Funraise prioritizes the security of data and payments with the highest level of data security, world-class infrastructure partners, and independent certification processes.
PCI Compliance
Funraise is a PCI Compliant Service Provider and tokenizes all credit card information in a PCI Level 1 certified tokenization vault. Funraise is partnered with Sikich as our QSA and independent security assessor.
Data Security
Funraise is deployed to Heroku.com, a Salesforce.com company. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
Additionally, all Funraise data is managed in a premium Postgres cluster with hot standby which benefits from geo-redundancy, point-in-time recovery, priority service restoration on disruptions, and automatic encryption-at-rest of all data written to disk.
Funraise employs modern ciphers and hashing algorithms for data encryption and password hashing. Communications to and from Funraise servers are encrypted by TLS 1.2+.
OWASP
Funraise coding guidelines are integrated with OWASP best practices. These practices are enforced through static code analysis and peer review of every change made to the Funraise codebase. Funraise also employs a dedicated QA team as well as independent security specialists that test our software for bugs and potential vulnerabilities.
.svg)
.webp)
.webp)
.webp)
.webp)
.webp)
