There are a lot of ways that fundraising at Mozilla is very different than the fundraising I’ve done at other non-profit organizations. One of the most striking differences is how our Privacy Principles guide our donor experience, our fundraising systems, and ultimately, our results.

All U.S. non-profits are under a lot of pressure to grow their lists and optimize their investment in fundraising staff and infrastructure. The work often calls for privacy tradeoffs.  Not at Mozilla.

Take pre-filled donation forms for instance. You may click on a link in a fundraising email from a non-profit and find that your name, address and other information has already been pre-filled on a form for you. Magic! That happens because the software they use to manage donations saved some data about you and your computer during a previous transaction. It was stored all that time on a server somewhere, until you landed back on their donation form.

The data is indisputable: Pre-filled donation forms increase conversion and raise more money. The 2012 Obama campaign took this idea even further when they developed an award-winning technology called Quick Donate which stored donors’ credit card details. This reduced the “friction” facing repeat donors to a single click — similar to Amazon’s “1-click” purchase button. Quick Donate played a major role in reaching a record-setting $690 million in donations online.

All of the practices I’m describing by U.S. organizations or campaigns are legal; but by collecting, storing, and re-using donors’ data, users have less power and control over their personal information.  That’s not a tradeoff we’re willing to make.

At Mozilla, we believe in no surprises, user control and limited data. Privacy is fundamental to our mission and is imbedded in the Mozilla Manifesto. Our practices are consciously designed to respect  the privacy of our  donors and their data.  This commitment  changes our online organizing and fundraising in several key ways:

No pre-filled form fields.
We realize significantly less revenue because we do not use cookies to pre-fill donation forms for repeat donors. Typing is a hindrance, especially when many people have come to expect pre-filled forms thanks to technology like Google Wallet or cookies on websites they frequent. That’s a tradeoff we are willing to accept in order to give users more control of their own data.

No automatic pre-checked box for our mailing list.
This is a big one. Many U.S. organizations — both for- and non-profit — auto-check optin boxes in the final step of purchases or donations. This exponentially increases the likelihood that a user’s email address is captured. Mozilla does not allow pre-checked optins for any of our newsletters (you can read our detailed requirements for this practice here). In addition, we require an acknowledgement of our Privacy Policy in many cases. That means in some instances we require a user to check not one, but TWO boxes before they join an email list.

Despite a relatively strict opt-in policy, we were able to double the foundation’s email list from ~700,000 to over 1.4 million in 2014.

“I donated, so why do you still show me the fundraising campaign snippet?”
After you donate, our donation software doesn’t pass your PII back to the snippet service. This means we can’t turn off the snippet on an individual basis based on whether someone donates or not.

Orson Welles once said: “The enemy of art is the absence of limitations.” Our mission to keep users in control of their own data and put privacy first is too valuable to compromise — even for fundraising. We adapt and excel within constraints because it’s the right thing to do.