their data deleted?
Yes. Generous1000™ Control Tower includes admin tools for your nonprofit to remove donors from communications or delete data upon request. These requests can come from donors directly or be part of your privacy practice.
Is Generous1000™ Control Tower compliant with fundraising standards?
Yes. Generous1000™ Control Tower is built to align with the Fundraising.AI Framework (10 pillars including privacy, security, data ethics, and transparency) and the AFP (Association of Fundraising Professionals) Donor Bill of Rights. We're working toward SOC 2 Type II certification (expected Q3 2026).
Who can access my nonprofit's data?
Only staff members in your nonprofit with approved access can see your data. Generous1000™ Control Tower uses role-based access control, so you can decide who sees what (Executive Director, Development Director, Finance Manager, and so on). Every access is logged.
What if I have a security or privacy concern?
Read more about our security and privacy practices. Contact us anytime. Security and privacy questions are prioritized. Reach out to Kathleen Banks (kathleen@advancementdigital.com) for immediate assistance.