Start fundraising free today.

Manna

Legal

Compliance

How Manna helps you stay compliant at every level.

Political fundraising operates under some of the most stringent regulatory requirements in any industry. Manna is built from the ground up to help organizations meet these requirements — so you can focus on your mission while we handle the infrastructure.

1. Campaign Finance Compliance

FEC Donor Information Collection

For contributions to federal candidates, PACs, and party committees, the Federal Election Commission (FEC) requires that organizations collect and report specific donor information. Manna’s donation forms are designed to collect all required fields:

  • Full legal name of the contributor
  • Mailing address (street, city, state, ZIP code)
  • Occupation and employer
  • Contribution amount and date

These fields are required by default on all donation forms for federal committees. Organizations can configure additional fields as needed for state and local compliance.

Contribution Limits

Manna enforces federal contribution limits where applicable. However, Manna cannot track contributions made through other platforms, by check, or through other channels. Organizations are ultimately responsible for monitoring and enforcing aggregate contribution limits across all sources.

Contributor Eligibility

Every donor who contributes through Manna is presented with legally required attestations confirming that:

  • They are a U.S. citizen or lawfully admitted permanent resident.
  • The contribution is made from their own personal funds.
  • They are at least 18 years of age.
  • They are not a federal contractor (for federal contributions).

Reporting and Record-Keeping

Manna provides Organizations with complete, exportable donation records that contain all fields required for FEC and state campaign finance filings. Organizations are responsible for filing all required reports with the appropriate agencies. Manna does not file reports on behalf of Organizations.

2. Payment Security

PCI DSS Compliance

All payment processing on Manna is handled through Stripe, a PCI DSS Level 1 certified payment processor — the highest level of certification in the payment card industry. Manna never stores, processes, or transmits raw credit card numbers on our servers.

Sensitive payment data is collected directly by Stripe’s client-side Elements, encrypted, and transmitted to Stripe’s PCI-compliant infrastructure. This means your donors’ card data never touches Manna’s servers.

Fraud Prevention

Manna leverages Stripe’s built-in fraud detection tools, including Stripe Radar, to automatically identify and block suspicious transactions. Additional safeguards include:

  • Address Verification System (AVS) checks
  • Card Verification Value (CVV) validation
  • Real-time transaction monitoring
  • Velocity checks for unusual donation patterns

3. Data Protection

Encryption

All data transmitted between your browser and the Manna platform is encrypted using TLS (Transport Layer Security). Data stored in our databases is encrypted at rest. We use industry-standard encryption protocols to protect your information at every stage.

Access Controls

Manna implements role-based access controls (RBAC) at both the platform and organization level. Within each organization, four distinct roles (Super Admin, Admin, Treasurer, Staff) provide granular control over who can access sensitive data, manage finances, and administer settings. Row-level security (RLS) in our database ensures that organizations can only access their own data.

Infrastructure Security

Manna is hosted on Vercel and Supabase, both of which maintain SOC 2 Type II compliance. Our infrastructure includes:

  • Automatic HTTPS enforcement across all endpoints
  • DDoS protection and Web Application Firewall (WAF)
  • Automated security patching and updates
  • Regular backups with point-in-time recovery

4. State and Local Compliance

Campaign finance laws vary significantly by state and municipality. Manna’s flexible donation forms allow Organizations to add custom fields and disclaimers required by their specific jurisdiction. While Manna provides the tools to collect required information, Organizations are responsible for understanding and complying with the specific laws in their jurisdiction.

5. Nonprofit Compliance

For 501(c)(3) and 501(c)(4) organizations, Manna supports the collection of donor information needed for tax receipts and regulatory filings. Key considerations:

  • 501(c)(3) donations may be tax-deductible. Organizations are responsible for issuing proper acknowledgment letters for contributions over $250.
  • 501(c)(4) donations are generally not tax-deductible. Organizations should clearly communicate this to donors.
  • Manna does not provide tax advice or determine deductibility.

6. Our Commitment

Manna is a nonpartisan platform. We provide equal access, tools, and support to all lawful organizations regardless of political affiliation, party, or ideology. Compliance is a shared responsibility — we build the infrastructure, and you bring the expertise about your specific regulatory requirements.

If you have questions about how Manna can support your organization’s compliance needs, please visit our Contact page.