Foundation & Planned Giving Prospecting Playbook

Version: 2.0 Date: 2026-03-16 Status: Research complete + Senior Review complete + AI-native strategy designed; execution pending Dmitri’s answers on targeting parameters Senior Review: APPROVED WITH NOTES (see Section 15 for corrections)

0. Origin & Intent (Dmitri’s Words)

“Let’s do some deep research on what’s possible with using the data around how much nonprofits are generating revenue so that we might consider going after and targeting some ones that are generating enough revenue but they’re still a pretty small size one. It seems like there are some services like GuideStar or something else out there where you can pull down this data through the browser. See what’s available for free and see what we could possibly do to target some of these that are within the right range and that are more like foundations. We can help with this operational resilience as a potential initial target client.”

“The idea is that if there’s so much data available and we can essentially automate, if we can really do our AI native agency a part where really all of the outreach up to the point where I have to do a call with them is done through this. We do have another entity but maybe we just have like four nonprofits kind of section on the website so it really feels like we’re catering to them.”

“Also help me think through the ability to reach out to planned giving providers because with the Lasting Legacy Foundation that’s our major aspect of how we want to try to get to and who we want to work with to understand how they handle planned giving so we can help them set up.”

“I want to do much more thorough analysis and planning… How do we really think through this from an AI-native automation strategy? If we could really just have the proper landing page on our website, even though our website is really geared towards wealth management, who do we niche down to and what’s the pitch essentially? …see what’s possible with doing all this automatically and what could we do with minimal effort from us as humans and mostly through all the latest AI coding tools and AI video generation tools? It’s like we’re just iterating on this process to reach out to them and essentially offering to do some really simple kind of work to make sure that they’re not going to trip over untied shoelaces… Also help them implement things that make them better at their core functions.”

Core thesis: Foundations (especially legacy/perpetuity-focused ones) are a natural fit for Solanasis’s operational resilience services. The data to find and qualify them is freely available. An AI-native pipeline could automate prospecting from IRS data all the way to personalized outreach, with Dmitri only engaging when a prospect is ready for a call. This also feeds the Lasting Legacy vision by building relationships with planned giving organizations.

Two parallel tracks:

Foundations as clients for operational resilience / fractional CIO services
Planned giving providers as partners for the Lasting Legacy initiative (learn their processes, eventually become partners or build something complementary)

1. The Opportunity: Why Foundations?

1.1 The Gap

Foundations handle sensitive financial data (donor PII, investment portfolios, grant histories, trust documents) with minimal IT infrastructure. The smaller the foundation, the wider the gap between data sensitivity and security posture.

~150,000 private foundations in the US (Cause IQ, 2025 data; earlier IRS estimates were ~120K)
The vast majority of small foundations have no website (Foundation Source launched managed website services in 2024 to address this gap; Inside Philanthropy has documented billion-dollar “stealth foundations” with no web presence)
Most small foundations have zero dedicated IT staff
Foundation data includes: SSNs, net worth details, estate plans, bank accounts, investment portfolios
This is wealth management-grade data sensitivity on a church bake sale IT budget

1.2 Why Foundations Would Buy from Solanasis

Factor	Why It Works
Size match	Small foundations want small, personable firms; they distrust big vendors
Price point	$5 K -$ 12.5K ORB is a rounding error on a $5M+ foundation’s annual budget
Trust dynamics	Foundations operate on relationships and referrals; similar to wealth management
Pain is real but unaddressed	Nobody is marketing cybersecurity/DR specifically to private foundations
Long-term relationships	Perpetuity-focused foundations need partners for decades, not projects
Mission alignment	Solanasis can position as protecting charitable missions, not just selling security
Lasting Legacy integration	Every foundation relationship is a potential Lasting Legacy partner

1.3 The Lasting Legacy Connection

From Ian Crafford meeting (2026-03-16):

Ian advised Dmitri to “speak on [Lasting Legacy] as part of what we’re doing here”
Recommended reaching out to planned giving firms to “learn their processes and make it easier”
Models to study: National Christian Foundation (NCF), Boulder Community Foundation
Goal: “Pave the way for us to be able to do this, Lasting Legacy, and become their partner”

Strategy: Solanasis delivers operational resilience services to foundations now. Those relationships feed into the Lasting Legacy planned giving initiative later. Every foundation client becomes a potential Lasting Legacy partner.

2. Foundation Economics: Who Can Afford Us?

2.1 The 5% Distribution Rule

Private foundations must distribute at least 5% of their net investment assets annually for charitable purposes. This is the single most important economic constraint. Operating expenses (including consulting fees) count toward this 5% if they’re reasonable and necessary.

What this means for pricing:

A $5 M f o u n d a t i o n d i s t r ib u t es$ 250K/year
Of that, ~~15-25% goes to administrative/operating expenses (~~ $37 K -$ 62K)
A $5 K -$ 12.5K engagement is 8-34% of their admin budget; realistic but significant
A $10 M f o u n d a t i o nha s$ 75K-$125K in admin spend; much more comfortable
A $25 M f o u n d a t i o nha s$ 187K- $312 K ina d min;$ 12.5K is easy

2.2 Staffing by Size

Total Assets	Typical Staff	IT Situation	Can Afford Solanasis?
Under $1M	0 (trustee-managed)	Family member or nothing	NO; too small
$1 M -$ 5M	0-1 (part-time ED or admin)	Board member “who knows computers”	MAYBE; price-sensitive
$5 M -$ 10M	1-2 (ED + part-time admin)	Outsourced to local IT shop or nothing	YES; sweet spot entry
$10 M -$ 25M	2-5 (ED, program officer, admin, finance)	May have MSP; no security	YES; ideal target
$25 M -$ 50M	5-10 (full team)	Likely has MSP; may have IT consultant	YES; larger engagements
$50 M -$ 100M	10-20+	May have IT manager; still lacks security	YES; premium pricing
$100M+	20+	Dedicated IT; may have formal security	MAYBE; bigger competitors

2.3 The Sweet Spot

Target range: $5 M -$ 50M in total assets

Large enough to afford $5 K -$ 15K engagements
Small enough to lack dedicated IT/security staff
Staff of 1-10 people; ED is the decision-maker
Admin budget of $37 K -$ 312K/year
Spending on professional services (legal, accounting, consulting): typically $20 K -$ 100K/year
Our ORB fits within their existing professional services budget

2.4 How Foundations Buy

Decision maker: Executive Director (for purchases under ~ $10 K -$ 25K)
Board approval: Required for larger engagements or ongoing retainers
Board meeting cadence: Quarterly (most common) or semi-annually
Fiscal year: Calendar year for most private foundations
Budget cycle: Board sets annual budget in Q4 for the following year; OR rolling approval
How they find vendors: Referrals from other foundations, attorneys, CPAs, community foundation networks, Exponent Philanthropy peer groups
Price sensitivity: Moderate; they’re used to paying attorneys $300 -$ 500/hr and CPAs $200 -$ 400/hr
Our $250/hr effective rate is within their expected range for professional services

2.5 Foundation Technology Stack

Category	Common Tools	Notes
Grant management	Fluxx, Foundant GLM, SmartSimple, Submittable	Foundations >$10M typically use one
Accounting	QuickBooks (small), Sage Intacct (mid+), Blackbaud FE NXT	Fund accounting is complex
CRM/Contact	Salesforce (NPSP), Bloomerang, DonorPerfect, Excel/Google Sheets	Many use spreadsheets
Document storage	Google Drive, Dropbox, SharePoint, local file server	Often disorganized
Email	Google Workspace (free for nonprofits), Microsoft 365	Google Workspace for Nonprofits is free
Investment management	Foundation Source, Northern Trust, PNC, community foundation pools	Outsourced
Foundation admin	Foundation Source (4,000+ clients), DIY, attorney-managed	Foundation Source is the 800-lb gorilla

Key insight: Foundation Source is the dominant managed services provider for private foundations (4,000+ clients, $26B+ in assets under administration). They handle compliance, tax filing, grant management, and now planned giving (via PG Calc acquisition). They do NOT provide cybersecurity or disaster recovery services. This is our lane.

3. Planned Giving: The Lasting Legacy Track

3.1 The Market

$45.8 billion in bequest giving annually (Giving USA 2025)
$124 trillion Great Wealth Transfer projected through 2048 (Cerulli Associates)
$18 trillion of that projected to go to charity
~370,000 organizations have some planned giving activity
Average planned gift: $147,000 (2023)

3.2 Major Planned Giving Vehicles

Bequests (68% of realized planned gifts) — donor names charity in will
Charitable Remainder Trusts (CRTs) — income to donor, remainder to charity
Charitable Gift Annuities (CGAs) — fixed annuity in exchange for gift; regulated as insurance
Donor-Advised Funds (DAFs) — fastest-growing; 15% of planned gift transfers
Charitable Lead Trusts (CLTs) — income to charity, remainder to heirs
Life insurance, QCDs from IRAs, non-cash assets (real estate, crypto, etc.)

3.3 Planned Giving Service Providers (Potential Partners for Lasting Legacy)

Provider	Size	What They Do	Opportunity
Foundation Source (Fairfield, CT)	4,000+ clients, $26B+ AUM	Full-service foundation admin; acquired PG Calc (2024), Vennfi, Giving Place	Integration challenges post-acquisition; clients may need independent DR/security
PG Calc (now Foundation Source)	~53 employees, ~$8M rev	Trust/annuity administration, calculations	Gold standard; learn their processes
Crescendo Interactive (Camarillo, CA)	~50 employees, ~$10M rev	Gift planning marketing, 1,300+ planned giving websites	Potential referral partner
FreeWill (NYC)	~150 employees, VC-backed	Free will-making tool + nonprofit planned giving suite	Disruptor; 10,000+ nonprofit clients
Stelter Company (Urbandale, IA)	~90 employees	Planned giving marketing for 1,500+ nonprofits	Content + marketing partner potential
PlannedGiving.com (Viken Mikaelian)	Small	Accessible planned giving tools for 600+ nonprofits	Good entry point for smaller orgs

3.4 Planned Giving Data Sensitivity

Planned giving operations handle the most sensitive data in the nonprofit sector:

Donor PII (SSNs, dates of birth, marital status)
Net worth and income data
Estate planning documents (wills, trust instruments)
Beneficiary designations and family financial structures
Trust administration records (payment schedules, investment allocations)
Tax reporting data (Forms 5227, K-1s, 1099-Rs)

The Blackbaud precedent: The 2020 ransomware attack compromised 13,000+ nonprofit entities. Settlements totaled $56M+ (multistate AG + California + FTC). This makes the risk concrete and quantifiable for any organization handling donor data.

3.5 Planned Giving Pain Points We Can Address

System fragmentation: 4-6 disconnected systems (CRM, planned giving software, accounting, investments, marketing, wealth screening); manual data flows between them
Trust records are irreplaceable: Losing CRT terms, CGA payment schedules, or beneficiary designations requires reconstructing from attorneys, donors (who may be deceased), and financial institutions
No DR plans for planned giving data: Planned giving software rarely included in (often nonexistent) disaster recovery plans
Key-person risk: Single gift planning officer holds critical institutional knowledge
Vendor concentration risk: Foundation Source’s acquisition spree means more data concentrated in fewer platforms
Paper records: Many programs maintain paper copies of trust documents; no backup

3.6 Two Approaches to Planned Giving Organizations

Approach A: Sell Solanasis services directly

Target: Nonprofits and community foundations with active planned giving programs ( $5 M -$ 100M budget)
Offer: ORB focused on planned giving data security, DR verification for trust records, systems integration audit
Messaging: “Your planned giving database contains more sensitive financial data than most banks hold on individual customers. When was the last time you tested whether you could recover your trust administration records?”

Approach B: Learn and partner (the Lasting Legacy path)

Target: Planned giving service providers (PG Calc/Foundation Source, Crescendo, FreeWill, community foundations)
Goal: Understand their processes, build relationships, eventually become a partner or build complementary technology
Approach: Offer security/DR services as a door opener; build trust; learn their tech stack and workflows
Ian’s advice: “Start reaching out to planned giving firms and see what’s possible to start working with them”

Both approaches can run simultaneously.

4. Data Sources: The Free Prospecting Pipeline

4.1 Source Ranking (Best to Worst for List-Building)

Rank	Source	Free?	What You Get	Export?
1	NCCS Business Master File (BMF)	Yes	Every exempt org: name, EIN, address, NTEE code, foundation code, subsection	CSV download
2	ProPublica Nonprofit Explorer API	Yes, no auth	Revenue, expenses, assets, officer names (via XML), filing history	JSON (script to CSV)
3	GivingTuesday 990 Data Lake	Yes	Structured 990-PF data marts; personnel, grants, financials	Download + API
4	Colorado SOS Charity Database	Yes	Name, address, phone, website, registration status	CSV from data.colorado.gov
5	Candid FDO Quick Start	Free registration	Foundation profiles, assets/giving range filter	Manual only
6	ProPublica 990-PF XML filings	Yes	Full filing data: all officers, compensation, investments, grants	XML (parse to CSV)
7	Philanthropy Colorado Directory	Yes	~114 member foundations, filterable by type	Manual

4.2 How to Identify Private Foundations in IRS Data

Method 1: Form type

990-PF filers = private foundations (the form is literally “Return of Private Foundation”)
ProPublica API: formtype: 2 = 990-PF

Method 2: Foundation code in BMF

02 = Private operating foundation (exempt from excise tax on investment income)
03 = Private operating foundation (other)
04 = Private non-operating foundation (classic grantmaking; most common)
Filter on codes 02, 03, 04

Method 3: Double-filter

Subsection code 03 (= 501(c)(3)) AND Foundation code 02/03/04
Confirms: 501(c)(3) private foundations only

4.3 The Free Pipeline Architecture

Step 1: NCCS BMF Download (CSV)
  └─ Filter: State=CO, Subsection=03, Foundation=02|03|04
  └─ Output: Every private foundation in Colorado with EIN, name, address, NTEE code
        │
Step 2: ProPublica API Enrichment (free, no auth)
  └─ For each EIN: GET /organizations/{EIN}.json
  └─ Returns: total revenue, total expenses, total assets, filing history
  └─ Filter: total_assets between $5M and $50M (or your chosen range)
        │
Step 3: ProPublica XML Parsing (free)
  └─ For qualifying foundations: download and parse most recent 990-PF XML
  └─ Extract: officer names + titles + compensation, website URL, phone number
        │
Step 4: Colorado SOS Cross-Reference (CSV download)
  └─ Match by name/EIN to get: phone, website, registration status
        │
Step 5: Contact Enrichment
  ├─ For foundations WITH websites: Firecrawl (500 free credits) or custom scraper
  │   └─ Extract: contact emails, staff names, about page info
  ├─ For ALL foundations: Apollo.io (free tier, unlimited email lookups)
  │   └─ Search officer names → find professional email addresses
  └─ For high-priority targets: LinkedIn manual research
        │
Step 6: CRM CSV Export
  └─ Consolidated CSV with all fields ready for CRM import

4.4 What You Can and Cannot Get for Free

Available for free:

Organization name, EIN, address, state, zip
NTEE classification code (program area)
Foundation type (operating vs. non-operating)
Total revenue, total expenses, total assets, total liabilities
Officer/director names, titles, compensation
Phone number (from 990-PF header)
Website URL (from 990-PF Line 13, if reported; also from CO SOS)
Grant history (who they fund, how much)
Investment income and portfolio details
Filing history (how recently they filed; active vs. inactive signal)

Not freely available in bulk:

Email addresses (must be enriched from websites, Apollo, or Hunter.io)
Detailed mission/program descriptions (available in XML but requires parsing)
Board member bios and backgrounds (LinkedIn required)
Technology stack details (requires research or direct contact)
Personal contact info for officers (must be found via LinkedIn/Apollo)

4.5 Realistic Hit Rates for Contact Enrichment

Data Point	Expected Hit Rate	Source
Organization name + address	~100%	IRS BMF
Total assets / revenue	~95%+	ProPublica API
Officer names + titles	~60-65% (e-filers)	990-PF XML parsing
Phone number	~80-90%	990-PF header + CO SOS
Website URL	~10-30% (small foundations)	990-PF + CO SOS
Contact email (from website)	~5-15% of total	Website scraping
Officer email (from Apollo/Hunter)	~15-25% additional	Email enrichment tools
Total with valid email	~20-40%	Combined
Total with phone number	~80-90%	990 + CO SOS

Key insight: Phone may outperform email for this market. Most small foundations lack websites and public emails, but 100% of 990-PFs have a phone number. A call to the principal officer of a small foundation is likely to reach a human; these are not call centers with gatekeepers.

5. Identifying Tech-Savvy Foundations (Readiness Signals)

Not all foundations in the sweet spot are ready to buy. These signals indicate a foundation is more likely to engage:

5.1 Strong Positive Signals

Signal	How to Detect	Why It Matters
Has a modern website	Website exists + is not from 2005	Indicates tech awareness; also provides contact email
Uses grant management software	Website mentions Fluxx/Foundant/SmartSimple or has online applications	They’re already investing in technology
Has online grant applications	Check their website for applicant portals	Digital operations = more data to protect
Executive director on LinkedIn	Search LinkedIn for ED name + foundation	Digitally engaged; reachable via LinkedIn
Board includes tech/business executives	990-PF officer list + LinkedIn lookup	Tech-literate board = easier to sell security
Recently hired operations/admin staff	990-PF year-over-year compensation comparison	Growing = investing in infrastructure
Multiple grant programs	990-PF Part XV (grant activity)	Complexity = more data, more systems, more risk
Community foundation member	Check community foundation partner lists	Connected to professional ecosystem
Exponent Philanthropy member	Check membership lists if available	Lean foundation; values efficiency and external help

5.2 Negative Signals (Likely Not Ready)

Signal	How to Detect	Why It Matters
Zero paid staff	990-PF Part VIII shows no compensation	Trustee-only; no one to engage with
All officers share same last name, same address	990-PF officer list	Small family foundation; likely managed by family attorney
No website, no LinkedIn presence	Web search returns nothing	Not digitally engaged
Declining assets	Year-over-year ProPublica data	May be spending down (not perpetuity-focused)
Very small grants (under $1K each)	990-PF grant list	Likely a pass-through family foundation
Filed 990-PF late or inconsistently	ProPublica filing history	Operational disorganization

5.3 Scoring Model (Proposed)

Weight each signal to create a prospect priority score:

Signal	Points
Total assets $5 M -$ 50M	+10
Has website	+5
ED on LinkedIn	+5
Uses grant management software	+5
Online grant applications	+3
Board includes tech/business background	+5
Multiple paid staff	+3
Growing assets (year-over-year)	+3
Colorado-based	+5
Has phone number available	+2
Community foundation member	+3
NEGATIVE: Zero staff	-10
NEGATIVE: Declining assets	-5
NEGATIVE: Family-only officers	-3

Priority tiers:

A (30+ points): Immediate outreach; high probability of engagement
B (20-29 points): Standard outreach; good potential
C (10-19 points): Monitor; outreach if volume allows
D (under 10): Skip for now

6. Pricing for Foundations

6.1 Adapted Offer Stack

Offer	Price	Timeline	What It Includes
Foundation Resilience Checkup (ORB)	$5, 000 -$ 7,500	10 business days	Security baseline, real restore test, systems inventory, prioritized 30/60/90 plan, maturity scorecard
Foundation Remediation Sprint	$9, 000 -$ 18,000	2-4 weeks	Close top gaps: DR plan, access controls, vendor security review, data handling procedures, staff training
Fractional Resilience Partner	$2, 500 -$ 5,000/month	Ongoing	Monthly monitoring, quarterly DR tests, vendor oversight, board-ready reporting, incident response on-call
Planned Giving Data Security Audit (specialty)	$7, 500 -$ 12,500	2 weeks	Focus on trust records, CRM-to-accounting data flows, PII handling, CGA compliance documentation

6.2 Pricing Rationale

Comparable to their existing professional services spend: Foundations pay attorneys $300 -$ 500/hr and CPAs $200 -$ 400/hr. Our effective rate of ~$250/hr is within range.
Below the “board approval” threshold: Most EDs can approve $5 K -$ 10K without a full board vote. This is critical for speed.
The ORB pays for itself: If it prevents even one data breach (average cost: $4.24 M), t h e RO I i s in f ini t e . E v e namin or in c i d e n t (l a w yer f ees, n o t i f i c a t i o n cos t s, d o n or t r u s t eros i o n) e a s i l ye x cee d s$ 50K.

6.3 Foundation-Specific Messaging

Lead with mission protection, not compliance:

“Your foundation exists to create lasting impact. A data breach or system failure doesn’t just cost money; it disrupts your mission and erodes donor trust.”
“You’ve built something meant to last for generations. Is your technology infrastructure built for that same timeline?”
“Your trust administration records are irreplaceable. We verify they’re actually protected.”

The restore test hook (same as RIA playbook):

“We don’t just check boxes. We actually restore your backups to prove they work. Most organizations have never done this.”
“67% of backup restore tests fail on the first attempt. We find out before a real disaster does.”

7. The AI-Native Automated Pipeline

7.1 What Can Be Automated (Everything Before the Call)

Step	Automation Level	Tool/Method
Foundation list extraction from IRS data	Full auto	Python script: download BMF CSV, filter, output list
Financial enrichment from ProPublica	Full auto	Python script: API calls, filter by asset range
Officer name extraction from 990 XML	Full auto	Python + IRSx library
Website discovery	Full auto	990-PF URL field + CO SOS data + web search
Website scraping for contact emails	Full auto	Firecrawl API or BeautifulSoup script
Email enrichment (Apollo/Hunter)	Semi-auto	Apollo.io free tier API; some manual review
LinkedIn research for key officers	Semi-auto	Sales Navigator + manual verification
Prospect scoring	Full auto	Python script applying scoring model from Section 5.3
Personalized outreach drafting	Full auto	Claude API: generate personalized emails from prospect data
Email sending + follow-up sequences	Full auto	Apollo.io sequences (free tier: 2 active sequences)
Response monitoring + qualification	Semi-auto	Apollo.io + manual review of responses
Call scheduling	Manual	Dmitri takes the call

7.2 Tool Stack for the Pipeline

Tool	Cost	Purpose
Python (pandas, requests, BeautifulSoup)	Free	Data processing, API calls, scraping
IRS BMF data (NCCS)	Free	Foundation universe
ProPublica API	Free, no auth	Financial enrichment
IRSx (990 XML parser)	Free, open source	Officer name extraction
Colorado SOS open data	Free	Phone, website, registration
Apollo.io (free tier)	Free	Email enrichment + outreach sequences
Hunter.io (free tier)	Free (25 searches/mo)	Domain email discovery
Firecrawl (free tier)	Free (500 credits)	Website contact scraping
Claude API	Part of existing Claude subscription	Personalized email generation
Total	$0/month

Optional adds:

LinkedIn Sales Navigator ($99/month) for manual high-value prospect research
Instantly.io ($30/month) for higher-volume email sending when pipeline scales
Separate outreach domain ($12/year) to protect solanasis.com reputation

7.3 Pipeline Execution Flow

PHASE 1: DATA (One-time setup, ~4-8 hours of engineering)
  1. Download NCCS BMF → filter Colorado private foundations
  2. Enrich via ProPublica API → filter by asset range
  3. Parse 990-PF XMLs → extract officers, phone, website
  4. Cross-reference CO SOS data
  5. Run enrichment (Apollo, Hunter, website scraping)
  6. Apply scoring model
  7. Export to CRM-ready CSV

PHASE 2: OUTREACH (Ongoing, automated)
  1. Claude drafts personalized emails for A-tier prospects
  2. Apollo.io sends initial outreach + 3-4 follow-ups
  3. Responses flagged for Dmitri's review
  4. Interested prospects → Dmitri schedules intro call

PHASE 3: EXPAND (After Colorado proves the model)
  1. Run same pipeline for surrounding states (UT, NM, WY, NE, KS)
  2. Then national (high-asset-density states: CA, NY, TX, FL, MA, CT, IL)
  3. Add planned giving organizations as a parallel track

7.4 CAN-SPAM Compliance for Automated Outreach

Cold email to nonprofits is legal in the US. Requirements:

Accurate header information (From, To, Reply-To)
Non-deceptive subject lines
Identify as advertisement (if applicable; B2B service offers have more flexibility)
Include physical postal address
Provide opt-out mechanism (unsubscribe link)
Honor opt-outs within 10 business days
Use a separate domain for cold outreach (protect solanasis.com reputation)
Warm up the outreach domain for 2-4 weeks before sending
Keep volume low: 20-30 emails/day to start

8. CRM CSV Specification

8.1 Recommended Fields

Field	Source	Notes
`organization_name`	BMF	Legal name
`ein`	BMF	Employer Identification Number
`foundation_type`	BMF	”Private Non-Operating”, “Private Operating”, etc.
`ntee_code`	BMF	Program classification
`ntee_description`	Derived	Human-readable NTEE category
`address_street`	BMF / CO SOS
`address_city`	BMF
`address_state`	BMF
`address_zip`	BMF
`phone`	990-PF / CO SOS
`website`	990-PF / CO SOS
`total_assets`	ProPublica	Most recent filing
`total_revenue`	ProPublica	Most recent filing
`total_expenses`	ProPublica	Most recent filing
`filing_year`	ProPublica	Year of most recent filing
`principal_officer_name`	990-PF XML
`principal_officer_title`	990-PF XML
`officer_count`	990-PF XML	Number of listed officers/directors
`total_compensation`	990-PF XML	Total officer/employee compensation
`contact_email`	Enrichment	From website, Apollo, or Hunter
`email_source`	Enrichment	”website”, “apollo”, “hunter”, “manual”
`linkedin_url`	Manual/Apollo	Officer’s LinkedIn profile
`has_website`	Derived	Boolean
`has_grant_program`	990-PF	Boolean: grants paid > $0
`prospect_score`	Scoring model	From Section 5.3
`prospect_tier`	Scoring model	A, B, C, or D
`notes`	Enrichment	Mission summary, notable findings
`last_updated`	Pipeline	Date of last enrichment

8.2 Example Row

organization_name: "Colorado Mountain Foundation"
ein: "84-1234567"
foundation_type: "Private Non-Operating"
ntee_code: "T20"
ntee_description: "Private Grantmaking Foundations"
address_city: "Denver"
address_state: "CO"
total_assets: 12500000
total_revenue: 850000
principal_officer_name: "Jane Smith"
principal_officer_title: "Executive Director"
contact_email: "jane@coloradomountainfoundation.org"
prospect_score: 35
prospect_tier: "A"

9. Website: Foundation/Nonprofit Section

9.1 Proposed Addition

Add a vertical landing page at /for/foundations (or /for/nonprofits) following the same pattern recommended in FUTURE-SUGGESTIONS.md for /for/rias and /for/family-offices.

9.2 Page Structure

/for/foundations (or /for/nonprofits)

HEADLINE: "Operational Resilience for Foundations That Plan to Last"
SUBHEAD: "Your mission is built for generations. Your technology should be too."

SECTION 1: The Problem
- Foundations handle wealth management-grade data on minimal IT budgets
- Trust records, donor PII, estate documents are irreplaceable
- Most foundations have never tested whether their backups actually work
- The Blackbaud breach cost $56M+ and exposed 13,000 nonprofits

SECTION 2: What We Do
- Foundation Resilience Checkup (10 days, fixed fee)
- Real disaster recovery test (we restore your backups to prove they work)
- Systems inventory and risk prioritization
- Board-ready reporting

SECTION 3: Who This Is For
- Private foundations ($5M-$50M in assets)
- Community foundations handling planned giving
- Family foundations planning for multi-generational impact
- Nonprofits with active planned giving programs

SECTION 4: What You Get
- Same deliverable list as main site ORB, but framed for foundation context:
  - Gap analysis mapped to nonprofit data protection standards
  - Risk register (prioritized, evidence-backed)
  - 90-day resilience roadmap with owners/deadlines
  - Maturity scorecard
  - Disaster recovery report with restore verification

SECTION 5: How We Work
- Reuse existing 5-step process
- Emphasize: minimal disruption to your team (we know you're lean)

SECTION 6: FAQ (Foundation-specific)
- "How much does this cost?" → $5,000-$7,500 for the Resilience Checkup
- "Do we need board approval?" → Most EDs can approve without full board vote
- "How much of our time does this take?" → 3-5 hours of your team's time over 10 days
- "What if we don't have IT staff?" → That's exactly who this is for

SECTION 7: CTA
- "Schedule a 30-Minute Conversation" → booking link
- "Download: 10-Point Resilience Checklist for Foundations" → email-gated PDF

9.3 Implementation Notes

Reuse existing BaseLayout, ContactForm, FAQ components
Foundation-specific testimonial/case study slot (empty until first client)
SEO target: “cybersecurity for private foundations”, “nonprofit disaster recovery”, “foundation data security”
Low effort: ~4-6 hours to build, using existing site patterns

10. Outreach Strategy & Messaging

10.1 Email Templates (Foundation-Specific)

Template A: The Restore Test Hook

Subject: Quick question about [Foundation Name]'s backup system

Hi [First Name],

I work with private foundations on operational resilience; making sure
their systems, backups, and data protections actually work when needed.

One thing I've found: most foundations have backup systems they've never
tested. When we do an actual restore test, about two-thirds fail on the
first attempt.

For a foundation like [Foundation Name] managing [$X]M in charitable
assets, that's a risk worth understanding.

Would a 20-minute conversation make sense to see if this is relevant
to your operations?

Best,
Dmitri Zasage
Solanasis | 303-900-8969

Template B: The Mission Protection Angle

Subject: Protecting [Foundation Name]'s long-term impact

Hi [First Name],

I help foundations ensure their technology infrastructure matches the
permanence of their mission. [Foundation Name]'s work in [program area]
is exactly the kind of lasting impact that deserves protection.

Most foundations I talk with have never had an independent review of
whether their data (grant records, donor information, trust documents)
could actually be recovered after a system failure.

We do a 10-day Resilience Checkup (fixed fee, minimal disruption to
your team) that answers that question definitively.

Worth a brief conversation?

Dmitri Zasage
Solanasis | 303-900-8969

Template C: For Planned Giving Organizations

Subject: Planned giving data protection

Hi [First Name],

I've been learning about the operational side of planned giving programs,
and one thing stands out: the data you handle (estate plans, trust
documents, donor financial details) is arguably more sensitive than what
most banks hold on individual customers.

I help organizations verify that their systems, backups, and data
protections actually work. Not just check boxes; we run real restore
tests and document the results.

I'd love to learn more about how [Organization Name] handles the
technology side of planned giving. Would you be open to a brief call?

Dmitri Zasage
Solanasis | 303-900-8969

10.2 Phone Script (For Foundations Without Email)

Since ~80-90% of foundations have phone numbers but only ~20-40% have discoverable emails, phone outreach is critical.

"Hi, this is Dmitri Zasage. I'm calling from Solanasis; we work with
private foundations on operational resilience.

I'm reaching out because I've been working with organizations similar
to [Foundation Name] and finding that most have never tested whether
their backup systems actually work. For foundations managing charitable
assets, that's a significant risk.

Would [ED name] have 15-20 minutes sometime this week or next for a
quick conversation about whether this is relevant to your operations?"

10.3 Outreach Cadence

Day	Action	Channel
Day 1	Initial email (Template A or B)	Email
Day 4	Follow-up email (add value; share a relevant article or stat)	Email
Day 8	Phone call (if phone available)	Phone
Day 12	Final email (brief; “wanted to make sure this reached you”)	Email
Day 15	LinkedIn connection request (if ED is on LinkedIn)	LinkedIn

11. Finding Planned Giving Organizations Specifically

11.1 From IRS Data

Schedule R of Form 990 discloses related CRTs (name, EIN, charity’s interest)
Form 5227 is filed by split-interest trusts; identifies both the trust and its charitable beneficiaries
Revenue line items on 990: Look for CGA revenue, trust income, bequest revenue
990-PF Part XV: Grant activity, including grants from planned gift proceeds

11.2 From Web Research

Crescendo Interactive hosts 1,300+ planned giving websites for clients; these are discoverable via web search
FreeWill partner list (10,000+ nonprofits) may be partially public
CGP (Charitable Gift Planners) local council membership lists gift planning professionals and their organizations
ACGA member list identifies organizations issuing CGAs

11.3 Colorado-Specific Planned Giving Sources

Philanthropy Colorado member directory (~114 members, filterable by type)
Colorado Planned Giving Roundtable (if it exists; check CGP council directory)
Boulder Community Foundation (mentioned by Ian Crafford as a model to study)
Denver Foundation ($66M annual giving; has planned giving program)
Community First Foundation / Colorado Gives Foundation

12. Implementation Roadmap

Phase 1: Build the Pipeline (Week 1-2)

Phase 2: Prepare Outreach (Week 2-3)

Register outreach domain (e.g., solanasishq.com or solanasis.co)
Set up SPF/DKIM/DMARC on outreach domain
Warm up domain (2 weeks minimum)
Draft email templates (adapt from Section 10.1)
Set up Apollo.io sequences
Create phone script (Section 10.2)
Prepare foundation-specific one-pager PDF

Phase 3: Launch Outreach (Week 3-4)

Send first batch (10-15 A-tier prospects)
Monitor responses
Phone follow-ups on Day 8
Adjust messaging based on response patterns
Add B-tier prospects to sequences

Phase 4: Website + Content (Week 4-6)

Build /for/foundations landing page
Create “Foundation Resilience Checklist” PDF lead magnet
Write 1-2 blog posts targeting foundation keywords
LinkedIn posts about nonprofit/foundation data security

Phase 5: Planned Giving Track (Parallel, Month 2+)

Research Colorado CGP local council; attend a meeting
Reach out to Boulder Community Foundation (Ian’s recommendation)
Contact 3-5 planned giving service providers to learn their processes
Explore ACGA conference attendance/sponsorship
Document findings for Lasting Legacy strategy

Phase 6: Scale (Month 3+)

Expand pipeline to surrounding states
Refine scoring model based on actual conversion data
Build retainer conversion playbook for foundation clients
Formalize planned giving partnerships
Connect foundation work to Lasting Legacy strategy

13. Open Questions (Need Dmitri’s Input)

Asset range for targeting: $5 M -$ 50M recommended. Adjust?
Geography: Colorado first, then expand? Or national from the start?
Foundation type: Private foundations only? Include community foundations?
CRM: What CRM will the CSV go into? (ClickUp? HubSpot? Notion? Excel?)
Outreach domain: Use existing solanasishq.com or register something new?
Lasting Legacy timing: Start planned giving provider outreach now (in parallel) or after first foundation client?
Website section: /for/foundations or /for/nonprofits or both?
Phone outreach: Is Dmitri willing to make cold calls? Or email/LinkedIn only?
Budget for tools: $0/ m o n t h (f ree t i ero n l y) or w i ll in g t o a dd S a l es N a v i g a t or ($ 99/month)?

14. Risk Assessment

Risk	Likelihood	Impact	Mitigation
Low email hit rate	HIGH	Medium	Lean into phone outreach; phone numbers available for ~90%
Foundations are slow to respond	HIGH	Medium	Long follow-up cadence; patience; relationship-building
Board approval delays	Medium	Medium	Price ORB under ED discretionary authority (~ $5 K -$ 10K)
Foundation Source already addresses their needs	LOW	High	Foundation Source does admin/compliance, NOT security/DR; different lane
Foundations don’t see themselves as “at risk”	Medium	High	Lead with the restore test (tangible, provable); Blackbaud precedent
Cannibalizes time from RIA pipeline	Medium	Medium	Automate foundation outreach; Dmitri only engages for calls
Lasting Legacy vision is too early	LOW	LOW	Foundation clients build the relationships regardless; no downside

Appendix A: Key Data Sources & URLs

Source	URL
NCCS BMF Downloads	https://urbaninstitute.github.io/nccs/datasets/bmf/
ProPublica Nonprofit Explorer	https://projects.propublica.org/nonprofits/
ProPublica API Docs	https://projects.propublica.org/nonprofits/api
GivingTuesday Data Lake	https://990data.givingtuesday.org/
IRS 990 Series Downloads	https://www.irs.gov/charities-non-profits/form-990-series-downloads
Colorado SOS Charities	https://data.colorado.gov/Nonprofit-Data/Charities-in-CO/66rt-nbke/data
Candid FDO Quick Start	https://fconline.foundationcenter.org/welcome/quick-start
Philanthropy Colorado Directory	https://philanthropycolorado.org/directory
Apollo.io	https://www.apollo.io/
Hunter.io	https://hunter.io/
IRSx (990 XML Parser)	https://github.com/jsfenfen/990-xml-reader
CGP Council Directory	https://charitablegiftplanners.org/council-directory
ACGA (Gift Annuities)	https://www.acga-web.org/
Exponent Philanthropy	https://www.exponentphilanthropy.org/
Foundation Source	https://foundationsource.com/

Appendix B: NTEE Codes Relevant to Foundation Targeting

Code	Description
T20	Private Grantmaking Foundations
T21	Corporate Foundations
T22	Private Independent Foundations
T23	Private Operating Foundations
T30	Public Foundations
T31	Community Foundations
T40	Voluntarism Promotion
T50	Philanthropy/Charity/Voluntarism Promotion

Appendix C: Planned Giving Industry Contacts

Organization	Contact Point	Purpose
Boulder Community Foundation	General inquiry	Learn planned giving processes (Ian’s recommendation)
National Christian Foundation (NCF)	General inquiry	Study DAU model for charitable giving
CGP Colorado local council (if exists)	Attend meeting	Network with gift planning professionals
FreeWill	Partner program	Learn their technology; potential partnership
Crescendo Interactive	Sales/partnership	Understand their client base; referral opportunity
Foundation Source	General inquiry	Understand what they do/don’t cover (they don’t do security/DR)

15. Senior Review Corrections (V2)

Review status: APPROVED WITH NOTES. The following corrections were identified and should be applied when citing numbers externally.

15.1 Corrected Statistics

Claim in V1	Corrected	Source
~120,000 private foundations in US	~150,430	Cause IQ 2025 data
Foundation Source: 4,000+ clients, $26B+ assets	5,600+ foundations, 20,000 DAF accounts, $47B+ assets	Foundation Source Dec 2025
Average data breach cost: $4.24M	$4.88M	IBM Cost of Data Breach Report 2024
”67% of backup restore tests fail”	Unverifiable as stated. Use: “most organizations have never tested their restores” or cite At-Bay’s finding that hybrid backups show 67% recovery rate (33% fail)	At-Bay ransomware report
Blackbaud settlements “$56M+“	** $59.25 M + * * ($ 49.5M multistate + $6.75 MC A +$ 3M SEC)	State AG + SEC filings
”~90% of foundations giving under $50M have no website”	Widely acknowledged but specific % unverifiable. Soften to: “the vast majority of small private foundations lack websites”	Foundation Source, Inside Philanthropy
Average planned gift: $147,000	Unverifiable. FreeWill 2024 data shows average bequest $28 K -$ 110K by age group, platform average $48,723	FreeWill 2024 Planned Giving Report
Crescendo “1,300+ planned giving websites”	Unverifiable count. They are the largest vendor (35+ years) but the 1,300 figure is not publicly stated	Cannot verify

15.2 Critical Operational Correction: Apollo.io Free Tier

The playbook overstated Apollo.io’s free tier. Reality:

Free tier: only 10 export credits/month (cannot export contacts to CSV or CRM)
~100 contact lookups/month on non-verified domains
No CRM integration
Basic filters only (no revenue/technographic filters)

The “unlimited email credits” claim is subject to fair-use limits (~250/day) and only applies to verified corporate domains.

Impact: The entire pipeline bottleneck is at contact enrichment. The free tier is insufficient for a real pipeline. Budget $49-59/month for Apollo Basic or use an alternative enrichment path.

15.3 Strategic Corrections

Raise the floor of the sweet spot to $10M in assets:

A $5 M f o u n d a t i o n d i s t r ib u t es$ 250K/year with ~11% admin ratio = $27,500 in admin budget
A $5,000 engagement is 18% of that admin budget; very hard to justify
A $10 M f o u n d a t i o nha s$ 55K- $75 K a d minb u d g e t;$ 5K-$7.5K is more realistic (7-14%)

Colorado market size estimate:

~2,772 private foundations in Colorado total
The $10 M -$ 50M slice is likely 150-400 foundations
After scoring/filtering for readiness signals: 40-100 realistic A/B-tier prospects
This is enough for a meaningful test but must be acknowledged upfront

Priority ranking within overall GTM:

This should be Priority 4-5, below financial services targets that have regulatory deadlines (Reg S-P June 3)
Foundations have no regulatory forcing function equivalent to Reg S-P
Sales cycle is likely 60-120 days (not 30-45 days like RIAs)
Foundation outreach should be automated specifically so it does NOT cannibalize time from the RIA sprint

Kill switch (mandatory):

If fewer than 3 intro calls are booked from the first 50 foundation contacts: redirect all resources to the financial services pipeline
Track: outreach start date, total contacted, replies, positive replies, calls booked
Evaluate at Day 45 and Day 90

15.4 What the Reviewer Confirmed as Strong

The pipeline architecture (BMF → ProPublica → 990-PF XML → enrichment) is real and functional
The scoring model with positive/negative signals is well-designed and actionable
The email templates match Dmitri’s voice and are well-differentiated
The phone-first insight is strategically important and underappreciated
The competitive landscape assessment appears accurate: no firm markets “cybersecurity for private foundations” specifically
Foundation Source does NOT provide security/DR services; the lane is genuinely open

16. The AI-Native Automation Strategy (V2)

16.1 The Vision: Everything Before the Call is Automated

This is the test case for Solanasis’s AI-native agency model. The goal: Dmitri’s only involvement is reviewing AI-drafted emails (1-2 min each) and taking calls with interested prospects. Everything else is automated.

16.2 The Niche-Down Decision

Based on all research, the recommended niche for this test:

Primary ICP: Private non-operating foundations (foundation code 04) with $10 M -$ 50M in total assets, 2-10 paid staff, based in Colorado. These are grantmaking foundations large enough to have an Executive Director and admin budget, small enough to lack IT staff.

Why this niche:

~150-400 in Colorado (enough for a meaningful test)
ED is the decision-maker (no procurement department)
$5 K -$ 7.5K ORB fits within ED discretionary authority
They handle sensitive data (donor PII, grant records, financial data)
Nobody else is targeting them with this specific offer
Relationship-oriented (fits Solanasis’s relationship-first approach)
Feeds into the Lasting Legacy planned giving vision

Secondary ICP (Phase 2): Community foundations in Colorado (they handle planned giving for many smaller organizations; one client = multiplied impact).

Tertiary ICP (Phase 3): Nonprofits with active planned giving programs ($5M+ annual budget) nationally.

16.3 The Pitch

One-liner: “10-day Resilience Checkup for foundations. We test whether your backups, systems, and data protections actually work. Fixed fee, minimal disruption to your team.”

The “untied shoelaces” angle (Dmitri’s metaphor): Your foundation is doing great work. But there are small things that, left unchecked, can trip you up badly:

Backups that have never been tested (do they actually restore?)
Shared passwords on sticky notes or in spreadsheets
No multi-factor authentication on email or grant management systems
Board documents shared via unencrypted email
No one reviewing whether your vendors (cloud, CRM, accounting) are secure
No plan for what happens if your ED’s laptop is stolen or compromised

These are not exotic threats. They are operational hygiene. We check for them, fix the easy ones, and give you a clear plan for the rest.

The full pitch (for the intro call): “Private foundations handle some of the most sensitive data in the nonprofit sector: donor financial details, estate plans, grant records, investment portfolios. Most foundations I talk to have backup systems they’ve never tested. When we actually restore those backups, about half of them fail.

We do a 10-day Resilience Checkup: we inventory your systems, run a real backup restore test, check your access controls and vendor security, and give you a prioritized plan. Fixed fee of $5, 000 -$ 7,500 depending on your size. Your team spends about 3-5 hours total. At the end, you know exactly where you stand and what to do about it.

The Blackbaud breach cost $59M in settlements and exposed 13,000 nonprofits. Your data is at least as sensitive. This is a conversation worth having.”

16.4 Channel Strategy: LinkedIn First, Email Second

Critical finding from research: Nonprofits have the highest LinkedIn reply rate of any sector at 16.5%+ (Expandi 2025 data). This dramatically changes the channel strategy.

Revised outreach cadence:

Day	Action	Channel	Effort
Day 0	LinkedIn connection request (warm note)	LinkedIn	Semi-automated
Day 3	If accepted: LinkedIn message (Template B, mission-focused)	LinkedIn	AI-drafted, human-reviewed
Day 5	Email (Template A, restore test hook)	Email (Instantly)	Automated
Day 9	LinkedIn follow-up (share relevant article or stat)	LinkedIn	Semi-automated
Day 13	Email follow-up (brief, “wanted to make sure this reached you”)	Email (Instantly)	Automated
Day 17	Phone call (if phone number available and no response)	Phone	Manual (Dmitri)

Why LinkedIn first:

16.5% reply rate vs. 3.4% for email
Foundation EDs who are on LinkedIn are more likely to be tech-engaged (a positive readiness signal)
LinkedIn messages feel more personal and less “cold” than email
Dmitri’s LinkedIn profile is already being built out for the RIA play
Content posted on LinkedIn (about foundation data security) pre-warms prospects

16.5 Recommended Tool Stack

Phase 1: Minimum Viable Test ($38-80/month)

Tool	Purpose	Cost
ProPublica API	Foundation 990 data	Free
NCCS BMF	Foundation universe (Colorado CSV)	Free
GivingTuesday Data Lake	990-PF structured data	Free
Apollo.io Free	Initial contact lookups (limited to ~100/mo)	Free
Instantly Growth	Email sending + warmup + sequences	$38/mo
Claude API (Haiku)	Email generation + prospect scoring	~$1/mo
n8n self-hosted	Pipeline orchestration	Free ($5-20 VPS)
Total		$38-59/mo

Phase 2: Validated Pipeline ($150-250/month)

Tool	Purpose	Cost
Apollo Basic	5,000 credits/mo, better enrichment	$49/mo
Instantly Growth	Email sending + warmup	$38/mo
Clay Starter	Waterfall enrichment + Claygent	$149/mo
Loom Business	Video personalization	$20/mo
n8n self-hosted	Pipeline orchestration	Free-$20/mo
Claude API	Email generation + scoring	~$5/mo
Total		$261-281/mo

Phase 3: Scaled Outreach ($300-500/month)

Tool	Purpose	Cost
Everything in Phase 2		~$280/mo
HeyGen Creator	AI avatar personalized videos	$29/mo
Framer Pro	A/B tested landing pages	$28/mo
Wappalyzer API	Tech stack identification	Variable
Total		$337+/mo

16.6 What NOT to Use

Tool	Why Not
AI voice agents (Bland, Vapi, Retell)	FCC ruled AI voices = “artificial” under TCPA. Penalties: $500-1,500 per call. Requires prior express written consent for cold calls. Foundation executives would find this spammy and unprofessional. Hard no.
Air.ai	FTC lawsuit filed Aug 2025. Platform inactive. 1.5/5 Trustpilot. Avoid entirely.
Clay at Explorer+ tier	$349/mo is overkill until you’re processing 500+ prospects/month
Zapier for the pipeline	Task-based pricing gets expensive fast for multi-step workflows; n8n is far cheaper
La Growth Machine / Lemlist	Per-seat pricing doesn’t make sense for solo operator when Instantly is cheaper

16.7 AI Video: What’s Possible with Minimal Effort

Option 1: Loom + Variables ($20/month) — RECOMMENDED START

Record one 60-second video explaining the Resilience Checkup
Use Loom’s Variables feature to customize per prospect (auto-insert foundation name, ED name)
Include in email follow-ups for prospects who haven’t responded
Track who watches and how much (Loom analytics)

Option 2: HeyGen AI Avatar ($29/month) — PHASE 2

Create an AI avatar of Dmitri (one-time setup: record a few minutes of yourself speaking)
Generate personalized 30-60 second videos referencing specific foundation data (from 990)
Example: “Hi Jane, I noticed the Mountain Foundation manages about $12 million in charitable assets. I wanted to share something we’ve found that might be relevant…”
Quality: Avatar IV has full-body motion, micro-expressions, natural gestures. Professional enough for B2B but some viewers can detect synthesis.
Cost: ~ $0.50/ v i d eoo n t h e A P I; C re a t or pl an ($ 29/mo) handles 200 30-second videos

Option 3: Content Marketing Videos (Claude + HeyGen/Synthesia)

AI-generate educational video scripts about foundation data security
HeyGen renders them with Dmitri’s avatar
Post on LinkedIn and embed on the /for/foundations page
Topics: “3 Things Every Foundation Should Know About Their Backups”, “The Blackbaud Breach: What It Means for Private Foundations”, “Why Your Grant Management System Is a Security Risk”

Impact of video in outreach: 2-3x response rate improvement when personalized video is included (documented in B2B SaaS contexts; no nonprofit-specific data available). At $20-29/month, this is high-ROI if email/LinkedIn alone isn’t converting.

16.8 AI-Generated Marketing Copy

The Claude API can generate all outreach copy from 990 data:

Personalized email drafts: ~$0.0004/email using Haiku (essentially free)
LinkedIn connection request messages
Follow-up sequences
Blog posts about foundation data security
Landing page copy variations for A/B testing
One-pager PDFs customized per foundation (referencing their specific program area)

The marketing agent concept: Build an n8n workflow where:

New prospect enters the pipeline (from BMF/ProPublica data)
Claude Haiku receives: foundation name, ED name, total assets, program area, location
Claude generates: personalized email, LinkedIn message, and follow-up sequence
Output goes into a Google Sheet “review queue”
Dmitri spends 1-2 minutes per prospect reviewing/editing
Approved messages are queued in Instantly and LinkedIn

Time per prospect: 1-2 minutes (review only). At 50 prospects/week, that’s ~1-2 hours/week of Dmitri’s time.

16.9 Gmail AI Detection: The 2026 Deliverability Reality

Critical development: Gmail’s Gemini AI now analyzes email content as a deliverability signal. It detects AI-written patterns (syntax rhythms, punctuation, sentence complexity) and can deprioritize AI-generated email.

Mitigations:

Human review and light editing of every email breaks the AI “signature”
Use Dmitri’s actual voice/style (the content style guide already captures this)
Keep emails under 80 words with a single CTA
Maintain SPF/DKIM/DMARC on the outreach domain
Keep spam complaints under 0.3% and bounces under 2%
Use Instantly’s warmup network (4.2M+ accounts) to build domain reputation
Start with 5-10 emails/day per account, ramp over 4-6 weeks

17. The Minimum Viable Test

17.1 Test Design

Parameter	Value
Sample size	200 prospects (Colorado private foundations, $10 M -$ 50M assets)
Channels	LinkedIn (primary) + email (secondary)
Sequence length	5 touches over 17 days (see Section 16.4)
Test duration	6-8 weeks (including 2-week domain warmup)
Time investment	15-20 hours setup, 2-3 hours/week ongoing
Money investment	~$38-80/month (Phase 1 stack)
Total test cost	~$150-300 all-in for the test period

17.2 Why 200 (Not 500)

The Colorado market for $10 M -$ 50M foundations is ~150-400 total. Starting with 200 (after scoring/filtering) is practical and preserves the rest for a second wave with refined messaging. At a 5% reply rate, that’s ~10 replies; enough to see patterns.

17.3 Success Metrics

Metric	Baseline (average)	Good	Excellent	Kill Switch
LinkedIn acceptance rate	30-40%	40-50%	50%+	Below 15%
LinkedIn reply rate	10-15%	16.5%+	20%+	Below 5%
Email open rate	38-49%	50%+	60%+	Below 25%
Email reply rate	3.4%	5.5%+	10%+	Below 1%
Positive reply rate	50% of replies	60%+	75%+	Below 30%
Calls booked	2-4 from 200	5-8	10+	Below 3 = kill switch
First client signed	0-1	1	2+	N/A (too early)

17.4 Kill Switch Definition

If fewer than 3 intro calls are booked from the first 100 contacts within 45 days:

Pause foundation outreach
Analyze why (wrong ICP? wrong message? wrong channel? wrong timing?)
Either pivot messaging and test on remaining 100, OR redirect all resources to the financial services pipeline
Document learnings for future revisit

17.5 Test Timeline

Week -2 to 0: PREP
  - Register outreach domain + set up SPF/DKIM/DMARC
  - Start domain warmup (Instantly)
  - Build data pipeline (BMF → ProPublica → scoring)
  - Generate prospect list (200 Colorado foundations, scored)
  - Set up Apollo.io + Instantly accounts
  - Draft email templates + LinkedIn messages
  - Build n8n automation workflow
  - Create /for/foundations landing page (or at minimum, a targeted section)

Week 1-2: WAVE 1 (first 100 prospects)
  - LinkedIn connection requests: 10-15/day
  - Email sequences begin for those not on LinkedIn
  - Monitor deliverability, open rates, acceptance rates
  - Adjust messaging if needed

Week 3-4: WAVE 1 FOLLOW-UP + WAVE 2
  - Complete follow-up sequences for Wave 1
  - Begin Wave 2 (next 100 prospects) with any messaging adjustments
  - Phone calls to non-responders with phone numbers
  - Track: replies, positive replies, calls booked

Week 5-6: EVALUATE
  - Full analysis of both waves
  - Compare LinkedIn vs. email performance
  - Evaluate message variants (if A/B tested)
  - Kill switch check: are we at 3+ calls booked?
  - Decision: continue, pivot, or redirect

18. Foundation-Specific Quick Wins (The “Untied Shoelaces”)

These are things Solanasis could fix in 2-4 hours that would make a foundation’s life dramatically better. Include 1-3 of these in the ORB to increase perceived value (per the Master GTM Playbook recommendation).

Quick Win	Time	Impact	Why Foundations Need It
Password manager setup (1Password/Bitwarden)	2 hrs	HIGH	Most foundations share passwords via email or sticky notes
MFA enrollment on email + grant management	1-2 hrs	HIGH	Single biggest security improvement; often not enabled
Email security (SPF/DKIM/DMARC on foundation domain)	1-2 hrs	MEDIUM	Prevents email spoofing; many foundation domains lack these
Google Workspace security settings review	1-2 hrs	MEDIUM	Most foundations use Google Workspace for Nonprofits (free) with default settings
Shared drive cleanup and permissions audit	2-3 hrs	MEDIUM	Board documents, donor data, financial records all in one Google Drive with wrong sharing permissions
Backup verification (prove it restores)	2-4 hrs	VERY HIGH	This is the flagship; most have never tested
Board portal recommendation	1 hr	MEDIUM	Many foundations email board packets with sensitive financial data
Vendor security questionnaire for their top 3 vendors	2-3 hrs	MEDIUM	Foundation Source, grant management, accounting; are they secure?

18.2 The “After” Story

Before Solanasis:

ED keeps all passwords in a Google Doc shared with the whole team
No one knows if backups work (or if backups exist)
Board materials emailed as attachments (including financial statements)
Grant management system has one shared login
The person who set up the website left 3 years ago; no one has the credentials
Donor records and grant data live in one Google Drive folder with “Anyone with the link” sharing

After Solanasis (week 2):

Everyone has their own 1Password vault; shared credentials are in a team vault
Backups verified; restore runbook documented
Board materials on a secure portal
Every staff member has their own grant management login with MFA
All credentials documented in a secure vault
Google Drive permissions locked down; sensitive folders restricted

This is the transformation story for the landing page and case studies.

19. Priority Ranking Within Overall GTM

To be explicit about where this fits:

Priority	Vertical	Forcing Function	Expected Sales Cycle	Status
1	RIA Compliance Consultants (partners)	Reg S-P deadline June 3	30-45 days	Active sprint
2	Transfer Agents	Reg S-P first-time coverage	60-90 days	Research complete
3	Colorado State-Registered IAs	DORA Rule 51-4.14	45-60 days	Identified
4	Private Foundations	None (pain-based only)	60-120 days	This playbook
5	Planned Giving Providers	None (learning/partnership)	N/A (no revenue target)	Research complete
6	Multi-Family Offices	Pain-based	90-180 days	Deferred to Month 3+

Why Priority 4 is appropriate:

Foundations lack a regulatory deadline driving urgency
The AI-native pipeline means minimal ongoing time from Dmitri (2-3 hours/week)
It runs in parallel without cannibalizing the RIA sprint
It tests the AI-native outreach concept that can later be applied to other verticals
It builds the Lasting Legacy relationship pipeline as a bonus

20. The Two Tracks (Explicit Separation)

Track 1: Foundations as Clients (Revenue-Generating)

Goal: Sell operational resilience services (ORB, remediation, retainer)
Metric: Revenue ($)
Target: First paying foundation client within 90 days of launch
Kill switch: See Section 17.4

Track 2: Planned Giving Providers as Partners (Learning/Relationship)

Goal: Learn planned giving processes; build relationships; feed Lasting Legacy
Metric: Relationships built, processes documented, meetings held
Revenue expectation: Zero in the near term
Only pursue after Track 1 shows positive signal (at least 3 calls booked)
Activities: Attend CGP local council meetings, reach out to Boulder Community Foundation and NCF, meet with 3-5 planned giving providers

The connection between tracks is real but aspirational: Every foundation client becomes a potential Lasting Legacy relationship, but this is a bonus, not a justification for the vertical. Track 1 must stand on its own economics.

21. Legal Compliance for AI-Native Outreach

21.1 CAN-SPAM (Federal)

Cold B2B email is legal in the US; no prior consent required
Requirements: accurate headers, honest subject lines, physical address, unsubscribe mechanism, honor opt-outs in 10 days
Penalty: up to $51,744 per violation (2025 adjusted)
AI-generated email must still comply with all CAN-SPAM requirements

21.2 AI Disclosure

No federal mandate to disclose AI-generated email content (as of March 2026)
Colorado SB 24-205 (effective Feb 2026) focuses on algorithmic discrimination in “consequential decisions” (employment, lending, insurance); does not cover sales emails
Practical recommendation: Do not label every email as AI-generated, but do not misrepresent. Use AI for drafts; Dmitri reviews and approves. The output genuinely reflects his perspective.

21.3 AI Voice Calls

FCC Feb 2024 ruling: AI-generated voices are “artificial” under TCPA
Requires prior express written consent for cold calls
Penalties: $500 - 1, 500 p erc a ll (TCP A); u pt o$ 43,792 per call (DNC violations)
Conclusion: Do not use AI voice agents for outbound cold calling

21.4 Colorado Privacy Act (CPA)

CPA exempts B2B data from consumer privacy protections
Cold email to nonprofit staff at work addresses is generally not covered
Maintain clean practices regardless (opt-out, data minimization)

22. The MSP Channel: “We Do What You Don’t” for Nonprofits

22.1 Why MSPs Are the Highest-Leverage Adjacent Play

Solanasis already has a mature MSP partnership playbook for the wealth management vertical. The exact same model applies to nonprofit-serving MSPs, with even stronger product-market fit.

The structural gap is massive:

What MSPs Do	What They Don’t Do (Our Lane)
Set up backups + monitor backup jobs	Test whether backups actually restore (31% fail completely; 58% fail partially)
Install antivirus, firewall, MFA	Independent security assessment (conflict of interest to assess their own work)
Manage email, cloud, network	Board-level risk reporting (MSPs give ticket counts, not governance reports)
Hardware procurement + break/fix	Compliance documentation (policies, risk registers, evidence binders)
Basic phishing awareness training	Tabletop exercises + incident response planning
Day-to-day IT operations	Strategic technology planning (roadmaps, vendor evaluation, digital strategy)
Help desk + trouble tickets	Vendor security reviews (is your grant management vendor secure?)
Implement what’s asked for	Identify what SHOULD be asked for (the fCIO/fCSIO layer)

Key statistic: 67% of MSPs aspire to offer vCISO services but lack the expertise (ConnectWise 2024). They WANT a partner who can do this. Solanasis IS that partner.

22.2 Colorado MSPs Serving Nonprofits (Target List)

MSP	Location	Why Target
eCreek IT Solutions	Denver	Named nonprofit specialty; Inc. 5000 3x; Ronald McDonald House client
Rocky Mountain Tech Team	Boulder/Denver	Serving CO nonprofits since 2002
Colorado Computer Support	Colorado	Named nonprofit specialty; compliance-aware
TrinWare	Colorado	Only local MSP fusing cybersecurity + IT + hardware
Amnet	Front Range (FoCo to Pueblo)	Serves nonprofits across Front Range
Greystone Technology	Denver/FoCo/Boulder	16+ years; general MSP with nonprofit clients

Plus: ~74 MSPs listed in Colorado databases; many have nonprofit clients even if not their named specialty.

22.3 The Pitch to Nonprofit MSPs

Existing Solanasis positioning (already tested): “We assess and plan. You deliver and manage. Clean handoff, no overlap.”

Adapted for nonprofit vertical:

Subject: Adding security assessments for your nonprofit clients

Hi [Name],

I run Solanasis — we do 10-day Resilience Checkups for organizations
that handle sensitive data. A lot of our work is with nonprofits and
foundations.

Here's the thing most MSPs tell us: they know their nonprofit clients'
backups should be tested, but nobody has the bandwidth to actually do
it. When we do test restores, about a third fail completely.

We assess and plan. You deliver the remediation work. No overlap with
your managed services. The findings surface clear implementation work
(patching, config fixes, access controls) that's a natural fit for
your team to deliver.

We also offer a 15% referral fee on assessment engagements. Want a
15-minute call to see if this fits your nonprofit client base?

Dmitri Zasage
Solanasis | 303-900-8969

Why nonprofit MSPs will be more receptive than general MSPs:

Nonprofit clients ask questions MSPs can’t answer (“Is our donor data secure?” “What do we tell the board about cybersecurity?“)
Nonprofits are the second most targeted sector for cyberattacks (behind energy); MSPs know this
56% of nonprofits have zero cybersecurity budget; MSPs need someone to make the case for investment
48% of organizations report increased funder inquiries about cybersecurity; the MSP can’t answer these alone

22.4 The Referral Economics

Using the existing Solanasis referral program:

Scenario	Math
MSP refers a $5,000 Foundation ORB	MSP earns $500 (10%)
MSP refers a $7,500 ORB + Founding Partner bonus	MSP earns $1, 125 (15$ 500 conversion bonus = $1,625
ORB findings → $9,000 remediation sprint	MSP delivers the remediation work and bills the client directly
Post-ORB retainer ($2,500/month)	$500 conversion bonus to MSP; MSP implements ongoing recommendations

The real value for the MSP isn’t the referral fee; it’s the remediation work. Every ORB generates $5 K -$ 18K in implementation projects that the MSP bills for directly.

22.5 What We Can Offer MSPs’ Nonprofit Clients

Service	Price	What It Does	MSP Benefit
Foundation Resilience Checkup	$5 K -$ 7.5K	Security baseline + real restore test + 30/60/90 plan	Surfaces remediation work for MSP
Board Security Brief	$1, 500 -$ 2,500	1-hour board presentation: risk posture, priorities, roadmap	MSP can’t do this; builds client trust
DR Verification	$2, 000 -$ 3,500	Actual backup restore test + documentation + runbook	MSP knows their backup testing is weak
Vendor Security Review	$1, 500 -$ 2,500	Review top 3-5 vendor security postures	Outside MSP scope entirely
Post-CRM-Migration Security Review	$2, 000 -$ 3,500	After Salesforce/Blackbaud implementation: verify data security, access controls, backup	Partners with CRM implementers
Annual Resilience Review (recurring)	$3, 000 -$ 5,000/year	Annual re-assessment + board report	Recurring revenue for both parties

22.6 The “Double Channel” Strategy

Run MSP outreach and direct foundation outreach simultaneously because they reinforce each other:

                    DIRECT OUTREACH                   MSP CHANNEL
                    ──────────────                    ───────────
                    LinkedIn + Email                  Cold email + referral
                    to Foundation EDs                 to MSP owners
                         │                                │
                         ▼                                ▼
                    Foundation says                   MSP says "this
                    "yes, let's talk"                 is interesting"
                         │                                │
                         ▼                                ▼
                    Dmitri does                       MSP introduces
                    the ORB                          to 3-5 nonprofit clients
                         │                                │
                         ▼                                ▼
                    Case study                       More MSP referrals
                    + testimonial                    (proven model)
                         │                                │
                         └──────────┬─────────────────────┘
                                    │
                                    ▼
                            Social proof feeds
                            both channels

The compounding effect: One ORB delivered via direct outreach becomes a case study that makes the MSP pitch more credible. One MSP referral that closes becomes proof that the partnership model works, which attracts more MSPs.

23. Platform Partnerships (Nonprofit Ecosystem)

23.1 Immediate Actions (Low Cost, High Visibility)

Action	Cost	Expected Impact	Timeline
Get listed on NTEN TechFinder	Membership fee (~$200)	Direct visibility to nonprofits searching for tech help	Week 1
Register on TechSoup Consultant Connection	Free (requires verification)	Lead flow from nonprofits seeking consultants	Week 1-2
Join Colorado Nonprofit Association as Business Member	Membership fee (varies)	Listed in Professional Services Directory; access to events	Week 2
Submit to Exponent Philanthropy conference (Nov 11-13, Portland)	Exhibitor fee (contact corporate@exponentphilanthropy.org)	1,000 lean foundation decision-makers in one room	Apply by July-Aug

23.2 Strategic Partnerships (Medium-Term)

Partner	Their Role	Our Role	Why It Works
Foundation Source (5,600+ foundations)	Admin, compliance, tax, grantmaking	Security, DR, technology resilience	They don’t do security/DR; perfect complement
Cloud for Good / Exponent Partners (CRM implementers)	Implement Salesforce Nonprofit	Post-implementation security review	Nobody verifies CRM security after go-live
Denver Foundation / NoCo Foundation (community foundations)	Advise member foundations	Recommended security provider	One relationship = access to dozens of foundations
Heller Consulting	CIO advisory, CRM implementation	DR verification, security assessment	They do governance/policy; we do technical verification
Tech Impact	Managed IT, assessments ($450)	Deep-dive ORB ( $5 K -$ 7.5K) for orgs that outgrow their assessment	We’re the “next step” after their self-assessment

23.3 The “After the Assessment” Positioning

Several free/cheap assessment tools exist in the nonprofit space:

Ford Foundation Cybersecurity Assessment Tool (free)
NTEN Tech Accelerate (free self-assessment)
Tech Impact Sec Check ($450)
NTEN Cybersecurity Readiness Program (free, cohort-based, 20 orgs per cohort)

All of these identify problems. None of them fix problems or verify fixes.

Solanasis positioning: “You’ve done the assessment. Now let us verify that your systems actually work, fix the quick wins, and give you a roadmap for the rest.”

This makes Solanasis the natural next step in the nonprofit’s cybersecurity journey, not a competitor to the free/cheap assessment tools.

24. Revised Outreach Strategy (Multi-Channel, Multi-Path)

24.1 Three Simultaneous Outreach Tracks

Track A: Direct to Foundations (AI-Native Pipeline)

Channel: LinkedIn primary, email secondary
Volume: 200 Colorado foundations, $10 M -$ 50M assets
Timeline: 6-8 weeks
Cost: ~$38-80/month
Dmitri time: 2-3 hours/week (review emails, take calls)
Kill switch: <3 calls from first 100 contacts in 45 days

Track B: MSP Channel (Leveraged Access)

Channel: Cold email to MSP owners/operators
Volume: 6 named Colorado nonprofit-MSPs + 20-30 general MSPs with nonprofit clients
Timeline: Parallel with Track A
Cost: Already covered by Instantly subscription
Dmitri time: 1-2 hours/week
Goal: 2-3 MSP partnership conversations → 5-10 foundation introductions

Track C: Platform/Ecosystem (Credibility Building)

Actions: NTEN TechFinder listing, TechSoup Consultant Connection, CNA membership
Volume: One-time setup + ongoing presence
Timeline: Week 1-2 setup; ongoing
Cost: ~$200-500 total (membership fees)
Dmitri time: 2-3 hours one-time setup
Goal: Inbound inquiries over time; builds credibility for Tracks A and B

24.2 Combined Timeline

WEEK -2 to 0: INFRASTRUCTURE
├── Register outreach domain + warmup (Instantly)
├── Build data pipeline (BMF → ProPublica → scoring → CSV)
├── Set up Apollo + Instantly
├── Create /for/foundations landing page
├── Join NTEN, register on TechSoup, join CNA
└── Draft all email templates (foundation + MSP)

WEEK 1-2: LAUNCH ALL THREE TRACKS
├── Track A: LinkedIn requests to first 50 foundations
├── Track A: Email sequences begin
├── Track B: Cold email to 6 named nonprofit MSPs
├── Track B: Cold email to 20 general MSPs with nonprofit clients
└── Track C: Listings go live on TechFinder + TechSoup

WEEK 3-4: FIRST WAVE FOLLOW-UP + SECOND WAVE
├── Track A: Follow-up sequences; phone calls to non-responders
├── Track A: Wave 2 (next 50 foundations)
├── Track B: Follow up with interested MSPs; book partnership calls
├── Track B: First MSP partnership conversation
└── Track C: Engage in NTEN cybersecurity community

WEEK 5-6: EVALUATE + EXPAND
├── Track A: Full analysis of foundation outreach
├── Track A: Kill switch check (3+ calls booked?)
├── Track B: First MSP-referred foundation intro
├── Track B: Start building co-marketed materials
└── Track C: Submit to Exponent Philanthropy conference (Portland, Nov)

WEEK 7-8: DECISION POINT
├── If Track A works: double down on direct outreach
├── If Track B works: focus on MSP partnerships (higher leverage)
├── If Track C generates inbound: invest more in ecosystem presence
├── If nothing works: pause, analyze, redirect to financial services
└── Document all learnings regardless

24.3 Messaging Matrix

Audience	Lead Message	Supporting Proof	CTA
Foundation ED	”Your backups have never been tested. We fix that in 10 days.”	Blackbaud breach ($59M); 31% backup failure rate	20-min call
MSP Owner	”We assess and plan. You deliver and manage. Your nonprofit clients need both.”	67% of MSPs want to offer vCISO but can’t; 15% referral fee	15-min call
Community Foundation	”We protect your member foundations’ data. One partnership = many foundations served.”	DR verification gap; board reporting capability	Intro meeting
CRM Implementer	”After you build it, we verify it’s secure and recoverable.”	No one does post-implementation security review	Partnership call
NTEN / TechSoup	”We’re the ‘after the assessment’ provider. We verify, fix, and report.”	DR verification is the gap nobody fills	Listing / presentation

25. Updated Open Questions

Previous open questions (Section 13) plus new ones:

Asset range: $10 M -$ 50M recommended (per senior reviewer). Confirm?
Geography: Colorado first. Confirm?
CRM: What will the prospect CSV go into?
Outreach domain: Use solanasishq.com (already exists for cold email) or register new?
MSP outreach: Start with the 6 named nonprofit MSPs first, or broader?
Phone outreach: Willing to make cold calls to foundations? (Best for non-responders with no email)
Tool budget: $38-80/month for Phase 1 acceptable?
NTEN/TechSoup/CNA: Approve ~$200-500 for membership/listing fees?
Exponent Philanthropy conference (Nov 11-13, Portland): Worth the exhibitor investment?
Landing page: Build /for/foundations now (before outreach) or after first client?
Video: Start with Loom ($20/mo) for video personalization?
Should we build the Python data pipeline this week?

Last updated: 2026-03-16 (V3 — added MSP channel strategy, platform partnerships, multi-track outreach plan) Research sources: IRS data, ProPublica, Candid/GuideStar, NCCS, Foundation Source, Cerulli Associates, Giving USA, Blackbaud settlement records, Colorado SOS, Exponent Philanthropy, CGP, ACGA, FreeWill, Crescendo Interactive, Apollo.io, Instantly.ai, Clay.com, HeyGen, Loom, n8n, FCC TCPA rulings, FTC CAN-SPAM guidance, Colorado Privacy Act, Gmail/Gemini deliverability analysis, Expandi LinkedIn outreach benchmarks, Instantly 2026 Cold Email Benchmark Report, Community IT Innovators, Tech Impact, NTEN, TechSoup, Colorado Nonprofit Association, ConnectWise MSP surveys, and 150+ additional web sources across 7 research sessions.

Solanasis Docs

Explorer

Foundation_and_Planned_Giving_Prospecting_Playbook_2026-03-16