Security Statement

 

Updated: April 3, 2023


2Account: Donate2 | Stream2 | Flex2 is a product of Lynch Incorporated (L2)

Security is a top priority for 2Account: Donate2 | Stream2 | Flex2. This site provides a high-level overview of our security practices. Have questions or feedback? Feel free to reach out to us at security@donate2.com.


Infrastructure

Cloud infrastructure
  • All of our services run in the cloud. We don't host or run our own routers, load balancers, DNS servers, or physical servers. Our service is built on Amazon Web Services. They provide strong security measures to protect our infrastructure and are compliant with most certifications. You can read more about their practices here: AWS.
  • We use Infrastructure as Code to provision and manage cloud infrastructure and services. This gives us consistent, repeatable, and fast provisioning of development, test, and production environments.


Network level security protection

Our network security architecture consists of multiple security layers. We protect our network to make sure no unauthorized access is performed using:

  • A virtual private cloud (VPC), and a bastion host or VPN with network access control lists (ACL's).
  • A firewall that monitors and controls incoming and outgoing network traffic.
  • We use an application firewall solution to monitor and block potential malicious packets.
  • IP address filtering.


Data encryption

Encryption in transit
  • All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS) v1.2 or higher.
Encryption at rest
  • All of our sensitive user data (including passwords) is encrypted in the database.


Data retention and removal

  • Every user can request the removal of usage data by contacting support. Read more about our privacy settings at donate2.com/privacy-policy.

Business continuity and disaster recovery

  • We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster.

Application security

  • We have configured a web application firewall (AWS WAF) in front of our web servers to help protect web applications from attacks.
  • We use a security solution to get visibility into our application security, identify attacks and respond quickly to a data breach.
  • We use technologies to monitor exceptions, logs and detect anomalies in our applications.
  • We collect and store logs to provide an audit trail of our applications activity.
  • We check input fields for proper typing and to prevent insecure input.


Secure development

  • We have a culture that encourages open discussion about security. Developers share best practices about common vulnerabilities and threats.
  • We review our code for security vulnerabilities.
  • We regularly update our dependencies and make sure none of them has known vulnerabilities.


Compliance

GDPR

  • We're compliant to the General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Contact us for more details on how we comply to GDPR.


Payment information

  • Payment processing is safely outsourced to Stripe which is certified as a PCI Level 1 Service Provider. We don't collect any payment information.


Employee access

  • Our strict internal procedure prevents any employee or administrator from gaining access to user data. Limited exceptions can be made for customer support.
  • We practice the Principle of Least Privilege to minimize the risk of our environment being compromised.
  • All our employees sign a Non-Disclosure and Confidentiality Agreement when joining the company to protect our customers' sensitive information.


Tessitura Data

  • All constituent and institutional data is stored in our clients Tessitura system. We do not store your constituent or institutional data. We only access the data through the Tessitura API. You control the amount of access we have via the Tessitura security application.
  • A minimal amount of anonymized data such as Order ID, Constituent ID, Order Total, and Cover Costs Total are stored with 2Account: Donate2 | Stream2 | Flex2  when transactions occur for auditing, reporting  and customer support purposes.