Humanitarian organisations, advocacy nonprofits, and foundations run on donor trust, beneficiary confidentiality, and lean IT budgets — while remaining a high-priority target for state actors and ransomware crews. Safeguard ships a free tier for qualifying organisations and an on-device option for casework that cannot leave the laptop.
Donor expectations, grantor diligence, and adversarial threat models are converging on the same continuous evidence requirement.
Donor names, addresses, gift histories, and major-gift correspondence are some of the most sensitive records a nonprofit holds. A single breach erodes the trust that funds the next decade of programming.
Humanitarian and advocacy organisations routinely operate across borders. Beneficiary data collected in the EU, the UK, or India is governed by the rules of the collection country — not the rules of HQ.
OFAC, UN, EU, and UK sanctions lists move every week. A nonprofit that procures software, ships goods, or transmits funds without continuous sanctions screening is one update away from a violation.
State actors target NGOs to map dissident networks, intercept beneficiary communications, and intimidate staff. The threat model is hostile, well-resourced, and routinely under-discussed in fundraising decks.
Accredited nonprofits below a defined operating budget access a free tier with the core SBOM, AI-BOM, and vendor-screening capability. Security should not be the line item that gets cut for programming.
Casework, beneficiary intake, and advocacy correspondence run through Lino on a local device. Nothing sensitive leaves the laptop, and the AI capability stays usable in air-gapped field offices.
Every vendor SBOM is screened against OFAC, UN, EU, and UK lists on every refresh. Sanctioned suppliers buried five hops deep in transitive dependencies surface before procurement signs.
For organisations operating in surveillance-heavy or conflict regions, the entire stack runs inside the country boundary on customer-controlled hardware. No outbound traffic, no shared keys.
Pre-mapped control narratives and evidence in the formats your grantor, donor, and country regulator already accept.
Free-tier cloud control plane, on-device option for beneficiary data, sanctioned-vendor screening pipeline, and a donor-facing trust packet.
Qualifying nonprofits register through an accreditation flow and receive a managed cloud tier with included capacity for SBOM, AI-BOM, and vendor screening. Upgrades are pro-rated by mission size.
Programmes handling beneficiary data — refugee casework, GBV intake, health records — get on-device Lino with no telemetry. The cloud control plane only sees aggregate posture, never content.
Every SBOM ingested is matched against current OFAC, UN, EU, and UK lists. A sanctioned maintainer, dependency, or hosting provider raises a finding before it can be funded with grant dollars.
Read-only trust portal exposes signed SBOMs, breach history, sanctions-screening lineage, and audit posture to major-gift donors and grantors — replacing the manual due-diligence PDF.
Advocacy and human-rights organisations face nation-state intrusions designed to map dissident networks, intercept communications, and erode operational confidence. The adversary is well-resourced and persistent.
Donor PII, gift histories, and major-gift correspondence live in CRMs that often share vendors across the sector. A single CRM compromise erodes the trust that funds the next decade of programming.
Food, shelter, and medical operations cannot pause for a recovery window. Ransomware crews increasingly target the back-office logistics of humanitarian responders for exactly that reason.
Sanctions lists move weekly. A nonprofit using a sanctioned hosting provider, plugin, or dependency — even unknowingly — is exposed to legal, donor, and reputational consequences.
Numbers from mission-driven deployments. Same donors, same grantors, dramatically less audit and screening overhead.
| Metric | Before Safeguard | With Safeguard |
|---|---|---|
| Donor-data audit prep | 4 weeks | 1 day |
| Sanctions-vendor screening | Quarterly | Continuous |
| Tooling footprint | 4 vendors | 1 (free tier) |
| Volunteer-onboarding security training | 0 | Covered |
| Alert noise | ~70% | ~5% |
| OFAC vendor screening | Manual | Automated |
| Beneficiary-data residency posture | Reactive | Continuous |
Talk to the team about the free tier for qualifying nonprofits, sovereign deployment for at-risk regions, and an evidence pipeline your trustees and donors will actually read.