Built secure from the ground up
CauseHub is built for Canadian nonprofits that handle sensitive donor, volunteer, and participant data every day. Security and regulatory compliance aren't add-ons — they're woven into the architecture.
Multi-Tenant Data Isolation
Every organization on CauseHub is completely walled off from every other. Your donors, volunteers, members, and financials are invisible to anyone outside your organization.
Company-Based Isolation
Each nonprofit is a separate Odoo company. Every database query is filtered at the ORM level by company_id — it's impossible for Organization A to accidentally see Organization B's data.
Record Rules Enforcement
Odoo record rules enforce isolation at the data layer. Even if someone tries to manipulate URLs or API calls, the ORM will not return records outside their company scope.
Role-Based Access Control
Six distinct security roles — from MSP admin down to portal donor — with granular permissions. Vendor admins are automatically blocked from financial data. Portal users see only their own records.
Per-Tenant Websites
Each organization gets its own website via Odoo's multi-website architecture. Domain-based routing ensures visitors always see the correct organization's public content.
Encryption & Infrastructure
Sensitive data is encrypted at rest and in transit. The platform runs on Odoo.sh, Odoo's managed cloud infrastructure with enterprise-grade security controls.
TLS 1.2+ Everywhere
All data in transit is encrypted using TLS 1.2 or higher. Every connection — browser, API, webhook — is secured with HTTPS.
SIN/BN Field Encryption
Social Insurance Numbers and Business Numbers are AES-256 encrypted at the field level. Portal display shows only the last 3 digits. Full values are accessible only to authorized finance roles.
Odoo.sh Hosting
Hosted on Odoo.sh with automated backups, staging environments, and one-click rollback. Infrastructure runs on European-managed cloud servers with SOC 2 compliance.
Portal-Only Architecture
Tenant users never access the Odoo backend. All operations flow through purpose-built portal interfaces with server-side validation. Only MSP administrators can access backend admin screens.
Canadian Regulatory Compliance
Purpose-built for the Canadian nonprofit regulatory landscape. Every compliance feature maps directly to federal and provincial requirements.
| Regulation | Requirement | How CauseHub Handles It |
|---|---|---|
| PIPEDA | Consent tracking, data portability, right to deletion | Every contact tracks PIPEDA consent type (implied/express), date, source, and IP. Data Export Wizard provides machine-readable exports. Data Deletion Wizard removes all tenant data while preserving CRA-mandated records. |
| CASL | Express/implied consent for commercial messages, 2-year expiry | Separate CASL marketing consent field with implied/express distinction. Implied consent auto-expires after 2 years. Consent source and date logged for audit. |
| CRA | Tax receipts with 13 mandatory fields, 6-year retention, T4A slips | Donation receipts include all 13 CRA-required fields. BN validation. T4A slips for resident contractors ($500+), T4A-NR for non-residents. 6-year data retention enforced. |
| IRCC / iCare | Settlement services reporting in iCare XML format | UCI, FOSS/GCMS, and immigration status tracking. iCare-compatible export for IRCC reporting. Available to settlement service organizations. |
| ASNPO | Fund accounting with restricted/unrestricted fund tracking | Full fund accounting module with restricted, unrestricted, and endowment fund types. Deferred revenue recognition. T3010 expense categorization (Lines 5000/5010/5020). |
| AODA / WCAG | Web content accessibility for Ontario organizations | ARIA attributes and semantic roles throughout portal templates. Keyboard navigation support. Screen reader-compatible form labels and error messages. Ongoing improvements toward WCAG 2.1 AA. |
Your Data Rights
You own your data. We provide the tools to export, manage, and delete it on your terms — not ours.
Full Data Export
Export all of your organization's data at any time through the built-in Data Export Wizard. Exports are delivered in standard, machine-readable formats that can be imported into other systems.
Right to Deletion
Request complete deletion through the Data Deletion Wizard. All records are permanently removed, with the exception of CRA-mandated retention items (tax receipts and T4A slips retained for 6 years).
Consent Management
Both PIPEDA and CASL consent are tracked per individual with full audit trails. Constituents can withdraw consent through their self-service portal. Staff can manage consent centrally.
Transparent Audit Logs
Every consent change, data modification, and administrative action is logged. Org admins can review their organization's audit trail. Logs include who, what, when, and from where.
Questions about security or compliance?
We're happy to discuss our security practices in detail. Reach out to our team.
Contact Usor email security@causehub.ca