Partnership Pitches That Can Put Nonprofits, Donors, and Data at Risk

Nonprofits are frequently offered partnership pitches by businesses, vendors, consultants, fundraisers, and other outside organizations. Some of them are legitimate. A local business may want to sponsor an event. A technology vendor may offer useful software. A consultant may have real fundraising experience. A cybersecurity provider may be able to help a small nonprofit improve its defenses.

But not every offer to “help” a nonprofit is actually helpful. Some offers deserve a much closer look. The risky ones often sound generous at first. They may promise new donations, free tools, donor growth, grant access, exposure, cybersecurity support, or an easy way to raise money. The problem is that the nonprofit may be giving up more than it realizes.

Sometimes the nonprofit is asked to lend its name. Sometimes it’s asked to share donor relationships. Sometimes it’s asked to give a third party access to donations, financial information, systems, staff, data, or community trust. That’s where the risk begins.

For nonprofits, trust isn’t a small thing.

• Donors trust that their money is going where they intended.

• Clients and community members trust that their personal information will be handled carefully.

• Board members trust that the organization is making decisions aligned with its mission.

• Staff and volunteers trust that leadership will not put the organization at avoidable risk.

A bad partnership can damage all of that.

Here are common partnership pitches that nonprofits should slow down and review carefully before saying yes.

1. The unauthorized fundraising page

One of the most uncomfortable risks for nonprofits is discovering that someone else has created a fundraising page in the organization’s name without the nonprofit’s knowledge or clear approval.

On the surface, the idea may sound harmless: more visibility, more donation opportunities, and an easier way for supporters to give.

But there’s a major difference between a nonprofit choosing to use a fundraising platform and a third party creating a page in the nonprofit’s name without the organization’s clear approval.

An unauthorized fundraising page may not always be a scam in the obvious sense. The money may still be intended for the named charity. But it can still create serious problems. Donors may think they're giving directly to the nonprofit when they're actually giving through a third party. They may not understand who created the page, who controls it, where the money goes first, what fees apply, or whether the nonprofit approved the message. Donors may also misunderstand whether their gift will be tax-deductible. A donation to a personal fundraiser that says it will support a charity is not the same as donating directly to that charity or through an approved nonprofit fundraiser.

In March 2026, a multistate coalition of attorneys general and charitable regulators raised concerns that GoFundMe had created more than 1.4 million donation pages for charities without their prior knowledge or consent. Officials said the pages raised concerns about use of charity names and logos, inaccurate descriptions, donor confusion, and donations routed through a donor-advised fund instead of going directly to the named charity. They also raised concerns about platform “tips” and whether GoFundMe pages could appear above official charity websites in search results.

That example shows why this risk matters. Even when a page uses the nonprofit’s real name, donors may be confused about who's behind it, how the donation works, and whether the nonprofit has approved the page. The risk isn't only financial. It's also a trust problem.

What to watch for:

• A fundraising page using your nonprofit’s name without approval

• Your logo, mission language, or program descriptions copied onto a third-party page

• Donors being routed through an outside platform when they think they're giving directly to you

• Search results that show a third-party donation page above your official giving page

• Unclear language about fees, tips, donor-advised funds, or processing delays

What nonprofits can do:

• Search your organization’s name from time to time along with words like “donate,” “fundraiser,” and “GoFundMe.”

• Make sure your official donation page is easy to find on your own website.

• If you discover an unauthorized page, document it with screenshots and contact the platform quickly.

The larger point is simple: your nonprofit should control how its name, mission, and donation process are presented to the public.

2. The fundraising platform that controls or delays donations

   
   

   Many small nonprofits use third-party platforms to collect donations, run events, manage campaigns, sell tickets, or process sponsorships. These tools can be useful. For a small team, an affordable all-in-one platform can feel like a lifeline. But nonprofits should be careful about any platform that sits between the donor and the organization’s money.

   
   

   The pitch may sound like this:

   “We’ll handle your donation pages, donor data, events, payments, and campaign tools in one simple platform.”

   
   

   That may be convenient but it also creates dependency and a single point of failure.

   
   

   The recent Flipcause bankruptcy is a serious warning. Nonprofit Quarterly reported in March 2026 that Flipcause, a fundraising platform used by thousands of small nonprofits, had failed to disburse more than $29 million in donations and later filed for bankruptcy. The report said more than 3,200 organizations, mostly nonprofits, were listed as unsecured creditors.

   
   

   That doesn't mean every fundraising platform is unsafe. It does mean nonprofits should understand what happens to donor funds after someone clicks “donate.”

   
   

   Important questions to ask:

   
   

   • Who legally holds the money after a donor gives?

   • How quickly are donations transferred to the nonprofit?

   • Are funds held in a separate account or mixed with company funds?

   • What happens if the platform has financial trouble?

   • Can the nonprofit export donor records easily?

   • What fees apply?

   • Who owns the donor data?

   • What happens if the platform shuts down, freezes activity, or changes ownership?

   
   

   Red flags to watch for:

   
   

   • Delayed payouts without a clear explanation

   • Complaints from other nonprofits about missing or slow payments

   • Vague terms about who controls donations before transfer

   • The platform controls donations, donor records, events, website pages, and communications all in one place

   • No clear backup plan if the vendor fails

   
   

   Convenience is valuable, but control matters. A platform that handles money, donor data, events, and web pages may become more than a vendor. It may become part of the nonprofit’s operating infrastructure. That deserves real due diligence.

3. The professional fundraiser with unclear fees

Some professional fundraisers are legitimate and do useful work. Others can damage a nonprofit’s reputation by raising money in the nonprofit’s name while retaining a large share of the proceeds or making misleading claims to donors.

The pitch may sound like this:

“We’ll raise money for you. You get donations without having to manage the campaign.”

That can be tempting, especially for a small nonprofit with limited staff. But fundraising is not just about money. It is about trust.

In September 2025, the FTC, along with 22 agencies from 19 states, announced action against Kars-R-Us, a company that collected vehicle donations on behalf of the United Breast Cancer Foundation. According to the FTC, Kars claimed the donations would help provide free and low-cost breast cancer screenings. But the complaint alleged that only $126,815, or 0.28%, of the more than $45 million raised was used to provide breast cancer screenings. The case is a reminder that nonprofits should understand not only who is raising money in their name, but also what donors are being told and how much of the money actually supports the stated mission.

For nonprofits, the risk isn't only legal. It's relational. If donors believe they were misled, they may blame the nonprofit whose name was used, even if a third-party fundraiser made the calls, ran the ads, or wrote the scripts.

What to check:

• Is the fundraiser properly registered where required?

• What percentage of donations goes to the nonprofit?

• What fees, commissions, or reimbursements go to the fundraiser?

• Who approves scripts, emails, ads, landing pages, and call language?

• How often will the fundraiser report campaign results?

• How quickly will funds be transferred?

• Can the nonprofit audit the results?

• Are donors clearly told who is contacting them and how donations will be used?

In Massachusetts, state law requires professional fund-raising counsel, commercial co-venturers, and professional solicitors to register before acting for certain charitable organizations. The law also requires financial reporting for commercial co-venturers and professional solicitors.

Rules vary by state, so nonprofits shouldn't treat fundraising as an informal handshake arrangement. If someone is going to raise money using your name, your mission, or your donor relationships, the details belong in writing.

4. The affiliate, referral, or residual-income pitch

This one often sounds like easy money.

The pitch may sound like:

• “We’ll give your nonprofit a commission if you introduce us to your donors, members, clients, or business contacts.”

• “You can create a recurring revenue stream just by referring people to our product.”

The problem is that the nonprofit may slowly become a sales channel for someone else’s business. That doesn’t mean every referral relationship is wrong. But nonprofits should be cautious when a company wants access to the organization’s trust network. Donors, volunteers, clients, community partners, and sponsors didn’t build relationships with the nonprofit so they could become leads in a sales funnel.

Red flags to watch for:

• The pitch focuses more on commission than mission.

• The product or service is hard to explain.

• The company wants introductions before providing clear details.

• The nonprofit is asked to promote something it has not independently evaluated.

• The company wants access to donor or member lists.

• The arrangement creates pressure to recommend a product because money is involved.

• The offer sounds like “residual income” without clear value to the nonprofit’s community.

What nonprofits can do:

Before accepting an affiliate or referral arrangement, ask a simple question:

“Would we recommend this product if no money were involved?”

If the answer is no, that’s a problem.

The nonprofit should also be clear with its audience. If the organization receives a referral fee, commission, discount, or other benefit, that relationship should be disclosed. Hidden incentives can damage trust quickly. A nonprofit’s relationships are not just a marketing asset. They’re part of the organization’s credibility.

5. The cause-marketing or “portion of proceeds” partnership

Cause marketing can be legitimate. A local business may sell a product and donate part of the proceeds to a nonprofit. A restaurant may run a community night. A retailer may support a charity campaign. But this type of partnership can get messy when the details are vague.

The pitch may sound like this:

“We’ll donate a portion of every sale to your nonprofit if you let us use your name and logo.”

That sounds good until someone asks: what portion? For how long? From gross revenue or net profit? Is there a cap? When will payment be made? Who approves the advertising? What happens if customers think the nonprofit endorses the product?

Red flags to watch for:

• “A portion of proceeds” with no specific amount

• No campaign start date or end date

• No cap or minimum donation

• No clear reporting

• The business wants to use your logo immediately

• The campaign language implies endorsement

• The company cannot explain how it will handle charitable solicitation or commercial co-venture rules

• The nonprofit cannot review public-facing materials before launch

What nonprofits can do:

• Put the terms in writing

• Be specific about the donation formula, campaign dates, logo use, reporting, payment timing, and approval rights

• Consider whether the company’s product, reputation, and customer practices align with the nonprofit’s mission

This is especially important for small nonprofits that may be excited to receive support from a business. A poorly structured campaign can create confusion for donors, customers, and supporters, even if the business didn’t intend harm.

The practical rule: don’t lend your name faster than you can protect it.

6. The crypto donation or alternative payment platform

A few years ago, many nonprofits were approached by crypto donation platforms promising innovation, new donors, and low or no fees.

The pitch may sound like this:

“We make it easy for your nonprofit to accept Bitcoin and other crypto donations.”

Some nonprofits may decide that accepting cryptocurrency makes sense. But it shouldn't be treated as a casual add-on. Cryptocurrency can introduce tax, accounting, volatility, fraud, custody, compliance, and donor-screening issues.

The FBI’s 2025 Internet Crime Report, released in 2026, said cryptocurrency-related complaints produced the highest reported losses among Americans who submitted complaints involving cryptocurrency, with more than $11 billion in reported losses.

That doesn't mean a crypto donation platform is automatically a scam. But it does mean nonprofits should be careful about any vendor that makes crypto sound simple without explaining the risks.

What to check:

• Does the platform convert crypto to cash immediately or hold the asset?

• Who handles tax documentation?

• How are donor identities verified?

• What fees apply?

• What happens if the donation source is suspicious?

• Who controls the wallet or account?

• How are refunds handled?

• Does the nonprofit’s finance team understand the accounting treatment?

• Has the board approved accepting this type of donation?

Red flags to watch for:

• “Zero risk” language

• Pressure to adopt quickly

• No clear tax or accounting guidance

• No explanation of volatility

• No donor-screening process

• The nonprofit is asked to create or control wallets without understanding custody risk

For most small nonprofits, the question is not “Can we accept crypto?” The better question is: “Do we have a real reason to accept crypto, and do we understand the responsibilities that come with it?”

7. The free software offer

Free software can be useful. Many nonprofits rely on donated, discounted, or freemium tools. But a free tool isn’t automatically a safe tool.

The pitch may sound like this:

“We’ll give your nonprofit free access to our platform in exchange for exposure, feedback, testimonials, or access to your staff, volunteers, donors, or clients.”

That may be reasonable in some cases. But nonprofits should ask what the vendor is getting in return. The cost may not be money. The cost may be data, visibility, endorsement, or dependency.

Red flags to watch for:

• The vendor wants access to donor records, client data, staff accounts, or internal files

• The nonprofit is asked to promote the tool before testing it

• The company wants a public testimonial as part of the deal

• The tool has weak privacy terms

• The free version limits data export

• The vendor can change pricing later after the nonprofit becomes dependent

• The nonprofit doesn’t know where the data is stored or who can access it

What nonprofits can do:

Before adopting free software, ask basic vendor questions:

• What data will we put into this tool?

• Is any of that data sensitive?

• Who owns the data?

• Can we export it easily?

• Can the vendor use our data for product training, analytics, or marketing?

• What happens if we stop using the tool?

• Does the free plan include adequate security features?

• Will staff or volunteers use personal accounts or organization-managed accounts?

Free tools can still create serious risk. If the software touches donor information, client records, payment data, email accounts, internal documents, or program operations, treat it like a real vendor relationship.

8. The AI fundraising or donor analytics tool

AI tools are now being marketed to nonprofits for fundraising, donor research, grant writing, communications, program support, and administrative work.

Some of these tools may be helpful. But nonprofits should be careful with vendors promising automatic donor growth, guaranteed results, or powerful analytics that require large amounts of sensitive data.

The pitch may sound like this:

“Our AI platform can identify your best donors, write your appeals, personalize outreach, and increase donations.”

The concern isn't simply that the tool uses AI. The concern is what data the tool needs, what it does with that data, whether its claims are exaggerated, and whether the nonprofit understands the risks.

In March 2026, the FTC announced a settlement with Air AI, saying the agency had alleged that the company misled entrepreneurs and small businesses with deceptive claims about business growth, earnings potential, and refund guarantees.

That case was not about nonprofits specifically, but the lesson applies. Be careful when a technology vendor promises growth, revenue, or easy results that sound too certain.

Nonprofits also need to manage how staff and volunteers use AI tools. Arizona State University’s Lodestar Center for Philanthropy and Nonprofit Innovation recommends clear AI policies, approved tools, data handling rules, and avoiding confidential or proprietary information in public AI tools.

Red flags to watch for:

• “Guaranteed donations”

• “Guaranteed donor growth”

• Pressure to upload a full donor list before signing a contract

• No clear policy on data retention or deletion

• The vendor can use your data to train models without clear permission

• No explanation of subcontractors or where data is stored

• No human review process

• The tool generates donor messages that staff do not review

• Staff or volunteers use personal AI accounts for nonprofit work

What nonprofits can do:

Create simple AI rules before adopting AI tools. Decide what information can and can’t be entered into AI systems. Donor lists, client stories, personal information, health information, financial records, HR issues, legal matters, and confidential board materials should be handled carefully.

AI can help with drafting and organizing ideas. But it shouldn’t become an uncontrolled pipeline for sensitive nonprofit data.

9. The free cybersecurity audit or free tech help offer

Nonprofits are often told they're easy targets. That can make a free cybersecurity audit sound appealing.

The pitch may sound like this:

“We’ll scan your systems for free and show you where you’re vulnerable.”

Sometimes free cybersecurity help is legitimate. CISA offers no-cost cyber hygiene services and other resources that can help organizations reduce exposure to cyber threats.

So the issue isn't whether the help is free. The issue is whether the request is appropriate, authorized, and clearly scoped.

A legitimate security review should be clear about:

• What will be tested

• Who is authorizing the work

• What tools will be used

• What access is needed

• How results will be handled

• What happens after the review

Red flags to watch for:

• The provider asks for administrator credentials without a clear, approved reason

• The provider wants remote access before there is a written agreement

• The scope is vague

• The provider uses fear to pressure a purchase

• The provider refuses to explain what will be scanned

• The provider won't identify who is doing the work

• The provider claims a government affiliation that can't be verified

• The audit turns immediately into a high-pressure sales pitch

What nonprofits can do:

• Get the scope in writing

• Don't provide passwords casually

• Don't allow scanning, remote access, or system changes unless leadership has approved it and the work is clearly authorized

• Ask how findings will be delivered and who will see them

Cybersecurity support can be valuable. But access to systems should never be treated casually just because the offer is free.

11. The fake grant, funding-access, or sponsorship pitch

Nonprofits are always looking for funding. Scammers know that.

The pitch may sound like this:

• “You qualify for a grant. We can help you claim it, but you need to pay a fee or provide banking information first.”

• “We represent a foundation interested in sponsoring your nonprofit. Please complete this form and provide your financial details.”

Grant scams often rely on urgency and hope. They may use fake government names, fake foundation websites, social media messages, or emails that look official.

Grants.gov warns that scammers may pretend to offer grants from the U.S. Department of Health and Human Services, ask for money or personal information, use social media or chat apps, direct people to fake websites or live support chats, and pretend to be a friend or someone from HHS.

Red flags to watch for:

• You didn’t apply for the grant

• The funder contacts you unexpectedly through social media or a personal email

• You’re asked to pay a processing fee

• You’re asked for bank information before formal award documentation

• The website looks official but the domain looks suspicious

• The message uses urgent language

• The funder avoids normal application, award, and documentation steps

• The opportunity sounds too easy

What nonprofits can do:

• Verify grant opportunities through official channels

• Use known websites, known contacts, and independently verified phone numbers

• Don’t click through from the message itself if something feels off

• Don’t pay money to receive a government grant

A real funder should be willing to slow down and provide verifiable information.

11. The partner impersonation or payment-change scam

This one may not look like a partnership pitch at first. It may look like a normal message from a vendor, sponsor, funder, board member, consultant, or partner organization.

The message may say something like:

• “We changed banks. Please send future payments to this new account.”

• “Please update the wire instructions before the grant payment goes out.”

• “We need this sponsorship payment today. Use the attached instructions.”

This is a common pattern in business email compromise. Criminals may spoof email addresses, compromise real accounts, or insert themselves into existing conversations. The message can look believable because it may involve a real vendor, real invoice, real partner, or real payment.

The FBI reported that cyber-enabled crimes produced nearly $21 billion in reported losses in 2025. Phishing and spoofing were among the most frequently reported complaints, which matters because payment-change scams often start with a believable message that appears to come from a real person or organization.

For nonprofits, the risk may involve vendor payments, grant disbursements, sponsorships, reimbursements, payroll changes, event invoices, or donations.

Red flags to watch for:

• New payment instructions

• Urgent timing

• A request to keep the change quiet

• Slight changes in email address or domain name

• Payment instructions attached as a file

• A request that doesn't match the usual process

• The person refuses phone verification

• The message appears inside a real email thread but changes the payment destination

What nonprofits can do:

• Use a separate trusted channel to verify payment changes

• Don't reply to the suspicious email and ask, “Is this real?”

• Use a known phone number, a previously verified contact, or an internal vendor record

This is one of the simplest and strongest habits a nonprofit can build: no payment change should rely on email alone.

What nonprofits can do before saying yes

A nonprofit doesn't need to reject every partnership pitch. But it should have a basic review process before allowing an outside party to use its name, contact its donors, handle donations, access systems, process payments, or collect data.

Here are practical questions to ask.

1. What are we being asked to give up?

Look beyond the sales pitch. Are you giving access to your name, logo, donor list, staff, systems, bank information, website, email platform, client stories, or credibility?

If the answer is yes, slow down.

2. Who controls the money?

If donations, sponsorships, event payments, or campaign proceeds flow through a third party, understand exactly how the money moves.

Ask:

• Who receives the money first?

• How long is it held?

• What fees are taken?

• What reports do we receive?

• What happens if the platform fails?

• Can donors clearly see who is receiving the money?

3. Who owns and controls the data?

Donor and client information should not be handed over casually.

Ask:

• What data does the vendor need?

• Why do they need it?

• Can they use it for marketing, analytics, or AI training?

• Can we delete or export it?

• Who else can access it?

• What happens when the relationship ends?

4. Can we review the public message before it goes live?

If another organization is using your name, logo, mission, photos, testimonials, or program language, you should approve the final version before it's published.

This includes fundraising pages, social media posts, email campaigns, ads, landing pages, scripts, brochures, and press releases.

5. Are the promises realistic?

Be careful with phrases like:

• Guaranteed donations

• No risk

• Free money

• Passive income

• Residual income

• Zero fees

• Guaranteed donor growth

• Limited-time opportunity

• Everyone is doing this

Those phrases do not automatically mean the offer is bad. But they should trigger closer review.

6. Is the provider properly registered or qualified?

For fundraising, charitable solicitation, commercial co-ventures, cybersecurity, accounting, legal, and grant-related services, credentials and registration may matter.

Don't rely only on a polished website. Verify independently.

7. Does this align with our mission?

A partnership can be legal and still be wrong for the organization.

Ask:

• Would our donors understand this relationship?

• Would our board be comfortable with it?

• Would we be proud to explain it publicly?

• Does this help our mission, or are we being used to help someone else sell?

8. Do we have the agreement in writing?

A good written agreement doesn't need to be complicated, but it should answer the important questions.

At minimum, it should address:

• Scope of work

• Use of name and logo

• Fees and payment timing

• Data access and ownership

• Confidentiality

• Reporting

• Review and approval rights

• Termination

• Security expectations

• What happens when the partnership ends

If the other party resists putting basic terms in writing, that tells you something.

Final takeaway

A risky partnership pitch isn't always obvious. It may not arrive as a threatening email or an obvious scam. It may arrive as a friendly offer from a vendor, consultant, fundraiser, platform, sponsor, or technology company. It may promise donations, exposure, efficiency, growth, free tools, or expert help.

The question isn't just, “Could this help us?” The better question is, “What are we giving away in return?”

For a nonprofit, the most important assets are not only money and technology. They are trust, reputation, donor relationships, community confidence, and control over the mission.

Before saying yes to a partnership, slow down. Ask who controls the money. Ask who controls the data. Ask who can use your name. Ask what donors will see. Ask what happens if something goes wrong.

A good partner will respect those questions. A risky one will pressure you to skip them.