Data security

Can you tell me more about how you ensure data security?

Raagini Sarkar avatar
Written by Raagini Sarkar
Updated over a week ago

The security of your information and your donors’ information is our highest priority. 

  • No sensitive financial data ever hits our servers and credentials can therefore never be stored or accessed.

  • All PII data is secured with SSL Encryption and will never be exchanged, licensed or sold to third parties. 

  • All transactions are anonymized to ensure privacy.

  • Multi-factor authentication and personal identifiers ensure unwanted access is prevented.

  • No principal, employee or contractor can gain access to sensitive financial data because it is all tokenized via Stripe.

  • Goodworld system was incubated within the banking sector via Barclays Bank and their penetration/security auditing agency. It includes cyber insurance which covers the appropriate (non-financial) data-handling concerns.

  • PII Data stored in MongoDB, hosted on Amazon Web Services.

  • All platforms use RESTful Node.js services, built in Sails.js.

Stripe - Handles all sensitive payment data. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.

Plaid - Allows donors to securely link their bank accounts/cards

Did this answer your question?