What has to be on a tax-deductible donation receipt?

A compliant donation receipt generally needs a specific set of elements, and getting them right is part of a non-profit’s duty to its donors — though the exact rules depend on your jurisdiction, so confirm against your tax authority. In the US context for a 501(c)(3), an acknowledgement a donor can use typically includes the organisation’s name, the amount of a cash contribution (or a description, not a value, of non-cash gifts), the date, and a statement of whether any goods or services were provided in return and their value — plus the classic line stating that the organisation is a tax-exempt charity. The point is that a receipt is not just a thank-you; for the donor it is a tax document, so the required statements must actually be present. Build a clean template with those elements and reuse it, rather than improvising each receipt and risking an incomplete one.

Why is donor data a privacy responsibility, not just paperwork?

Because donor records contain exactly the kind of personal data people expect an organisation to protect: names, home addresses, contact details, and a history of how much they have given — which can itself be sensitive. A non-profit holds this in trust, and a leak (an emailed statement to the wrong person, a report with named donors forwarded onward, a misplaced spreadsheet) is both a breach of that trust and, depending on where you operate, a potential legal violation under data-protection rules. Treating donor PDFs with the same care a business gives customer financial data is the right baseline: limit who can open sensitive files, do not include more personal data than a document needs, and assume any file you send could be forwarded. Donors give you their support and their data; safeguarding the second is part of deserving the first.

How should we send year-end giving statements securely?

Treat a year-end statement as sensitive, because it is a complete record of one donor’s giving. The safest approach is to either encrypt the PDF with a strong open password (shared with the donor through a separate channel) or deliver it via an access-controlled link rather than a plain email attachment, so it is not sitting unprotected in inboxes and mail servers. Make sure each statement goes only to the correct donor — bulk statement runs are a classic source of "wrong person got my data" incidents, so verify the merge. And generate the statements with a tool that processes files on your own device, so a whole donor list is not uploaded to a third party. The combination of correct addressing, encryption or controlled delivery, and local processing covers the realistic risks.

How do we share reports that contain donor information?

Redact the personal data before the report travels beyond the people who genuinely need it. Board packs, impact reports, and grant submissions often quote named donors and amounts, which is fine internally but should usually be removed or aggregated before a document goes to a wider audience. Crucially, redaction means actually removing the underlying data, not drawing a black box over it or hiding it behind a password — covered or password-gated text can still be extracted, so it is not protection. For anything leaving the organisation, produce a properly redacted version (and ideally a clean, flattened copy) so named-donor details cannot be recovered. The instinct to share impact is good; pair it with the discipline to share it without exposing the individuals behind the numbers.

What is the simplest secure receipt workflow for a small non-profit?

Keep it lightweight but disciplined. Build one clean receipt template containing all the required elements, so every receipt is complete by construction. Generate each donor’s receipt from a trusted data source, double-checking that the name and amount match the right person. For routine single receipts, a strong open password plus delivery to the verified donor is usually enough; for sensitive bulk runs like year-end statements, add controlled delivery. Do the generation with client-side tools so donor data stays on your own machines, keep an organised, access-limited archive, and redact donor specifics from anything shared more widely. None of this requires expensive software — a consistent template, careful addressing, and client-side tools cover most of what a small organisation needs.

Is it safe to process donor PDFs with online tools?

Only with tools that run on your own device, because donor files concentrate personal data. Many online PDF tools upload your file to a third-party server, which is a poor fit for receipts and statements full of names, addresses, and giving histories — and potentially a data-protection problem. Client-side (in-browser) tools build, protect, redact, and merge locally so files never leave your computer — ScoutMyTool’s PDF tools work this way, and being free suits a non-profit budget. For any document containing donor PII, confirm the tool is client-side before uploading, or use offline software. Your donors trusted you with their information; the tools you choose to handle it are part of honouring that.

7 min read

PDF for non-profits — secure donor communications and receipts

By ScoutMyTool Editorial Team · Last updated: 2026-05-21

Working with a small charity, I watched a year-end giving statement go out to the wrong donor — a one-click mail-merge slip that exposed one person’s entire giving history to another. Nobody meant any harm, but it was a real breach of trust, and it crystallised something: a non-profit’s PDFs are full of personal data and tax obligations, and they deserve the same care a business gives customer financial records. This guide is the security and compliance side of non-profit PDFs — what a tax-deductible receipt must actually contain, how to protect donor information in statements and communications, and how to redact donor specifics before a report travels. Doing the impact work is the mission; protecting the people who fund it is part of the job.

Donor documents and the data they carry

Document	Sensitive data	Practice
Donation receipt	Donor name, amount, sometimes address	Include required elements; deliver securely
Year-end giving statement	Full annual giving history	Encrypt or send via access-controlled link
Donor thank-you / appeal	Name, contact, giving level	Strip metadata; mail-merge from a clean source
Board / grant report with donor data	Named donors, amounts	Redact individuals before wider sharing
Payment / bank detail forms	Account numbers, signatures	Never email unprotected; redact when archiving

Step by step — a secure donor PDF workflow

Build a complete receipt template. Create one template with all required elements (organisation name, amount/description, date, goods-or-services statement, tax-exempt status) so every receipt is compliant by construction. Confirm requirements with your tax authority.
Generate from a trusted source, addressed correctly.Produce each receipt or statement from verified donor data, and double-check that the right document goes to the right person.
Protect sensitive statements. Encrypt year-end statements with a strong open password (shared separately) or deliver via an access-controlled link rather than a plain attachment.
Redact donor data before wider sharing. For board packs, impact reports, and grant submissions, properly remove or aggregate named donors and amounts — delete the data, do not just cover it.
Keep an organised, access-limited archive. Store donor PDFs where only the right people can reach them, named consistently for retrieval.
Process everything on your own device. Use client-side tools so donor lists and PII never get uploaded to a third-party server.

The principle: stewardship extends to data

Non-profits talk about stewardship of donations; the same idea should cover stewardship of donor data. Two duties run through every document here. The first is compliance: a receipt is a tax instrument for the donor, so the required elements must genuinely be present — a complete template is the simplest way to guarantee that. The second is protection: receipts, statements, and reports concentrate exactly the personal data donors expect you to safeguard, so address them correctly, protect or control the sensitive ones, redact before sharing widely, and keep the work on your own machines. None of it requires a big budget — a clean template, careful addressing, redaction discipline, and client-side tools cover the realistic risks. Honouring the people behind the numbers is not separate from the mission; it is part of being worthy of their support.

FAQ

What has to be on a tax-deductible donation receipt?: A compliant donation receipt generally needs a specific set of elements, and getting them right is part of a non-profit’s duty to its donors — though the exact rules depend on your jurisdiction, so confirm against your tax authority. In the US context for a 501(c)(3), an acknowledgement a donor can use typically includes the organisation’s name, the amount of a cash contribution (or a description, not a value, of non-cash gifts), the date, and a statement of whether any goods or services were provided in return and their value — plus the classic line stating that the organisation is a tax-exempt charity. The point is that a receipt is not just a thank-you; for the donor it is a tax document, so the required statements must actually be present. Build a clean template with those elements and reuse it, rather than improvising each receipt and risking an incomplete one.
Why is donor data a privacy responsibility, not just paperwork?: Because donor records contain exactly the kind of personal data people expect an organisation to protect: names, home addresses, contact details, and a history of how much they have given — which can itself be sensitive. A non-profit holds this in trust, and a leak (an emailed statement to the wrong person, a report with named donors forwarded onward, a misplaced spreadsheet) is both a breach of that trust and, depending on where you operate, a potential legal violation under data-protection rules. Treating donor PDFs with the same care a business gives customer financial data is the right baseline: limit who can open sensitive files, do not include more personal data than a document needs, and assume any file you send could be forwarded. Donors give you their support and their data; safeguarding the second is part of deserving the first.
How should we send year-end giving statements securely?: Treat a year-end statement as sensitive, because it is a complete record of one donor’s giving. The safest approach is to either encrypt the PDF with a strong open password (shared with the donor through a separate channel) or deliver it via an access-controlled link rather than a plain email attachment, so it is not sitting unprotected in inboxes and mail servers. Make sure each statement goes only to the correct donor — bulk statement runs are a classic source of "wrong person got my data" incidents, so verify the merge. And generate the statements with a tool that processes files on your own device, so a whole donor list is not uploaded to a third party. The combination of correct addressing, encryption or controlled delivery, and local processing covers the realistic risks.
How do we share reports that contain donor information?: Redact the personal data before the report travels beyond the people who genuinely need it. Board packs, impact reports, and grant submissions often quote named donors and amounts, which is fine internally but should usually be removed or aggregated before a document goes to a wider audience. Crucially, redaction means actually removing the underlying data, not drawing a black box over it or hiding it behind a password — covered or password-gated text can still be extracted, so it is not protection. For anything leaving the organisation, produce a properly redacted version (and ideally a clean, flattened copy) so named-donor details cannot be recovered. The instinct to share impact is good; pair it with the discipline to share it without exposing the individuals behind the numbers.
What is the simplest secure receipt workflow for a small non-profit?: Keep it lightweight but disciplined. Build one clean receipt template containing all the required elements, so every receipt is complete by construction. Generate each donor’s receipt from a trusted data source, double-checking that the name and amount match the right person. For routine single receipts, a strong open password plus delivery to the verified donor is usually enough; for sensitive bulk runs like year-end statements, add controlled delivery. Do the generation with client-side tools so donor data stays on your own machines, keep an organised, access-limited archive, and redact donor specifics from anything shared more widely. None of this requires expensive software — a consistent template, careful addressing, and client-side tools cover most of what a small organisation needs.
Is it safe to process donor PDFs with online tools?: Only with tools that run on your own device, because donor files concentrate personal data. Many online PDF tools upload your file to a third-party server, which is a poor fit for receipts and statements full of names, addresses, and giving histories — and potentially a data-protection problem. Client-side (in-browser) tools build, protect, redact, and merge locally so files never leave your computer — ScoutMyTool’s PDF tools work this way, and being free suits a non-profit budget. For any document containing donor PII, confirm the tool is client-side before uploading, or use offline software. Your donors trusted you with their information; the tools you choose to handle it are part of honouring that.

Citations

Protect donor documents — in your browser

Encrypt a sensitive statement or redact donor data with ScoutMyTool — free and client-side, so your donors’ personal information never leaves your computer.

Open Protect-PDF tool →