Deep Dive Chapter 4: Security
Northwest Hospitality is not a direct collector of any of your most valuable personal data but we do collect and save some and utilize tools (like PayPal) that make use of more vital information. Your security and comfort are second only to our mission of thoughtful outreach to our homeless neighbors (it would be disingenuous for us to say that they come first because if that were the case we wouldn't store anything or use these tools that, it has to be said, do increase your risk of being exposed in one of these corporate data breaches we keep hearing about). In short, we accept a little security risk to achieve our goals.
With PayPal, it is likely that they have your information already because you may use them for other purposes. Either way, PayPal stores your address, email, and most importantly, your financial information like credit card numbers and/or bank accounts for making payments. If these are things you don't want to risk being discovered by bad actors (small risk but never negligible) then there are several ways to make donations to Northwest Hospitality without using PayPal and we are happy to work something out with you individually.
Airtable is an online database/spreadsheet tool that we have used to organize and manage our entire organization since day one. Airtable allows us to design shareable views which you can see on our website. Using this tool allows us to let you look up your donation history using your donor ID which protects all your personal information. The only information of yours we save in Airtable is your name, address, and donation history including volunteer hours and kit distributions.
PayPal and Airtable both take security extremely seriously or nobody would trust them. There are new regulations all companies doing business in Europe, including Airtable and PayPal, are being required to adapt to known as GDPR or General Data Protection Regulation. NWH is not required to adjust anything as all our donors are Washington based but we reached out to Airtable to ask them about how these new regulations are affecting them and their security in general. Here is their response:
Regarding GDPR, Airtable is currently undergoing GDPR compliance review and is on track to be compliant before the May 2018 deadline.
Maintaining the security and privacy of our customers' data is of our utmost concern at Airtable -- our success and credibility depend on it. All data you enter into Airtable remains yours, and we are committed to ensuring that your data is not seen by anyone who should not see it. Airtable's data is encrypted both when it is sent to and from our servers, as well as when it is at rest. To protect your content in transit, Airtable uses 256-bit SSL/TLS encryption. At rest, Airtable content is protected using 256-bit AES encryption.
The 256-bit SSL, TLS, and AES encryption standards are the same levels of encryption as used by banks.
Northwest Hospitality can't function without the tools we have set up on Airtable so if you aren't comfortable with their security then an anonymous cash donation may be the only way for you to donate to support our mission. You can always assemble and distribute hospitality kits though :) PayPal, on the other hand, is a useful tool but we can work around it if you'd like to remove that minor but not insignificant vulnerability.
We feel that it is important to do our best to stay on top of these things and understand them as best we can. Hopefully we have not discouraged any donors but if we feel that it's better to be transparent without support than to be dishonestly supported. As always, we're eager to answer any questions and thank you so much for your support!