Trust & security
Payments and data handled with care
Paddle-Up uses Stripe for card and bank payments, Google Firebase for sign-in and product analytics, and MongoDB as the primary application database—so responsibilities are clear: payments with Stripe, identity and usage telemetry with Firebase, and your fundraising data in MongoDB under our access controls.
Stripe-first payments
Card and ACH flows are processed by Stripe. Your Stripe Dashboard remains the system of record for payouts, refunds, and disputes. Paddle Up applies a transparent $0.15 platform fee per successful transaction for software access—detailed alongside Stripe's processing fees on our pricing page.
Firebase: authentication and analytics
We use Firebase Authentication so staff and volunteers can sign in securely with industry-standard identity flows. Firebase Analytics (Google) helps us understand how the product is used—so we can improve performance, fix issues, and prioritize features—subject to Google's policies and our configuration. See our Privacy Policy for how this fits with other data processing.
MongoDB application data
Campaigns, attendees, operational records, and related application data are stored in MongoDB. Access is restricted by application-level permissions and operational practices designed to keep each organization's data separated and protected. Payment card numbers are not stored in MongoDB—they are handled by Stripe.
Operational security expectations
We recommend standard nonprofit IT practices: role-based access for volunteers, unique logins for staff, and periodic access reviews after major events. Paddle-Up continues to harden application security as part of regular engineering work—request our latest security overview during procurement if your board requires it.
Questions from legal or finance
We are happy to answer security questionnaires or talk through how fees appear in Stripe reporting. Start the conversation on our contact page.
Review pricing anytime
Same product for every customer—no hidden tiers.