In this post, we want to share a little bit about the Customer Relationship
Management (CRM) software, CiviCRM, that we use to store
donation records and donor information. We hope this offers you confidence in
how your personal data is handled and secured whenever you make a donation.
At the Tor Project, transparency for a privacy project is not a contradiction:
privacy is about choice, and we choose to be transparent in order to build trust
and a stronger community. This is how we operate in all aspects of our work: we
show you all of our projects, in source
code, and in periodic project and team
reports, and in
collaborations with
researchers
who help assess and improve Tor. Transparency also means being clear about our
values, promises, and priorities as laid out in our social
contract.
Why CiviCRM
Since 2013, the Tor Project has been using CiviCRM as part of our stack to
accept donations, manage donor profiles, and facilitate donor communications. As
the only true open source CRM, CiviCRM and the Tor Project share a commitment to
open and transparent technology. Choosing open source technology like CiviCRM
allows us to fully control our systems and securely handle your personal
information. This approach minimizes the risk of a system hack and prevents
third-parties from accessing your data.
We integrate CiviCRM with our self-hosted Drupal CMS, providing a robust and
flexible platform for managing donor data. Our servers run Debian GNU/Linux and
are protected using multiple layers of authentication. To reduce exposure of the
CiviCRM API as much as possible, the donation web front-end only communicates
with the CiviCRM back-end using a custom Redis key-value store via an encrypted
tunnel, instead of connecting to the API directly over the Internet.
As an open source organization, we’re committed to collaborating with the
CiviCRM community to improve open source tools like CiviCRM, making it more
effective and user-friendly for everyone. Our collaboration with the community
has led to several notable improvements, including:
- CiviCRM Standalone: We expressed interest in running CiviCRM without a
CMS, which motivated the project to prioritize this feature and make it a key
part of CiviCRM 6.0. - Flexible Premiums: We contributed patches to allow perk options to have
flexible key/value, making it easier to track items like T-shirt
sizes. - Usability Enhancements: We provide regular feedback on the usability of
CiviCRM, resulting in small but significant improvements. For example, a small
change to the “View
Contribution” page helps
improve user experience.
By actively participating in the development of open source technology, we’ve
ensured that our needs are addressed and that the platform continues to evolve
to meet the demands of users like us. This collaborative approach has allowed us
to shape the future of CiviCRM, making it a more effective and user-friendly
technology.
Your privacy as a Tor donor
First and foremost, we do not publish, sell, trade, or rent any information
about you. The data we collect is used for three main purposes: keeping in touch
with you as a donor, making budgets and reconciling our bank accounts, and
reporting necessary information for tax purposes.
For our records, we retain your name, the amount of your donation, the date of
the donation, and your contact information. Access to that information is
restricted inside the Tor Project to people who need it to do their work, for
example by thanking you, sending a receipt, or mailing you a t-shirt. You can
always contact us to view, change, or delete any information we may have stored
in relation to a past donation.
If you use third-party service providers such as PayPal or a cryptocurrency
exchange to make your donation, unfortunately, the Tor Project has very little
influence over how these service providers may collect and use your information.
We recommend you familiarize yourself with their
policies, especially
if you have privacy concerns.
Completely anonymous donations are also possible, like by sending a money order
or gift card via postal mail, or via cryptocurrency if you have it set up in a
way that preserves your anonymity. There are probably other ways to donate
anonymously that we haven’t thought of—maybe you will.
Our commitment to maintain the privacy of our supporters is key to our mission.
Your hard-earned money and choice to invest in the Tor Project is of utmost
importance to us and we appreciate your trust. We will never publicly identify
you as a donor without your permission. You can read more about our donor
privacy policy here.
Your impact
We, as a Tor community, fight every day for everyone to have private access to
an uncensored internet, and Tor has become the world’s strongest tool for
privacy and freedom online.
But Tor is more than just a technology. It is a labor of love produced by an
international community of people devoted to human rights. The Tor Project is
deeply committed to transparency and the safety of its users.
We are proud to have a Four-Star
Charity rating from Charity
Navigator, and have been awarded Candid’s Platinum Seal of
Transparency.
This demonstrates the Tor Project’s commitment to openness and honesty in how
the organization manages its finances and uses your investment for a greater
impact. If you have not done so this year, please consider making a donation
today. Your donation is in good hands and goes a long way.
