⚠️ DESIGN DRAFT v2 -For approval only. Open wireframe.html in your browser. Share feedback before we build the real site.

Data and Compliance
Infrastructure for
Grantmakers

Givalgo delivers structured, real-time nonprofit data - financial records, compliance signals, and organizational intelligence - through enterprise-grade APIs trusted by Donor-Advised Funds, Foundations, and Grant Management Platforms.

Get API Access →
20K
Records / API call
550+
Hours saved / year
Nightly
Data refresh
api.givalgo.ai  ·  v1
# Verify any nonprofit -one API call GET api.givalgo.ai/v1/verify    ?ein=13-1641750 x-api-key: gvlg_live_••••••••
↳ Response · 87ms
name"American Red Cross"
statusELIGIBLE
pub78_listedtrue
revokedfalse
ofac_org_screenCLEAR
ofac_leadershipCLEAR
leaders_screened14 officers
⚡ The only API that screens charity leadership against sanctions lists
Designed for teams at
DAF Sponsors
Community Foundations
Private Foundations
Grant Management Software
Workplace Giving Platforms
Retail Fundraising Platforms
The Problem

Nonprofit data is fragmented, incomplete, and expensive

Grantmakers waste thousands of hours every year stitching together government data from siloed sources. The few APIs that exist are archaic, expensive, and don't screen for what matters most.

📄

IRS data is raw and unstructured

Form 990s are published as millions of raw XML files. No structure, no search, no API. Extracting actionable financial data requires months of engineering work that most teams simply don't have.

⏱️

Manual verification takes hours

Checking active status, sanctions, revocation lists, and Pub 78 eligibility means juggling four separate web pages and running searches. Many grantmakers still do this manually, with charity leadership screening being the most time-consuming.

💸

Existing APIs are archaic and expensive

The legacy data providers in this space were built decades ago. Their data is often stale and incomplete, their APIs are clunky, and their pricing was designed for legacy institutions - not modern grantmakers and SaaS platforms.

Our Solutions

One platform. Complete nonprofit intelligence.

From raw IRS XML to structured API responses to approvals/ flags in milliseconds.
Givalgo is the intelligence layer your platform has been waiting for.

Backed by
Blackbaud
Social Good Startup Program
🛡️

CharityVerify

Real-time compliance verification engine

Instantly verify any nonprofit's standing with a single API call. We run a 6-step verification - active IRS status, Pub 78 eligibility, group exemption check, IRS revocation, org OFAC sanction screening, and leadership screening -in under 100ms.

  • Active 501(c)(3) status & Pub 78 eligibility
  • IRS auto-revocation & group exemption traversal
  • Screen charity officers & directors against OFAC SDN + Consolidated lists
  • Fuzzy matching catches misspellings & name variations
  • 1.9M+ organizations · 4.5M+ records · nightly refresh
⚡ Only platform that screens charity leadership, not just the org name
View API docs →
📊

Form 990 Intelligence API

Structured financial, governance and programmatic data at API speed

We parse every IRS Form 990, 990-EZ, and 990-PF filing -transforming raw XML into clean, structured JSON. Query financials, governance, compensation, grants, and program data for any nonprofit by EIN.

  • Revenue, expenses, assets & computed financial ratios
  • Officer compensation & board composition
  • Grant recipients and program descriptions
  • Governance, policies and board compositions
  • Multi-year historical data with trend signals
📊 Structured financial, governance and programmatic data across all IRS 990 filings
Get early access →

FaithVerify

Denomination & religious organization verification

The only structured database of religious organizations that can accept tax-deductible donations. AI agents scan denominational databases and official websites to confirm legitimacy and affiliation.

  • Instant status verification of over 90% American churches
  • IRS group exemption mapping & hierarchy data
  • AI agents verify against official denominational registers
  • Active congregation status & affiliation confirmation
  • Built for DAFs, community foundations, and workplace giving platforms
🤖 AI agents scan denominational directories and church websites to verify 501(c)(3) equivalency.
Get early access →
1.9M+
Nonprofits Verified
25M+
Charity Leaders Screened
1.3B+
Structured Data Points
<100ms
Avg. API Response Time
How It Works

From EIN to full verification in seconds

1

Get your API key

Sign up and choose your product/ tier. Receive credentials instantly and integrate in minutes with our REST API.

2

Send an EIN query

GET /v1/verify?ein=
Pass any nonprofit's EIN. Batch queries and webhooks supported.

3

Get structured intelligence

Receive a verified status, financial ratios, governance flags, and OFAC screening results -including all charity leaders -in one response.

4

Stay current automatically

Our pipeline refreshes nightly from 6 IRS sources via Lambda. Subscribe to webhooks for real-time change alerts.

Use Cases

Built for the teams that move money for good

🏦

DAFs & Community Foundations

Automate charity vetting at the point of grant recommendation. Verify active status, Pub 78 deductibility, Revocation Lists and OFAC clearance - without manual research. Scale grant processing from days to seconds.

EIN VerificationPub 78 EligibilityOFAC Screening
🏗️

Grant Management SaaS & Workplace Giving

Embed Givalgo into your grant lifecycle and employee giving programs. Surface financial ratios, governance flags, and real-time compliance status directly in your platform UI -with zero manual research required.

Financial RatiosGovernance FlagsPayroll Giving
🏛️

Private & Corporate Foundations

Surface multi-year financial trends, program expense ratios, board composition and risk-flags for every grantee. Conduct thorough due-diligence with structured data on potential grantees instead of manually going through docs.

Multi-year TrendsBoard DataProgram Ratios
💳

Fintech & Retail Fundraising Platforms

Power donation rails, matching engines, and retail giving flows with verified nonprofit data. Prevent fraud, ensure tax compliance, and pass audits confidently -all from a single API integration.

Fraud PreventionAML/KYCMatching Engines
What Teams Are Saying

Trusted by compliance teams and platform builders

Givalgo cut our nonprofit vetting process from several hours a day down to zero minutes. It's fully automated. The OFAC leadership screening and church verification are something we couldn't find anywhere else -it's exactly what our compliance team required.

HI
Head of Innovation
National Donor-Advised Fund

We evaluated several data providers before landing on Givalgo. The depth of the API, low price, and scalability is exactly what a modern grant management platform needs. Integration was seamless.

VP
VP of Product
Grant Management Platform

Before Givalgo, our compliance and ops team was responsible for regularly ingesting IRS and OFAC data and screening incoming grant requests - Candid was too expensive. Now the donor request is immediately approved and passed on to finance for disbursement.

HC
Head of Compliance
Workplace Giving & Payroll Platform
Our Roadmap

Building the definitive compliance layer for a $600B+ sector

We're starting where the data problems are most acute. Our roadmap leads to a full-stack compliance intelligence platform -eventually the trusted backbone for every philanthropic dollar that moves in America.

Live

CharityVerify

6-step real-time verification: active 501(c)(3) status, Pub 78 eligibility, group exemption traversal, IRS auto-revocation check, OFAC sanction checks, and leadership screening - including every charity officer and director -across 1.9M+ organizations.

Live

FaithVerify

AI agents continuously scan 40+ denominational databases and official websites to verify religious organization legitimacy, IRS group exemption status, and congregation-level affiliation -the only structured database of its kind.

Live

Form 990 Intelligence API

Structured financial data from every IRS 990 filing -revenue, expenses, leadership compensation, grants, governance, and computed ratios. Monthly refresh via automated Lambda + EventBridge pipeline, backed by 1.3B+ structured data points.

Coming soon

Real-Time Filing & Revocation Alerts

Webhook streams triggered the moment a new 990 is filed, a status changes, a revocation is issued, or a sanctions list is updated. Stop polling. Start knowing instantly.

Coming 2026

Financial, Programmatic & Governance Intelligence

Deep analytical layers on top of raw IRS data -multi-year financial trend signals, program effectiveness benchmarks, governance risk flags, and board composition analytics. Built for foundations making high-stakes grant decisions.

2027 & Beyond

Full-Stack Philanthropy Compliance Platform

Our north star: the go-to compliance infrastructure for philanthropy -an AI compliance agency that handles all your complex compliance-related tasks autonomously, so you can focus on what matters: judgment, relationships, and impact. We are just getting started.

Pricing

Simple, transparent API pricing

Start immediately. Scale as you grow. Enterprise teams get dedicated SLAs, custom data configurations, and a direct line to the founding team.

Monthly Annual Save 20%
Starter
$99 / month

For early-stage platforms building their first compliance integration.

  • 100 API calls / mo
  • Real-time EIN Verification
  • Tax Deductibility check
  • OFAC screening
  • California AG check
  • Reports API access
Get Started →
Professional
$499 / month

For growing platforms that need leadership screening and bulk API access.

  • 1,000 API calls / mo
  • Everything in Starter
  • Leadership sanction screening
  • Bulk API access
  • Priority support
Start Free Trial →

14-day free trial · No credit card required

Custom
Custom

For foundations, compliance platforms, and fintech companies with high-volume or custom needs.

  • Unlimited API calls
  • Form 990 Intelligence API
  • FaithVerify API
  • Custom API configurations
  • Dedicated account manager
  • Human-in-the-loop
Start verifying nonprofits today

The infrastructure for
trusted giving starts here.

Join DAFs, foundations, and compliance platforms that trust Givalgo to verify, enrich, and power their philanthropic workflows.

Get API Access →

No commitment required  ·  Response within 1 business day  ·  14-day free trial available

Privacy Policy

Last updated: March 30, 2026  ·  Effective date: March 30, 2026

On This Page

1. About This Policy

Givalgo, Inc. ("Givalgo," "we," "our," or "us") is committed to protecting the privacy and security of the information entrusted to us. This Privacy Policy describes how we collect, use, process, disclose, and protect your personal information when you:

  • Visit our website at givalgo.ai and related subdomains
  • Access or use our API services at api.givalgo.ai
  • Review our developer documentation at docs.givalgo.ai
  • Communicate with us via email, forms, or other channels
  • Book a demo or attend a product presentation
Important note about our data: Givalgo's core database is built entirely from publicly available U.S. government sources -IRS nonprofit filings, IRS sanctions data, and OFAC sanctions lists. We do not collect, store, or sell personal data about individual donors, nonprofit beneficiaries, or third-party individuals. All nonprofit and organizational data in our platform is sourced from public government records and processed in accordance with applicable law.

This policy applies to all users globally. Where we reference specific legal frameworks (such as GDPR or CCPA), those sections apply only to users in the relevant jurisdiction.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account, subscribe to a plan, or contact us, we collect:

  • Account Information: Full name, work email address, company name, job title, and password (stored as a salted hash -never in plain text)
  • Billing Information: Payment card details and billing address, processed and stored by our payment processor (Stripe). We do not store full card numbers on our systems.
  • Communication Data: Any messages, inquiries, or feedback you submit via email, contact forms, or demo requests
  • Demo Booking Data: Name, email, company, and any notes provided when booking a product demonstration via our scheduling system (Calendly)
  • Survey and Feedback Data: Responses to optional user research surveys or NPS feedback requests

2.2 Information Collected Automatically

When you interact with our website or API, we automatically collect certain technical data:

Data TypeExamplesPurpose
Log DataIP address, browser type, OS, referrer URL, pages visited, timestampsSecurity monitoring, debugging, analytics
API Usage DataAPI key ID, endpoint called, EINs queried, response codes, latency, request volumeBilling, rate limiting, usage dashboards, audit logs
Device InformationScreen resolution, device type, browser versionProduct improvement, compatibility
Session DataLogin timestamps, session duration, feature interactionsSecurity, product analytics

API usage logs are stored in our api_usage_log table in our PostgreSQL database, associated with your API key ID (not your personal email) to provide usage dashboards and enforce plan limits.

2.3 Information from Third Parties

We may receive limited information about you from:

  • Payment Processors (Stripe): Confirmation of payment success/failure and subscription status
  • Authentication Providers: If you sign in via SSO or OAuth, we receive your name and email from that provider
  • Referral Partners: If you were referred to us, we may receive your organization name and contact details from a mutual partner

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating Our Services

  • Creating and managing your account and API credentials
  • Processing payments and managing subscription plans
  • Delivering API responses and maintaining service uptime
  • Providing usage dashboards, rate limit enforcement, and billing summaries
  • Responding to support requests and technical inquiries

3.2 Security and Compliance

  • Detecting, preventing, and investigating fraudulent or unauthorized use of our API
  • Maintaining audit logs for compliance with financial regulations and AML/KYC obligations applicable to our enterprise customers
  • Protecting the integrity of our infrastructure and preventing abuse
  • Complying with applicable laws, including OFAC, AML, and IRS regulations

3.3 Product Improvement and Analytics

  • Analyzing aggregated, anonymized usage patterns to improve API performance and coverage
  • Conducting internal research on which features are most valuable to our users
  • Identifying and fixing bugs, performance bottlenecks, and data quality issues

3.4 Communication

  • Sending transactional emails: account confirmations, password resets, billing receipts, API key notifications
  • Sending product update communications and release notes (you may opt out at any time)
  • Scheduling and conducting product demonstrations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Processing ActivityLegal Basis
Providing API services and fulfilling your subscriptionPerformance of a contract (Art. 6(1)(b) GDPR)
Processing paymentsPerformance of a contract
Sending transactional emailsPerformance of a contract / Legitimate interests
Security monitoring and fraud preventionLegitimate interests (Art. 6(1)(f) GDPR)
Product analytics (aggregated)Legitimate interests
Marketing communicationsConsent (Art. 6(1)(a) GDPR) -you may withdraw at any time
Compliance with legal obligationsLegal obligation (Art. 6(1)(c) GDPR)

Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms as a data subject.

5. Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

5.1 Service Providers

We share data with carefully vetted service providers who process it on our behalf, subject to strict data processing agreements. Current providers include:

  • Amazon Web Services (AWS): Cloud infrastructure, database hosting (RDS PostgreSQL), file storage (S3), serverless compute (Lambda), and API Gateway. Data is stored in us-east-2 (Ohio, USA).
  • Stripe: Payment processing and subscription management. Stripe is PCI-DSS Level 1 certified.
  • Calendly: Demo scheduling. Your name and email are shared when booking a call.

5.2 Legal and Regulatory Disclosures

We may disclose your information if required to do so by law or in good-faith belief that such action is necessary to: (i) comply with a legal obligation, subpoena, or court order; (ii) protect and defend the rights or property of Givalgo; (iii) prevent or investigate possible wrongdoing in connection with our services; or (iv) protect the personal safety of users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you via email or a prominent website notice before your personal information becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Cookies and Tracking Technologies

Our website uses a minimal set of cookies strictly necessary for operation:

Cookie TypePurposeDuration
Session CookieMaintains your authenticated session on the docs and dashboardSession (deleted on browser close)
CSRF TokenProtects against cross-site request forgery attacksSession
Preference CookieRemembers your UI preferences (e.g., dark/light mode)1 year
We do not use third-party advertising cookies, behavioral tracking pixels, or cross-site tracking technologies. We do not use Google Analytics, Facebook Pixel, or similar tracking services on our platform. Our analytics are entirely first-party and privacy-preserving.

7. Data Security

We take the security of your data seriously and implement multiple layers of protection:

  • Encryption in Transit: All communications between your browser/application and our servers use TLS 1.3
  • Encryption at Rest: Our RDS PostgreSQL database uses AES-256 encryption at rest via AWS
  • Secrets Management: API keys, database credentials, and service tokens are stored in AWS Secrets Manager -never in source code or environment variables
  • Network Isolation: Our database runs in a private VPC subnet with no direct internet access; only our Lambda functions (within the same VPC) can connect
  • API Key Authentication: Every API request requires a valid API key passed via x-api-key header; keys are hashed before storage
  • Rate Limiting: Per-key rate limits are enforced at the API Gateway layer to prevent abuse
  • Audit Logging: All API requests are logged with key ID, timestamp, endpoint, and response code for security monitoring
  • SOC 2 Type II: We are currently working toward SOC 2 Type II certification

While we implement industry-standard safeguards, no security system is impenetrable. We cannot guarantee the absolute security of data transmitted over the internet. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

8. Data Retention

We retain different categories of data for different periods based on business and legal requirements:

Data CategoryRetention PeriodReason
Account informationDuration of subscription + 3 years after closureLegal/tax obligations
Payment records7 yearsFinancial regulations
API usage logs90 days (rolling)Billing, debugging, security
Support communications3 yearsService quality, dispute resolution
Audit logs (security)1 yearSecurity monitoring
Marketing consent recordsUntil withdrawal + 3 yearsLegal compliance (GDPR)

When your account is closed or data reaches its retention limit, we securely delete or anonymize it. You may request early deletion of your personal data (subject to legal retention obligations) by contacting privacy@givalgo.ai.

9. International Data Transfers

Givalgo is incorporated in the United States, and our infrastructure is hosted in the AWS us-east-2 (Ohio) region. If you are accessing our services from outside the United States, your information will be transferred to and processed in the United States.

For users in the European Economic Area (EEA) or United Kingdom, such transfers are made pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms. By using our services, you consent to these transfers where required.

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@givalgo.ai and we will promptly delete that information.

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@givalgo.ai:

Rights Available to All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete personal data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Receive your personal data in a structured, machine-readable format
  • Opt-Out of Marketing: Unsubscribe from marketing emails at any time by clicking the unsubscribe link or emailing us

Additional Rights for EEA / UK Users (GDPR)

  • Restriction of Processing: Request that we restrict processing of your data in certain circumstances
  • Object to Processing: Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing
  • Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (DPA)

We will respond to all verifiable requests within 30 days. In complex cases, we may extend this by an additional 60 days with notice. We will not discriminate against you for exercising your privacy rights.

12. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights:

  • Right to Know: Know what personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information (with certain exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale: We do not sell personal information. There is nothing to opt out of.
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide our services
  • Non-Discrimination: We will not discriminate against you for exercising any of these rights

To submit a CCPA request, email privacy@givalgo.ai with "CCPA Request" in the subject line. We will verify your identity before processing the request.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Send an email notification to registered users at least 14 days before the change takes effect
  • Post a prominent notice on our website for 30 days following the change

Your continued use of our services after the effective date of any updated policy constitutes your acceptance of the revised terms. If you disagree with the changes, you may close your account and request deletion of your data.

We maintain an archive of previous versions of this Privacy Policy available upon request.