As a platform hosting extensive data on behalf of nonprofits, Springly is committed to delivering the highest standards of security and service.
Here is an overview of how Springly handles data security:
- Data Security
- Personal Data & Privacy
- User Login
- Connection Between Browser and Server
- Email Sending
Data Security
Access to customer data is fully secured:
- Role-based access restrictions;
- Strong password authentication;
- IP allowlist controlling data access;
- Encrypted communication protocol + encryption at rest.
Encryption at rest means that database backups are stored on an encrypted server with protected access. They are unreadable without both legitimate access credentials and the encryption keys.
Likewise, no customer data is stored in plain text, and access to all our data is tightly secured (encryption, multi-factor authentication, IP-restricted access, and more).
We also run a private bug bounty program through Bounty Factory, inviting security researchers to identify and report vulnerabilities in the platform so we can address them proactively.
Finally, we conduct annual security audits as part of our partnerships — our security standards are regularly assessed by independent third parties.
To learn more about our data hosting, click here.
Personal Data & Privacy
Springly is compliant with the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018.
Your data belongs to you. Springly acts as a Data Processor, not a Data Controller (as defined under GDPR).
In this capacity, Springly builds data security into the product from the ground up, and provides guidance and notification in the event of a data breach.
Personal data on platforms without an active subscription is deleted or anonymized upon request from the nonprofit.
We will never share your data with third parties for commercial purposes. Learn more in our privacy policy.
User Login
Every user can enable two-step authentication at any time. It is mandatory for all Springly employees.
To learn more about strong authentication, click here.
User passwords are never stored in plain text — they are hashed and salted.
Sounds like a cooking term? It kind of is! Hashing works by storing a fingerprint of the password, generated by a one-way function — meaning it's impossible to reverse-engineer the original password from its hash. When a user logs in, the platform hashes the entered password and compares it to the stored hash. This way, even if our database were ever compromised, attackers would not be able to recover users' passwords.
To learn more about hashing, click here.
Connection Between Browser and Server
We provide customers with SSL certificates enabling secure connections via the HTTPS protocol. These certificates are issued by Comodo, a trusted certificate authority. They use 128-bit keys exchanged via ECDHE_RSA with the TLS 1.2 protocol. We have deprecated SHA-1 for hashing in favor of SHA-256.
Email Sending
Emails are sent through Mailgun.
Every email sent from the platform is signed using the DKIM standard to prevent spoofing.
To learn more about the DKIM standard, click here.
We have also implemented the SPF standard to help fight spam.
To learn more about the SPF standard, click here.
Further reading:
- Privacy Policy
- Security on Springly
- Technical Aspects and Software Definitions
- Managing Your Banking Data Through Your E-wallet
- Backup of Uploaded Images and Documents
Comments
0 comments
Article is closed for comments.