← Back to all posts
Operations

How to Handle Donor Data and Stay Compliant as a Fire Department

·8 min read
How to Handle Donor Data and Stay Compliant as a Fire Department

Why This Matters

The moment your fire department starts collecting donations online, you are handling personal information: names, email addresses, mailing addresses, and payment details. You are also issuing what donors treat as tax-deductible contributions.

Getting this wrong does not usually result in a lawsuit. But it can result in lost donor trust, IRS complications, and the kind of mess that makes your treasurer quit. Here is how to handle it right.

Tax Receipts: What the IRS Requires

If your department is a 501(c)(3) or a qualifying volunteer fire department under state law, donations to your organization may be tax-deductible for the donor.

The IRS requires written acknowledgment for any single donation of $250 or more. This acknowledgment must include:

  • The name of the organization
  • The date and amount of the donation
  • A statement of whether goods or services were provided in exchange (for a straight donation, the answer is "no goods or services were provided")
For donations under $250, the donor's bank statement is sufficient for their records, but it is good practice to send a receipt anyway.

For ticket sales (like your BBQ dinners), the tax-deductible portion is only the amount that exceeds the fair market value of the meal. If someone buys a $15 BBQ dinner and the fair market value of the food is $8, only $7 is technically deductible. Most departments handle this by noting on the receipt: "The estimated fair market value of goods received is $X."

The Simple Approach

Send a receipt for every donation. Include the date, amount, your organization's name, your EIN (tax ID number), and the standard "no goods or services" language for pure donations.

If you are using a platform like Station Donations, you can configure your EIN and thank-you message in the settings, and the system attaches it to every Stripe receipt automatically. Donors get proper documentation without your treasurer having to print individual letters.

Storing Donor Data

Your donor list — names, emails, donation amounts, dates — is sensitive information. Treat it that way.

What you should store:

  • Name
  • Email address
  • Donation amount and date
  • Mailing address (if provided for receipt purposes)
What you should NOT store:
  • Credit card numbers (your payment processor handles this — never write these down)
  • Social Security numbers (you do not need these for donation receipts)

Where to Store It

Do not keep your donor list in a shared Google Sheet with a link anyone can access. Do not email spreadsheets of donor data between members.

Use a system with proper access controls. Your treasurer and chief should have access. Individual members should not be able to download the entire donor list to their personal laptop.

If your donor data lives in your station website dashboard, make sure only authorized users (owner, admin, treasurer roles) can see the full list. Limit access to what each person actually needs.

Email Compliance

When you send emails to your donor list, you are subject to the CAN-SPAM Act. The requirements are straightforward:

  • Include your organization's physical address in every email (your station address)
  • Include a working unsubscribe link in every email
  • Honor unsubscribe requests within 10 business days
  • Do not use misleading subject lines
If someone unsubscribes, remove them from your list. Do not add them back. Do not send them "just one more" email. Respect the request.

Payment Processing Compliance

If you are using Stripe (through Station Donations or directly), Stripe handles PCI compliance for credit card processing. This means:

  • You never see or store full credit card numbers
  • All payment data is encrypted in transit and at rest
  • Stripe handles chargebacks and disputes
Do not try to process credit cards yourself through a manual card reader or by writing card numbers on paper. This creates massive liability. Always use a PCI-compliant payment processor.

Annual Reporting

If your department is a registered 501(c)(3) and receives more than $50,000 in gross receipts, you must file IRS Form 990-EZ annually. If you receive more than $200,000, you must file the full Form 990.

Many volunteer fire departments that are organized under state law (rather than as a separate 501(c)(3)) have different reporting requirements. Check with your state fire commissioner's office or a local accountant who works with nonprofits.

Keep records of all donations for at least 7 years. This includes online transaction records, cash donation logs, and copies of receipts issued.

Donor Privacy

Your donor list is yours. Do not share it with other organizations, sell it to marketers, or give it to political campaigns. If donors find out their information was shared, they will stop giving and they will tell others.

Include a simple privacy statement on your website: "Station 42 Volunteer Fire Department will never sell, share, or distribute your personal information to third parties."

The Bottom Line

Handling donor data responsibly is not complicated. Issue receipts with your EIN. Store data securely with limited access. Include an unsubscribe link in emails. Use a real payment processor. File your annual returns on time. Keep records for 7 years.

None of this requires a lawyer or an accountant (though having one review your setup annually is smart). It just requires treating your donors' information with the same respect you would want for your own. Get this right and your donors will trust you with their money year after year. Get it wrong and you will spend more time cleaning up the mess than you spent raising the funds.

Ready to put this into action?

Station Donations gives your department a professional fundraising website in 5 minutes. Collect donations, sell event tickets, and track every dollar — free to start, no tech skills needed.

Create Your Free Station WebsiteLearn more