Security & data architecture

How your data flows on a Mittun-built site.

Mittun builds and maintains Drupal websites on Pantheon that connect to GoFundMe Pro. This page explains exactly what is stored on your website, what stays inside GoFundMe Pro, and how the level of features you enable changes that picture.

Baseline architecture

Out of the box, your website is a presentation layer. GoFundMe Pro is the system of record for donors, fundraisers, registrations, and payments.

Try it: toggle features on and off
Enable a parent feature to unlock its add-ons. Watch the diagram update live.
Add-ons
Add-ons
Supporter / Browser
Public website visitor
  • Visits your campaign site
  • Views public campaign content
  • Clicks Donate, Register, or Fundraise
Mittun implements and maintains the website — features above change what's fetched & stored here
Drupal site on Pantheon
Presentation layer
Fetched from GoFundMe Pro into Drupal
  • Fundraising pages, totals & goals
  • Recent donors (opt-in display only)
  • Team rosters, team goals & totals
  • Total raised, gifts, fundraisers
Stored on the website
  • Nothing personal — display-only website
Any stored data can be removed at any time.
Never stored on the website
Payment / PCI data never touches Pantheon — regardless of features
GoFundMe Pro
System of record (always holds everything)
GoFundMe Pro is the source of truth. It always holds the full dataset — Drupal only fetches the slices it needs for the enabled features.
Hosted workflows
Donate, Register, Fundraise
Public records
Campaigns, fundraisers, donors, teams
Sensitive data
Payments, transactions, full PII
No matter what features are enabled, the website never stores:
Credit card numbers or payment data
Billing addresses or full donor PII
Transaction history or refunds
Anything in PCI scope
Browser / page requests
Display-safe API data
Redirect to GoFundMe Pro workflow
Key takeaway

The website reads fundraising data from GoFundMe Pro for display only. GoFundMe Pro remains the source of truth and the holder of all sensitive donor and payment data. No PCI data ever touches the Pantheon site.

What the website can show without storing anything

The frontend fetches publicly available information from the GoFundMe Pro API on every page load. No database is needed on the website to display any of this.

Fundraising pages
Individual and team fundraising page content
Amounts raised
Per fundraiser, team, and overall campaign
Goals & progress
Progress bars, percent-to-goal, milestones
Recent donors
Names and amounts where donors opted in to display
Team rosters
Team names, members, team goals and totals
Campaign totals
Total raised, total gifts, total fundraisers

What changes when you enable more features

The amount of data the website itself stores depends on which features you turn on. Everything else continues to live inside GoFundMe Pro.

Tier 1 · Default
Public website only
Nothing personal is stored on the website
  • All fundraising data is fetched live from the GoFundMe Pro API
  • No accounts, no logins, no email addresses on the site
  • Donate / Register / Fundraise clicks redirect into GoFundMe Pro
Tier 2 · Optional
Fundraiser portal enabled
Authenticated user email address
  • Fundraisers sign in to manage their page from your website
  • The site stores their email to authenticate the session
  • Donor and payment data still live only in GoFundMe Pro
Tier 3 · Optional
Admin dashboard enabled
Authenticated admin email address
  • Staff sign in to view aggregated reporting and visualizations
  • Email is stored for authentication and access control
  • Aggregated views are computed from the GoFundMe Pro API
What is never stored on the website
  • Credit card numbers or any payment instrument data
  • Billing addresses or full donor PII
  • Transaction history or refund records
  • Anything subject to PCI scope
What may be stored on the website
  • Email address of authenticated portal or dashboard users
  • Session tokens used to keep that user signed in
  • Cached, display-safe campaign data to keep pages fast

How it stays secure and authenticated

Authenticated API access
Server-to-server requests to the GoFundMe Pro API are authenticated with secret keys held only on Pantheon.
HTTPS everywhere
All traffic between the browser, Pantheon, and GoFundMe Pro is encrypted in transit using TLS.
Hardened hosting
Pantheon provides a managed, hardened platform for Drupal with WAF, DDoS protection, and patching.
PCI scope stays out
Donations and payments happen on GoFundMe Pro-hosted workflows, keeping your website out of PCI scope.

Quick answers

Does the website store donor information?

No. Donor records, including names, contact details, and any payment information, live in GoFundMe Pro. The website only displays what GoFundMe Pro exposes publicly.

Where do donations actually happen?

On GoFundMe Pro-hosted donation, registration, and fundraising workflows. The website redirects supporters into those flows so payment data never enters the Pantheon environment.

What if I enable the fundraiser portal or admin dashboard?

The website then stores the email address of users who sign in, so it can authenticate their session. It does not start storing donor or payment data.

Who manages the website?

Mittun builds and maintains the Drupal website on Pantheon. GoFundMe Pro continues to operate as your fundraising platform and system of record.