Security FAQ

What does our technology stack look like?

The main platform is a Multi Tenant Single Page application, consisting of a frontend written in Javascript / Ember and a backend written in Python / Django.

What does our software development lifecycle look like?

For software development we work agile scrum in sprints of two weeks. Based on our customers’ needs and our product vision we develop new features on our Roadmap.

How do we do Information Security Assessments?

As part of our Scrum process the Product team evaluates security risks every three months during a technical depth meeting. If security treats arise, the Product Manager will create new user stories and add these user stories to the upcoming sprints to fix these treats as fast as possible. Together with the Product team, the Chief Security Officer (CSO) will look at possible security treats before a new feature is added to the next sprint and implemented.

How do we secure our databases, operating system and application controls?

We use SSL for all communication. System services that require authentication use Token based authentication. Authentication in is performed through SAML. For these users, the account is created during login. We do not require verification, since only authorized user can perform this action.

How do we handle data encryption?

All data is encrypted during transit using https/SSL. SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted. System services that require authentication use Token based authentication.

How do we secure Payments?

It is, of course, vital to us that you are able to safely make your online donation. That is why you will be transferred to a secure page, the moment you begin making your donation. This will prevent others from snooping or eavesdropping on the transaction.

We do not store any banking data, e.g. credit card data, and  all payments will be processed by a reliable Service Payment Provider. We will only store the results for these financial transactions. Your transaction data are encrypted using SSL (Secure Socket Layers) code before being sent over the internet. The ‘https://’ precursor in your address bar will signal your secure SSL connection.

Where do we host the data?

We have teamed up with our reliable IT suppliers, Linode and Tilaa in the hosting of our platform. We will be concluding written arrangements with these suppliers in order to ensure that your rights to data protection are protected. We will also ensure that your personal data will not leave the European Economic Area (EEA) and will also be concluding arrangements with our suppliers in that respect.

How do we handle back ups?

We have hourly and daily backups of our database. When retrieving a database dump for any of the testing or local environments we restore an anonymized hourly backup. This way our backups are tested regularly. Reverting the database to a backup takes approximately 10 minutes. Database backups are stored on a separate provider that is accessible through SSH. All the normal access rules for production environments should hold for this environment as well. We have a daily / weekly backup of media assets from our production machine. This is handled and tested by Linode.