We’ve re-branded from Legacy Leaders to Donor Compass. Learn more.

Skip to main content


Industry-Leading Security for Your Donor Data

Your nonprofit’s data security is of the utmost importance to us, which is why we take the highest measures to protect it. When your donors share their personal information with your organization, they are trusting you with sensitive data. And as technology continues to evolve, hackers are able to find new ways to commit cybercrime. Different methods like phishing and ransomware are highly effective and easy for retrieving valuable information. This is why we have implemented the highest levels of security for all of our products and services.

Donor Compass™ has a well-documented DRP in place which includes Disaster Recovery Procedures, Action/Process Checklists, Critical Network/Systems, and the functions they perform within the organization, Server/Network Configuration, Hardware Specifications, Testing Procedures, Troubleshooting Scenarios and the DRP results.


DC Analytics features:

HIPAA Compliant
HIPAA Compliant
DC Analytics is HIPAA compliant. HIPAA regulations require that all health industry data is protected and kept confidential.
HECVAT Compliant
HECVAT Compliant
DC Analytics meets HECVAT security protocols. The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a security-questionnaire template designed specifically to measure vendor risk for higher education institutions. We can provide HECVAT documentation for you.
SOC 2 Compliant
SOC 2 certified data center and call management
SOC 2 (Service Organization Controls) are based on five trust services criteria: security, availability, processing integrity, confidentiality, and privacy. This satisfies Logical and Physical Access Controls, and System Operations.
Firewall Protection and 24/7 Intrusion Monitoring

Firewall protection, real time alerts, 24/7 intrusion monitoring, and penetration testing

We offer 24/7 intrusion monitoring to alert us immediately of any potential threats, allowing us to confidently protect your data from malicious software. We perform Penetration tests twice a year. Penetration testing is a process that provides insight on gaps within our organization’s attack surface. Once discovered, these results help us determine methods for vulnerability management, remediation, and better practices.
Encryption at Rest on All Nodes
Encryption at rest on all nodes​
All of your donor data is encrypted on a physical server. This protects  your data from unauthorized access when the data drive is maliciously or unintentionally detached from the operating system.
Secure FTP Site
Secure FTP site for all data exchange
All data transfers are done through Citrix secure FTP site. Only authorized users can access files, and the files are secure when stored.


Our comprehensive security program incorporates application, data, and physical security.

Our web-based interface supports authentication standards and external authentication services. Our application supports integration with other authorization systems.

Donor Compass™ uses a dedicated physical host to store data and confidential information. Our entire data storage is encrypted and passwords have a second layer of encryption.

Our system is regularly audited and maintained according to SOC 2 compliance levels. Our systems are kept in secure data centers with physical backup.


Donor Compass™ prioritizes security as much as it does actionable knowledge. Partner with us to feel confident that your data is accurate and secure.

Do you want to learn more about how our industry-leading security measures can protect your donor data?

Get Started