At Goodworld, safeguarding your data and ensuring the security of our platform are paramount. We adhere to stringent security protocols and compliance measures to protect your information. Below, we outline our comprehensive approach to data security and compliance.

Limited Access: Access to sensitive data is strictly controlled and granted only to authorized personnel on a need-to-know basis.

Role-Based Access Control (RBAC): We implement RBAC principles to ensure that team members have access only to the data necessary for their respective roles.

Monitoring and Logging: All access to data is logged and monitored for unauthorized activities or breaches.

Goodworld is California Consumer Privacy Act (CCPA) and Data Protection Act (DPA) compliant.

Data Encryption: All Personally Identifiable Information (PII) is encrypted using SSL encryption both in transit and at rest to prevent unauthorized access.

Anonymization: Transaction data is anonymized to uphold user privacy and confidentiality.

Multi-Factor Authentication (MFA): For ACH functions, multi-factor authentication and personal identifiers are employed to prevent unauthorized access.

Tokenization: Financial data is tokenized via Stripe, ensuring that no principal, employee, or contractor can access sensitive financial information directly.

External Auditing: Our system undergoes periodic external audits conducted by industry-leading security auditing agencies to identify and address any vulnerabilities or compliance gaps. For example, we undergo an annual Third Party Risk Management and Annual Attack Surface Reduction (ASR) audit and Pen Test by Mastercard

Compliance Assurance: While Goodworld does not handle financial data directly, we rely on Stripe, a Level 1 PCI compliant gateway, for ensuring compliance with PCI DSS standards. Goodworld completes annual SAQ-A and SAQ-D validation

Incubation in Banking Sector: Goodworld's system was incubated within the banking sector through partnerships with Barclays Bank and their penetration/security auditing agency, ensuring robust security measures.

Secure Hosting: PII data is stored in MongoDB hosted on Amazon Web Services (AWS), leveraging AWS's advanced security features and compliance certifications.

RESTful Node.js Services: All platforms utilize RESTful Node.js services, ensuring secure and efficient data exchange.

Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.

HTTPS and HSTS for secure connections

Input Validation: Data filters are set up to receive specific input types, and errors are thrown for invalid inputs before connecting to the database.

Role-Based Data Access: The system checks user permissions before retrieving and sending data, ensuring that sensitive information is only accessible to authorized users.

Client-Side Security: Even if other security measures fail, the system filters and restricts data at the client-side, ensuring that sensitive information is not exposed to unauthorized parties.

Robust contingencies: We monitor for probes of our DB (Snort), have a published disaster recovery plan and our servers are regionally dispersed and dynamically scalable to ensure continuity of operations

At Goodworld, we are committed to maintaining the highest standards of security and compliance to protect your data and privacy. Our proactive approach to security ensures that your information remains safe and secure at all times.

For further inquiries or concerns regarding security, please contact hello@goodworldnow.com