FutureFund collects a small platform fee from each donor who pays through our site as a percentage of their contribution. This ensures we have the resources needed to keep updating our tools and providing support for the school groups we serve, while allowing schools to collect 100% of all donations and sales.

No—we only take a small percentage of debit and credit card transactions that we process through our system. You can still use FutureFund to raise money from donors who pay with cash or check, but we do not charge a platform fee for these transactions.

We built FutureFund specifically to support K-12 PTAs and school groups. Our team are PTA members ourselves, and we understand the relationships between parents, teachers, and students—so we created tools that solve the unique challenges these groups face when it comes to effectively organizing and fundraising.

FutureFund is specifically built to support the work of PTAs at the national, state, district, and local levels—as well as schools, booster clubs, and Ed Funds serving K-12 students in the USA.

FutureFund is built to comply with all major financial regulations and data privacy laws governing PTAs and school groups in the United States. This includes Federal and state-specific legislation, such as:

• The Family Educational Rights and Privacy Act (FERPA)
• The Children’s Online Privacy Protection Rule (COPPA)
• The California Consumer Privacy Act
• Assembly Bill 1584
• The Payment Card Industry (PCI) Data Security Standard (DSS)

Our platform also makes use of current technologies designed to provide extra layers of security when handling sensitive information. These include:

• TLS/SSL (Transport Layer Security/Secure Sockets Layer): These are cryptographic protocols designed to provide secure communication over a network by encrypting data in transit between client and server.
• WAF and DDOS Protection (Web Application Firewall and Distributed Denial of Service Protection): These are security measures to protect websites from harmful traffic, with WAF filtering, monitoring, and blocking HTTP traffic to and from a web application, and DDOS protection preventing overload of a network or server by a flood of internet traffic.
• Penetration Testing: This is a method of evaluating the security of a computer system or network by simulating attacks from malicious sources to identify vulnerabilities.
• Load Balancer Based Compute Isolations: This is a strategy of distributing network or application traffic across many servers to improve responsiveness and availability, while isolating workloads for security and fault tolerance.
• Role-based Access Control: This is a method of regulating access to computer network resources based on the roles of individual users within an organization, ensuring that only authorized individuals can access specific resources.
• Secure Logging: This is the process of recording events in a system in a manner that prevents tampering or deletion, providing a reliable record for security auditing and incident response.
• Static and Dynamic Code Analysis: These are methods of examining source code or running applications to find potential security vulnerabilities, with static analysis checking code without executing it, and dynamic analysis testing code while it’s running in a real or simulated environment.
• OWASP Secure Coding Principles (Open Web Application Security Project): These are a set of principles and best practices for secure coding aimed at preventing security vulnerabilities in web applications, as defined by the non-profit OWASP organization.
• Credit Card Tokenization: This is an advanced security process that protects sensitive payment information during transactions.