FundCollector – Donations Plugin and Fundraising Platform for WordPress

Easy to use WordPress Donation Plugin

FundCollector is a comprehensive donation management plugin for WordPress that enables organizations to collect donations through multiple payment methods including PayPal and bank transfers.

Key Features

• PayPal Integration: Secure PayPal payments with REST API
• Bank Transfer Support: Alternative payment method with automated instructions
• Gutenberg Block: Native WordPress block editor integration
• Form Builder: Customizable donation forms with multiple fields
• Email Notifications: Automated emails to donors and administrators
• Security Features: Honeypot protection, reCAPTCHA support, and data encryption
• Multi-language: Full translation support for English, Spanish, French, German, Portuguese, and Italian. Additional languages will be added in future versions.
• Admin Dashboard: Complete donation management and reporting
• Pre-built Pages: Automatic creation of essential pages (Donation, Thank You, Payment Failed, Privacy Policy)
• Auto-updates: Configurable automatic plugin updates

Payment Methods

• PayPal: Complete PayPal REST API integration with sandbox support
• Bank Transfer: Manual payment method with customizable instructions
• Future Support: Extensible architecture for additional payment gateways

Security

• Data encryption for sensitive information
• Honeypot spam protection
• reCAPTCHA integration
• CSRF protection with nonces
• Sanitized input validation

Compliance

• GDPR compliant data handling
• Privacy-focused design
• Data retention controls
• Audit trail logging

Privacy Policy

FundCollector takes privacy seriously:

• Payment data is processed securely through PayPal’s API
• Sensitive data is encrypted at rest
• No data is shared with third parties without consent
• Users can request data deletion at any time
• Full audit trail is maintained for compliance

External Services

This plugin connects to external third-party services to provide payment processing and security features. Below is a detailed disclosure of each service used:

PayPal Payment Processing

• What it is: PayPal is a payment processing service used to handle online donations via credit cards, debit cards, and PayPal accounts.
• When it’s used: Activated when donors choose PayPal as their payment method. Connections occur during payment creation, authorization, and completion.
• Data transmitted: Donor information (name, email), donation amount, currency, and transaction metadata are sent to PayPal’s servers for payment processing.
• API endpoints used:
  • Production: https://api-m.paypal.com (live transactions)
  • Sandbox: https://api-m.sandbox.paypal.com (testing environment)
• Privacy Policy: PayPal Privacy Statement
• Terms of Service: PayPal User Agreement

Google reCAPTCHA v3

• What it is: Google reCAPTCHA v3 is an anti-spam protection service that helps prevent automated bot submissions.
• When it’s used: Optional feature (can be disabled). When enabled, reCAPTCHA analyzes user behavior on donation forms to detect potential spam or bot activity.
• Data transmitted: User interaction data (mouse movements, typing patterns, IP address) is sent to Google’s servers for spam analysis. The reCAPTCHA token generated is validated server-side.
• API endpoints used:
  • Client-side script: https://www.google.com/recaptcha/api.js
  • Server-side verification: https://www.google.com/recaptcha/api/siteverify
• Privacy Policy: Google Privacy Policy
• Terms of Service: Google reCAPTCHA Terms of Service

User Control

• PayPal integration is optional and can be disabled in plugin settings (bank transfer only mode)
• Google reCAPTCHA is optional and can be disabled in plugin settings
• Users are informed about these integrations during plugin configuration

Data Protection

• All communication with external services occurs over encrypted HTTPS connections
• API credentials (PayPal Client ID/Secret, reCAPTCHA keys) are stored encrypted in the WordPress database
• No donor payment card data is stored on your WordPress server – all sensitive payment information is handled directly by PayPal
• reCAPTCHA tokens are temporary and only used for spam verification

Developer Information

FundCollector is built with security and extensibility in mind:

• WordPress Coding Standards compliant
• Comprehensive error handling
• Extensive logging system
• Modular architecture
• Action and filter hooks for customization
• Developer-friendly API