I'd love feedback on this project - it's been a labor of love for a year trying to find the best charities in the bay area and making it easy for anyone to donate what they can without a lot of effort. Thanks!
I may be overly critical here, but I don't think it is completely right to say in your FAQ that you don't store credentials "which means your sensitive information is safe and secure!" Sure, you don't store them. However you still ask for them and then have someone else store them on your behalf. That still leaves end users vulnerable to the exact same problems. The user could still experience issues specifically because they used your service. They wouldn't really care who is actually responsible if that were to happen, only that it was caused by using Give A Dime.
You are responsible for your partners. Saying you won't do something isn't completely honest if you turn around and outsource that exact same activity to a partner.
I'm not sure on the exact phrasing. It can either mention Plaid by name or some complementary descriptor about "banking level security". It just shouldn't say credentials aren't being stored when they are being stored by a partner.
I would rather shut the company down than inspect and store bank transactions. Risk of lawsuit is also a pretty good deterrent, since lawyers are expensive.
I like it. I was [almost] an Acorns user because I dig the model of simple round-ups, but am too impatient to wait for small change to make a difference in my personal savings alone. To that note, I know pennies go a long way especially when combined with others to who needs them.
Feedback: Let users pick their own charities. I can tell by your FAQ you want to curate but people need to know their efforts are going to what they care about. I have personal experience with exactly this on a current startup, email me [in profile] if you want to chat more on it.
Congrats on launching something that matters to you!
Yes - this is definitely a big philosophical discussion we are having.
(Time for some sausage making)
in California it is actually illegal for us to give money to a charity without having a signed contract in place (this is to protect consumers and guarantee that the money we promise is actually going to charities). This puts a bit of a hamper on enabling donations to all charities. We've opted for curated charities to keep compliant and also to help those new to charity donating make a big impact immediately.
With that said, we want to expand the number of charities we support and would love to hear about great charities!
Hm, I'd love to hear more about the illegal thing you cited. My startup lets everyone choose, all we require is an EIN and there's no paperwork, and it's all been approved by my legal.
I've been through some various business types in the space, the worst was a registered Commercial Fundraiser where yes I had to setup bonds and the fees were ridiculous with individual filing between charity and state. But for you (and me actually) it doesn't seem as big of a deal until it hits scale. If you're referring to registrations for "Charitable Solicitation", we've been through that too. I quickly asked my legal and he responded with: as long as you're not specifically targeting persons in any state nor do you supply names and contact info for donors to the charities so they can't send thank you notes it's not an issue. YMMV and don't hold me to that, but it may not be a big issue for you and open up a new avenue.
Server costs will certainly go down as Give A Dime reaches scale, but will always be necessary per user to account for bank transaction requests and other services. I will update the FAQ to be more clear on how we use this fee. We also intend to use those funds to continue growing and vetting charities in other communities.
We asked a lawyer if we could be classified as a 501c3, but it didn't seem possible given what we do :-/. Instead, we're looking to be classified as a B-Corp in the future.
Are you storing bank credentials?
Since you posted on HN:
Besides the marketing fluff "state of the art encryption" what are you actually doing to ensure my credentials are secure?
What prevents you from updating your TOS to be more ominous and adding a clause buried that allows you to inspect & store our bank transactions?