FAQ
The most-asked questions about Cause Shield — fraud detection on donation forms, fundraising-platform integrations, donor PII handling, plan pricing, and how the AI classifier works. If your question isn’t here, get in touch.
Cause Shield monitors donation infrastructure end-to-end. Every Stripe donation is scored for fraud in real time by an AI classifier with the donor's preceding 2-hour transaction history as context; high and critical risk transactions trigger email, Slack, or Microsoft Teams alerts within seconds. Recurring renewals get re-scored on every invoice — the dominant blind spot for friendly-fraud chargebacks that Stripe Radar alone misses.
Most nonprofits use Stripe Radar, which only ML-scores the first charge of a subscription. Cause Shield re-scores every recurring renewal with subscription history, surfaces card-testing patterns Radar misses (free-mail domains with high-entropy local-parts, small-round-amount velocity), and explains every flag in plain English instead of returning a black-box score. It runs alongside Radar, not as a replacement.
Card-testing usually looks like 3+ failed donation attempts in under an hour from the same card BIN, IP address, or fingerprint, with decline codes like incorrect_cvc, do_not_honor, or card_velocity_exceeded. Cause Shield watches the Stripe payment_intent.payment_failed event stream, runs a velocity check across card BIN and IP, and escalates to a critical alert at the 3-failure threshold so you can block the form before the attacker tests hundreds of stolen cards.
No. Cause Shield never receives the PAN or any card data that would put us in PCI DSS scope. The payment processor (Stripe) remains the system of record; Cause Shield sees only the metadata Stripe exposes — amount, country, card BIN, brand, fingerprint.
Yes. Cause Shield ships a smart webhook receiver that accepts payloads from any fundraising platform. The AI classifier identifies donor identity, event type, amount, and risk signals regardless of the platform's field names — Funraisin's d_email vs m_email donor-vs-fundraiser distinction is handled correctly, Raisely's nested data.data.user payloads are parsed correctly, Classy's member-as-donor convention is recognised. Setup is one webhook URL pasted into your platform's integration settings.
Donor email and name from the smart-webhook receiver are SHA-256 hashed with a per-organisation pepper before storage. The stored payload has those fields redacted to sentinel strings on disk. Donations received via Stripe carry plaintext donor email so flagged transactions can be reviewed; that email is stored only in the customer's own account. Customers can switch to "masked" mode at any time, which hides plaintext identifiers from the UI and from AI-generated supporter summaries.
Cause Shield uses GDPR Article 28 aligned pre-flow contractual language in its DPA, names Anthropic as a sub-processor with explicit consent language, incorporates the EU Standard Contractual Clauses by reference, and supports a 72-hour breach notification SLA. Australian customers are covered under equivalent terms; Privacy Act 1988 alignment is documented in the same DPA.
Cause Shield's monthly automated WCAG 2.2 AA accessibility scan is included in the Partner plan (A$249/month) at no extra charge. The scan runs axe-core against your donation page, identifies WCAG failures, prioritises them, and writes up remediation guidance in plain English suitable for a non-developer to action. A downloadable PDF report is available for board / compliance use.
Yes — this is called an absence alert, available on the Growth plan and above. Configure a rule like "alert me when I don't receive at least 1 registration in a 15-minute block between 9am and 5pm on weekdays" and Cause Shield will email, Slack, or Teams you the moment expected activity disappears. Catches broken donation forms, payment-gateway hiccups, and underperforming campaigns before they cost a day of giving. A 24-hour grace period after rule creation prevents new rules from immediately firing, and a configurable cooldown stops a continuous outage from spamming the same alert every window.
Yes — Slack and Microsoft Teams alert delivery is included in the Growth plan (A$99/month) and above. Configure a Slack incoming-webhook URL or a Microsoft Teams Workflow URL in Settings → Notifications. High and critical fraud alerts post to the configured channel alongside the standard email alert, and a "Test" button sends a synthetic alert so you can verify routing before any real event fires.
Starter is A$49/month (1 website, fraud flagging only, 2,000 AI fraud analyses/month). Growth is A$99/month (3 websites, Supporter Pulse churn-risk scoring, weekly digests, Slack/Teams alerts, uptime monitoring, 10,000 AI fraud analyses/month). Partner is A$249/month (unlimited websites, Supporter Trails, smart webhook receiver, monthly security and accessibility scans, 50,000 fraud analyses + 150,000 webhook event classifications/month). Enterprise is custom (SAML SSO, white-label, audit-log retention controls, unmetered AI). Every plan includes a 14-day free trial. If you exceed your monthly AI allowance, monitoring continues on a deterministic fallback at no extra charge and AI scoring resumes on the next billing period or via a one-time top-up pack.
One AI fraud analysis is a single call to Anthropic's Claude API to score one Stripe donation event with surrounding 2-hour transaction history. It returns a risk level (low/medium/high/critical), a 0–100 score, a list of specific concern flags, and a plain-English explanation. Each plan includes a monthly allowance: Starter 2,000, Growth 10,000, Partner 50,000, Enterprise unmetered. Partner adds a separate 150,000/month allowance for smart-webhook event classifications, which cover donations, registrations, refunds, disputes, subscription events, and every other event your fundraising platform sends — not just donations.
Monitoring never stops. When your allowance is exhausted, Cause Shield falls back to a deterministic rule-based classifier that still catches card-testing patterns, round-number amount anomalies, and velocity spikes — at no extra charge. AI-quality reasoning resumes automatically when your next billing period begins, or immediately if you buy a one-time top-up pack from your dashboard. You'll get warning emails at 70%, 90%, and 100% of your allowance so there are no surprises. Enterprise plans are unmetered and do not hit this boundary.
Yes — at sign-up you choose where your donor data lives. Three regions today: AWS us-east-1 (Virginia, United States), AWS eu-west-1 (Dublin, Ireland — for EU and UK customers; the EU↔UK mutual adequacy decisions mean Irish hosting satisfies UK GDPR), and AWS ap-southeast-2 (Sydney, Australia). All your customer-side data (transactions, supporters, webhook events, donor identity hashes) lives entirely in your chosen region's Supabase project, with at-rest AES-256 encryption and per-organisation Row Level Security. Cause Shield's own operational data (support tickets, internal admin) stays in us-east-1 regardless. Three sub-processors (Anthropic for AI inference, Clerk for auth, Resend for email) remain US-hosted and are disclosed in our DPA under Standard Contractual Clauses. Region is permanent at sign-up; contact billing@causeshield.com if you need to migrate later.
Supporter Trails is a per-supporter view that threads together donations from Stripe, event registrations and peer-to-peer fundraising from your fundraising platform, and (if you enable the tracking snippet) identified site visits. Each supporter row shows lifetime giving, recurring status, engagement history, and a churn-risk score called Supporter Pulse. Trails is included in the Partner plan.
Atlas is automatic cohort discovery across your whole supporter base — the "Trails for groups" view. Every day it surveys your supporters and surfaces nine dimensions of cohorts: recurring vs lapsed, lifetime gift bands, engagement intensity, channel mix, recency, risk history, age band, state, and country — plus an open-ended set of "discovered" attributes Atlas finds in your fundraising-platform webhook payloads (employer, gift designation, household, anything else). For Funraisin / Raisely / Classy we ship hard-coded field paths; for any other platform a weekly AI pass learns where the demographic fields live and caches them, so subsequent ingest is free. Today's numbers refresh nightly, while the period-over-period deltas stay anchored to your supporter base 7 days ago. Whatever cohort changed the most is also spotlighted in your daily digest. Atlas is included on the Partner plan; Enterprise plans get unmetered cohort generation.
Yes. Type the rule you want — for example "alert me when an anonymous donation lands over $5,000" or "ping me if a registration has no email" — and Cause Shield compiles it against a real payload sample once at save time. After that, evaluation is deterministic on every incoming event with zero ongoing AI cost. Compiled rules are available on every plan. A second mode, Live AI rules, keeps the prompt as the question and asks the AI per event — used for semantic conditions like "does this message sound aggressive" and metered against the webhook event allowance on Partner and above.
Yes — Cause Shield supports third-party Stripe Connect (the agency model). From your dashboard, send an invitation to the Stripe owner; they get an email with a magic link that authorises Cause Shield to monitor their Stripe account without creating a Cause Shield user. They receive a confirmation email with a one-click disconnect link they can use any time without a password. Fraud alerts route to you; the Stripe owner only ever gets connection-state notifications. Available on Partner and Enterprise plans.
Yes — uptime monitoring captures the response time of every ping and surfaces it as average page load, p50, p95, and p99 percentiles on the website's uptime tab. The daily digest calls out sites whose p95 exceeded 2 seconds or shifted by ±250ms versus the prior 24 hours. Available wherever uptime monitoring is — Growth, Partner, and Enterprise plans.
Every donation event is sent to Anthropic's Claude API with the surrounding 2-hour transaction history. The classifier returns a risk level (low/medium/high/critical), a 0-100 risk score, a list of specific concern flags (e.g. "card_testing_pattern", "country_mismatch"), and a plain-English reasoning string suitable for a non-technical finance manager. Anthropic does not train on customer API inputs or outputs; API logs are retained for 30 days for trust-and-safety review.
Cause Shield works with any fundraising platform that supports outbound webhooks — Funraisin, Raisely, Classy, GiveWP, Donorbox, custom CRMs. The smart webhook receiver auto-classifies inbound payloads using an AI classifier, so no per-platform configuration is required. We publish per-platform integration guides for the most common platforms; a generic webhook setup works for the rest.
No — Cause Shield is read-only on the payment path by design. We surface flagged donations in your dashboard and alert your team via email, Slack, or Teams; decisions to refund, dispute, or block a future donor still happen in your Stripe dashboard or fundraising-platform admin. The "human in the loop on every block" pattern is what keeps us out of compliance scope and avoids false-positive refunds of legitimate donors.
Stripe Radar scores the first charge of every transaction and is excellent at one-off fraud detection. Cause Shield runs on top of Radar and adds: (a) re-scoring every recurring donation invoice, (b) per-platform context from your fundraising tool (donor pages, event registrations, P2P), (c) plain-English reasoning instead of black-box scores, (d) supporter-level aggregates so you can see whether a recurring donor is at risk of lapsing, and (e) monthly accessibility and security scans of the donation page itself.