A high-level overview of how Avid protects your donor data—covering encryption, compliance, data access, and privacy. For detailed answers, see the linked articles below.
What this article covers
This article gives you a broad view of Avid's security posture. It is not a deep dive into every policy. For specific questions, refer to the Avid Trust Center and Data Security and Compliance: Common Questions.
Why security matters in fundraising
Your donors share personal and financial information with you. Protecting that data is essential to maintaining their trust. Avid treats data security as a foundational requirement, not an afterthought. Every feature, integration, and data flow is designed with protection in mind.
How Avid protects your data
Encryption at every stage
Avid encrypts data both in transit and at rest. When data moves between your systems and Avid, it travels over encrypted connections. When stored, it remains encrypted on Avid's servers. This applies to CRM syncs, SFTP uploads, and integrations with email and advertising platforms.
SOC 2 Type II compliance
Avid holds SOC 2 Type II certification. This means an independent auditor has verified that Avid's security controls are designed effectively and operate consistently over time. SOC 2 covers areas including access controls, data isolation, incident response, and change management. You can view the current compliance status in the Trust Center.
Client data isolation
Your data is stored separately from every other organization on the platform. No other Avid user can access your donor records, transaction history, or campaign data. This isolation is enforced as part of the SOC 2 compliance framework.
Responsible AI practices
Avid does not send your constituent data to external AI models. When AI features explain charts or surface insights, only high-level aggregate summaries are used. No personally identifiable information, individual donor records, or organization names are included. Avid has also committed to the Responsible and Beneficial AI for Fundraising framework from Fundraising.AI.
What data Avid accesses from your connected systems
The data Avid works with depends on what you choose to provide and which integrations you use—typically donor information and transaction history. You control what you share; limiting data may limit some features. For the full breakdown, see Data Security and Compliance: Common Questions.
How data leaves Avid
When Avid syncs data to third-party platforms you have connected (such as advertising or email systems), it applies protections before anything is transmitted:
- Hashing – Identifiable information (email addresses, phone numbers) is converted into irreversible encrypted strings before it leaves Avid. Third-party platforms use these hashes for secure matching only.
- Anonymization – Benchmark data is aggregated and stripped of identifying details. No organization or donor can be traced.
- Authorization – Data is only sent to platforms you have explicitly connected and approved.
For details on how Census (Avid's sync partner) handles data, see Data Security and Compliance: Common Questions.
GDPR considerations
Avid is SOC 2 Type II compliant but is not GDPR certified and does not enter into GDPR-based DPAs or SCCs. Organizations subject to GDPR can still use Avid—see Data Security and Compliance: Common Questions for how, and consult your legal counsel.
Data retention
Retention varies by destination: platforms that receive synced data apply their own retention and matching policies. For authoritative details on what Avid retains and for how long, review the Avid Trust Center and the destination's data policies.
Where to learn more
This article is an overview. For authoritative, detailed information:
- Avid Trust Center – Real-time compliance status, security documentation, and policy details.
- Data Security and Compliance: Common Questions – Detailed answers on hashing, AI data usage, SFTP security, third-party data handling, and more.
Key terms
- SOC 2 Type II – An independent audit standard that verifies an organization's security controls are effective over time.
- Encryption in transit – Data is protected while moving between systems.
- Encryption at rest – Data is protected while stored on servers.
- Hashing – A one-way mathematical process that converts identifiable data into an irreversible string. Cannot be decoded.
- Data isolation – Each organization's data is stored separately and is inaccessible to other users.
Related
- Avid Trust Center – Security, privacy, and compliance documentation.
- Data Security and Compliance: Common Questions – Detailed FAQ covering donor data, AI, hashing, SFTP, GDPR, and more.
- Avid Trust Center (Help Center article) – Quick link to the Trust Center.