You could enable offsite donations that provide a receipt/hash that denotes (donation -> validated), without being tied to any individual. Then the user could copy/paste a generic, non-correlated code into Signal to authenticate activity.