QR Codes for Donations: The Complete 2026 Guide for Nonprofits, Churches, and Fundraisers

Dozens of donation QR placements are possible. Six carry the bulk of measurable lift in the development teams we hear from.

1. The in-pew giving card. A laminated card with a QR routing to the church's giving page. The single highest-volume donation QR placement in the country once you cross 200 attending congregations. Tithe.ly and Givelify build their entire model around it.

2. The direct-mail appeal envelope. A QR on the response envelope or the inner cover of the appeal letter, routing to the campaign landing page pre-tagged with the appeal source. Lifts response on year-end and spring appeals in the 8-15% range over check-only paths.

3. The annual-report mailing. A QR on the back cover routing to a giving page pre-loaded with a suggested amount tied to the impact story. The reader who just finished a program story gives at a higher rate than the cold list.

4. Event signage — gala, run/walk, capital-campaign event. QRs on table cards, step-and-repeats, auction paddles, lanyard backs. The window is short and the urgency is high.

5. The social-media donation card. A printable card with a QR donors can post on Instagram, Facebook, or LinkedIn. The peer-to-peer multiplier on smaller campaigns.

6. Peer-to-peer fundraiser printed material. Run/walk pages, individual flyers, memorial-giving cards. Each fundraiser gets their own QR so credit attributes correctly.

What is not on this list: the generic "scan to donate" QR taped to a coffee jar at the office front desk. It converts poorly because the context does not answer the donor's actual question — what cause, what amount, what proof.

QR-based phishing — "quishing" — became a top-three attack vector in 2024 and 2025. FTC alerts cover the disaster-relief and parking-meter cases; Cofense covers the corporate-credential cases. Donation QRs sit in the most-targeted bucket because the conversion is a direct money transfer.

The fraud pattern: a sticker placed over a legitimate donation QR on event signage, an unsolicited appeal letter mimicking a known charity, a fake disaster-relief QR posted to social media in the hours after a news event.

The legitimate-org countermeasures are unsexy but they work:

• Use a custom domain. The URL the donor sees should be give.yourorg.org, not a generic shortener that could belong to anyone. Donors now glance at the URL bar.
• Put the org name and logo above the fold. Not below an iframe. Not behind a redirect. The first paint should say who this is.
• Show the EIN. A 9-digit Employer Identification Number in the footer is a one-line signal that the donor can verify on the IRS Tax Exempt Organization Search.
• Display a verified-charity badge. Charity Navigator and Candid (formerly GuideStar) both offer embeddable badges linking back to the verification page.
• HTTPS, no mixed content. A page that triggers a browser warning ends the donation.

For the QR-vendor side, the QR generator scams to avoid post covers the upstream risks. Codes routing through a vendor-owned generic shortener inherit the vendor's reputation; codes routing through your own custom subdomain inherit yours.

Three patterns of donation landing page, in order from worst to best for trust signal.

Worst: a raw Stripe Checkout URL. The donor scans and lands on checkout.stripe.com/c/xxx. The page shows a form and the Stripe brand. Your org's name appears small. The URL bar says stripe.com, not your org. Conversion is lower because the trust signal is the payment processor, not the cause.

Better: a hosted form on a donation-platform domain. Donorbox, Givelify, Tithe.ly, Classy, and DonorPerfect all offer hosted forms at yourorg.donorbox.org or yourorg.givelify.com. The org name is in the subdomain; the form carries the logo, colors, and mission line. Conversion is better. The catch: the URL is still on the platform's domain.

Best: a custom-domain page that embeds the platform form. The donor scans, lands on give.yourorg.org, and the page is on the org's own domain — header, footer, mission line, EIN, charity-verification badges. The form itself is an embedded Donorbox or Stripe widget, but the wrapper is yours. Every trust signal is the org's own.

Practical advice: if you have any web capacity at all, route the QR to a custom-domain page that embeds the donation form. If not, the platform-hosted subdomain is the next best. Raw Stripe Checkout is the last-resort fallback for fundraisers without a platform of their own.

For the QR-type choice, the URL QR generator covers the standard pattern. The call-to-action design guide covers the label discipline — "Donate to [Org Name]" outperforms "Scan here" by a wide margin on every donation placement we have seen tested.

A donation flow behind a QR has to do two regulatory jobs: capture what the IRS requires for a deductible-gift receipt, and email a receipt that meets the IRS substantiation rules.

The IRS 501(c)(3) guidance and Publication 1771 lay out the requirements. The practical checklist:

The donation form must capture:

• Donor's legal name (for the receipt)
• Donor's mailing address (for the receipt and direct-mail follow-up)
• Donor's email address (for receipt delivery)
• Gift amount
• Designation (general, capital, restricted) if the org accepts restricted gifts
• Anonymous-gift preference for public donor lists

The receipt email must include:

• The org's legal name matching IRS records
• The org's EIN
• A statement that the org is a 501(c)(3) tax-exempt organization
• The gift amount and the date
• Whether any goods or services were provided in exchange, with a good-faith estimate of value — the deductible portion is the gift amount minus the goods-or-services value (matters for gala tickets, auction items, merch-tied giving)

The platforms that handle donation flows — Donorbox, Givelify, Tithe.ly, Classy, DonorPerfect, Network for Good — all generate compliant receipts by default. Raw Stripe Checkout does not; if you route through Stripe Checkout directly, wire up the receipt via webhook.

For recurring gifts, each charge generates its own receipt and an annual summary collects them. Recurring conversion lifts by 20-40% when the toggle is above the suggested-amount selector rather than buried below.

Different platforms fit different org profiles. The table covers patterns most QR-to-donate flows route through.

The static-versus-dynamic decision is sharper for donations than for marketing because the printed collateral often outlasts the platform decision.

Static is correct for: permanent church and chapel giving pages where the URL genuinely will not change in 10 years (often yourchurch.org/give); permanent giving kiosks at the org's owned location; the giving page printed on a memorial plaque or a building dedication marker.

Dynamic is correct for: capital-campaign appeals (URL ties to the campaign and retires after); year-end and spring appeals (URL ties to the appeal source for attribution); peer-to-peer material (each fundraiser gets their own URL); event-specific QRs (gala, run/walk); any printed run in market longer than the current platform contract.

The static vs dynamic QR codes post covers the deeper logic. Honest filter for nonprofits: if you are not 100% confident the URL will still be the right URL in 3 years, use dynamic.

For the giving page on the org's own domain, the URL QR generator is the right type. For event signage that needs to surface multiple options, the multi-URL QR generator covers the chooser-page pattern.

Printed donation collateral has a long shelf life. A year-end appeal envelope mailed to 50,000 donors carries the QR for the full giving season — November through January. A capital-campaign brochure printed in 100,000-unit batches stays in market for 18-36 months. In-pew giving cards live in pew racks for years.

The cancellation problem: most QR vendors deactivate dynamic codes when the subscription lapses. A team that switches vendors mid-campaign, pauses during a leadership transition, or forgets to renew loses the QR on every piece of collateral already in market. The response rate falls quietly.

The pattern hits nonprofits harder than for-profits. The gift value per scan is high, so each dead QR costs more than a missed menu scan. The trust cost compounds — a donor who hits a dead QR wonders if the whole appeal is a scam. And nonprofit budget cycles often include scheduled SaaS pauses, which is exactly when codes silently die.

We covered the vendor-by-vendor policy in the permanent QR code generator guide. Short version: Flowcode and QR Code Generator deactivate dynamic codes after cancellation per current terms; EZQR and QR Tiger keep codes redirecting indefinitely; Beaconstac/Uniqode varies by tier.

The protective workflow:

1. Verify the vendor's cancellation policy in writing before any production print order.
2. Test the cancellation flow on a trial account. Generate, cancel, wait 35 days, scan.
3. If the test code dies, switch vendors before the appeal prints.
4. Or keep the lowest tier active year-round. $60 a year is a rounding error against re-mailing 50,000 envelopes.

Five practical disciplines that compound into the trust signal donation QRs need.

The label on the QR matters more than the code styling. "Donate to [Org Name]" earns more taps than "Scan to give." Specificity is the trust cue. The call-to-action design guide covers the label discipline in depth.

Use error correction level H on durable collateral. 30% damage tolerance keeps the QR scannable when the envelope corner gets bent in the mail or the pew card gets a coffee stain. See the error correction levels guide.

Show the destination URL near the QR. Print yourorg.org/give under the QR. Donors who do not want to scan can type it; donors who do scan get the trust cue of the URL matching what loads.

Pair the QR with the verified-charity claim. A Charity Navigator score or the Candid Seal of Transparency on the same printed piece transfers the trust signal to the QR by association.

Test the full flow on a fresh phone before printing. New tab, no cookies, cellular network. The destination should load in under three seconds, look unmistakably like your org from the first paint, and not trigger any browser warnings.

For the deeper print-discipline conversation, the QR codes for print pillar covers substrate, geometry, and contrast rules.

Nonprofit procurement nuances consumer-grade QR reviews miss. Monthly billing matters because development budgets run on campaign cycles, not calendar contracts. Donor-CRM integration matters because attribution per appeal is the point of dynamic codes. Codes-survive-cancellation matters more than for any other vertical we cover.

The order of operations for a development team standing up donation QRs for the first time.

1. Decide the landing-page pattern: custom-domain wrapper (best), platform-hosted subdomain (next), raw Stripe Checkout (last resort). Make the decision before generating the QR.
2. Verify the form captures donor name, address, email, amount, and designation. Confirm the receipt email includes the EIN and the goods-or-services statement per IRS Publication 1771.
3. Add trust signals to the landing page: org name and logo above the fold, EIN in the footer, Charity Navigator or Candid badge, HTTPS lock.
4. Pick the QR vendor on cancellation policy first. See the permanent QR code generator guide.
5. Decide static-versus-dynamic per placement. Default to dynamic for any printed run longer than 12 months in market.
6. Generate with error correction level H for durable print and Q for digital-only uses. See the error correction levels guide.
7. Tag each QR with a UTM source (utm_source=year_end_envelope, utm_source=gala_table_card) for placement attribution.
8. Print the URL under the QR. Print the org name as the call to action — "Donate to [Org Name]" — not "Scan here."
9. Test every QR on a fresh phone, no cookies, cellular before the production print order. Destination must load in under three seconds.
10. After the appeal goes live, re-test every QR every 30 days. URLs migrate, vendors change billing, and printed collateral stays in market longer than most teams run their test cycle.
11. Track scan velocity per placement against gift volume per placement. Reallocate based on what converts in your donor base, not someone else's case study.

Donation QRs are the unusual category where trust is the conversion variable, not design. The six highest-converting placements — in-pew giving card, direct-mail appeal envelope, annual-report mailing, event signage, social-media donation card, peer-to-peer fundraiser material — all reward orgs that route the QR to a branded landing page on their own domain rather than a raw payment-processor checkout.

The QRishing fraud problem trained donors to glance at the URL bar and the trust signals on the landing page. The org name, the EIN, the verified-charity badge, the HTTPS lock — none of these are optional. The 501(c)(3) tax-receipt mechanics have to capture the donor's legal name and address and deliver a receipt that meets IRS substantiation rules.

Most donation QRs need to be dynamic because the printed run outlasts the platform decision. The cancellation timebomb is sharper for nonprofits than for-profits because appeal envelopes mailed to 50,000 donors carry the QR for the full giving season. Pick a vendor whose codes survive cancellation, and the program survives a leadership transition or a budget pause.

EZQR covers small nonprofits and churches on the $5/mo Lite tier, development teams on Pro at $10/mo, and multi-affiliate orgs on Max at $20/mo. The nonprofits use-case page covers the basic patterns; the churches use-case page covers ChMS-integration patterns; the events use-case page covers gala and capital-campaign signage. For broader context, see the QR for events pillar and the QR for marketing pillar.