Your domain. Your brand. Your data.
Bring your own domain. Operate as your own independent giving platform. Full brand isolation between organizations — no cross-domain account discovery, no shared donor lookups, no leakage.
Enterprise feature
Bring your own domain. Operate as your own independent giving platform. Full brand isolation between organizations — no cross-domain account discovery, no shared donor lookups, no leakage.
Enterprise feature
Bring your domain
Your donors go to your domain — not ours. Custom subdomains, full apex domains, however you want to structure it. The platform handles TLS certificate provisioning automatically — no SSL paperwork, no renewal calendar.
Once your domain is verified, your organization's brand variant is auto-provisioned. Your logo, your colors, your vocabulary, your email "from" address. Every channel — dashboard, donate pages, widget, kiosk, signage, emails — wears your brand.
Your brand
12,400 donors
$2.4M / year
Their brand
8,200 donors
$1.6M / year
Their brand
3,100 donors
$640K / year
Brand isolation
Brand isolation isn't a feature flag. It's the architecture. Donors registered on one domain can't be discovered, contacted, or imported from another.
The same email registers separately on every brand. No password reset on one brand can hijack a session on another. No cross-brand "do you have an account?" probes.
Authentication tokens carry the brand they were issued on. Using a session token across brands fails — at the API layer, not just the UI.
Invite acceptance, OTP delivery, password resets — all scoped to the brand they originated on. Attempting cross-brand requests returns generic invalid responses with no information leak.
Outbound emails use your brand's "from" address, support email, and SMTP relay. Your brand never appears in another brand's email path.
Every database query is scoped to the brand at the API layer. Cross-brand data access is architecturally impossible — not policy, not convention.
Every action recorded against the brand it touched. Your audit log shows your brand's activity — no other brand's data ever appears.
Proven in production
This isn't a feature we built for someone else. Our vertical brands — AloraChurch for churches and Mohseen for Islamic giving — run on this exact white-label machinery: their own domains, their own email identity, their own vocabulary, their own donor universes. When you verify your domain, you get the same platform-minting machinery we trust with our own names.
When multi-brand earns its keep
Some orgs need more than a single platform — they need many platforms that share infrastructure but stay independent at every other layer.
A regional or national network with many member orgs — each one operates as its own platform, provisioned under one enterprise umbrella, independent at every other layer.
National parent + regional chapters. Each chapter has its own brand, donors, and finances — independence by architecture, not by policy. Network-wide rollup reporting is on the roadmap.
One legal entity running multiple programs (e.g., a relief charity + an education foundation). Each program gets its own brand and donor base.
Network-level provisioning + local autonomy. Each local org operates independently with its own brand, donors, and finances under the network's enterprise account.
Self-serve management
Enter your custom domain in Settings → My Brand. We verify ownership via DNS TXT or HTTP file.
Add a CNAME or A record. We monitor propagation and confirm when ready.
The instant DNS is live, Caddy on-demand TLS issues your certificate. Renewal is automatic.
Your logo, colors, vocabulary, and email identity are applied platform-wide for your domain. Live in minutes.