Your donation is secure.

Nonprofit organizations and donors trust Funraise.

Funraise prioritizes the security of data and payments with the highest level of data security, world-class infrastructure partners, and independent certification processes.

PCI Compliance

Funraise is a PCI Compliant Service Provider and tokenizes all credit card information in a PCI Level 1 certified tokenization vault. Funraise is partnered with Sikich as our QSA and independent security assessor.

Data Security

Funraise is deployed to Heroku.com, a Salesforce.com company. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

• ISO 27001
• SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
• FISMA Moderate
• Sarbanes-Oxley (SOX)

Additionally, all Funraise data is managed in a premium Postgres cluster with hot standby which benefits from geo-redundancy, point-in-time recovery, priority service restoration on disruptions, and automatic encryption-at-rest of all data written to disk.

Funraise employs modern ciphers and hashing algorithms for data encryption and password hashing. Communications to and from Funraise servers are encrypted by TLS 1.2+.

OWASP

Funraise coding guidelines are integrated with OWASP best practices. These practices are enforced through static code analysis and peer review of every change made to the Funraise codebase. Funraise also employs a dedicated QA team as well as independent security specialists that test our software for bugs and potential vulnerabilities.