Data security and privacy are essential pillars of our platform. You can rest easy knowing that your donor information will always be kept private and your data is protected.
Any donor data you upload into the platform is for your use only. Your data is encrypted and lives in a completely closed silo for your use only. Only your team will have access to your uploaded contacts.
DonorSpring never sources contacts for one organization from another. We do not add the contacts you upload into our data pool. We do not sell, trade, or otherwise transfer information you upload to external parties or other nonprofit organizations on the platform.
We take the security of your data seriously and are compliant with industry-standard measures to protect it from unauthorized access, disclosure, alteration, and destruction. Additionally, all donation processing is PCI compliant.
Beyond keeping your data private and siloed, we take these extra steps to ensure that your sensitive information is handled with diligence and care:
Data in the DonorSpring application is always encrypted - in transit via SSL/TLS 1.2 and at rest via AES-256. Encryption at rest takes advantage of AWS managed encryption keys which are rotated automatically.
Protected Payment Data with Stripe
DonorSpring processes payments through Stripe. All sensitive payment information is securely handled directly by Stripe without touching DonorSpring’s cloud infrastructure. We do not store sensitive payment information like credit card numbers, instead allowing Stripe to take care of it.
24/7 Access and Threat Monitoring
We take advantage of several AWS services to provide access monitoring and alerting. AWS CloudTrail records all user activity and API usage within DonorSpring’s cloud infrastructure. Amazon GuardDuty continuously monitors our infrastructure and provides alerting for anomaly detection, network monitoring, and malicious file discovery.
Managed Runtimes + Security Patches
DonorSpring does not maintain any physical or cloud servers or VMs, instead choosing to leverage AWS managed “serverless” services. We use AWS Lambda for compute, which “provides support for these runtimes by continuously scanning for and deploying compatible updates and security patches, and by performing other runtime maintenance activities”.
On the database side, DonorSpring employs a mix of Amazon Aurora and Amazon DynamoDB, both of which are also fully managed runtimes that receive automated security patches from AWS.
Least Privileged Access
DonorSpring engineers access our cloud resources using IAM (Identity and Access Management) roles that grant them the minimum permissions required to conduct their job duties. Similarly, pieces of the DonorSpring application use short-lived IAM roles and policies that grant permissions to access the specific resources required for specific customer and task at hand.