Protecting data to and from your browser
Data that is transferred between your browser and our servers is encrypted using SSL. You can see that in the address bar – it starts https:
Data centre security
Donorfy is hosted in Microsoft Azure, a highly secure and scalable cloud computing platform. As one of the world’s leading platforms, Microsoft take security extremely seriously. Read more about it here: https://www.microsoft.com/en-us/TrustCenter/CloudServices/Azure
Where is my data?
If you choose to use Donorfy with your own Azure subscription you can choose the location of your Azure SQL database. Please see this page for more information.
Donorfy is developed and tested according to the standards of the Open Web Application Security Project (OWASP). For authentication, access control and encryption we use components and technology provided by Microsoft and other major technology companies. Periodically our software is reviewed and tested by external experts and their findings and recommendations are fed back into our development processes and wider business practices. Beyond the above we do not publicise further details of our security.
In the eyes of the GDPR we are the Data Processor. As such we have a comprehensive data processing agreement which sets our commitments and obligations as your data processor. This is updated from time to time in line with legislation and improvements. The full DPA can be viewed here.
Credentials such as passwords and API keys are strongly encrypted. Donorfy does not store any usable credit card or bank account details. They are stored by the payment processors’ systems (see Integrations) which themselves are subject to the strictest compliance regulations.
UNUSUAL LOGIN REPORTING
Donorfy notifies users of logins from previously unknown locations. This enables you to take necessary action (eg. changing passwords) should you suspect anything.
Data is backed up daily to Amazon Web Services storage in the EU.
We monitor and log access to the service 24/7 and receive alerts for any unexpected incidents that may need our intervention.
You have control over who can access your organisation’s Donorfy account. You invite the users you want. We too have access for support purposes – it helps us answer any questions you have much more effectively and quickly.
Getting access to your data
You can download your data at any time from Donorfy using the Lists feature.