Skip to main content

Security Policy

Last updated: January 19, 2022

Welcome to Active Donor!

Ensuring the availability and reliability of the ActiveDonor platform is our top priority, along with keeping all organization’s data safe and secure. We follow industry best practices to keep your data secure and available at all times.

Here is how we ensure that:
Secure Hosting
  • ActiveDonor is hosted off-site in a professionally run and data centre managed by Amazon Web Services (AWS) in Cape Town that ensures high availability, scalable performance along with maximum security.
  • This is the same technology trusted by government agencies, banks and leading startups around the world. Amazon continually manages risk and undergoes recurring assessments to comply with industry standards.
  • The data centre is regularly audited and conforms to international SSAE 16 Type II and HIPAA standards.
  • The data centre is regularly maintained and patched with the latest security updates by professional system administrators.
  • The data centre has the latest in hardware security and we also use enterprise-class firewall protection to deter third-party information access.
Infrastructure Security
  • All our servers are run from virtual private clouds (VPCs), with rules that prevent unauthorized external requests from entering our network.
  • Our core infrastructure is hosted in a fully redundant, secure VPN environment, with access restricted to operations support staff only. This way we can leverage complete firewall protection, private IP addresses, and other security features.
  • Our application is run behind a modern enterprise architecture firewall and only the necessary ports are open to the outside network. Also, only authorized personnel, using SSH keys, have access to the system. Access is enabled only over a VPN connection.
Network Security
  • All ActiveDonor application sections are accessed via HTTPS, a secure web protocol to ensure the privacy of data transmitted to/from your browser and ActiveDonor.
  • Strong passwords are required of all users.
  • Password sharing, duplicate and common passwords are strongly discouraged.
  • User passwords are NOT stored in any ActiveDonor database (we use a one-way encryption mechanism to validate authentication (username and password) information.
  • Passwords are not retrievable by anyone, inside or outside of ActiveApps Pty Ltd.
  • User files generated or uploaded into ActiveDonor are encrypted when stored on our servers.
Separate Databases
  • Each organisations data within ActiveDonor is stored in a unique database. This prevents anyone outside of your organization to accidentally access your data and prevents the risk of unwanted data contamination or leaks into another organization’s database.
Backups & Recovery
  • We use industry standard rotational backup methodologies maintaining real-time backups of our databases. Full backups are performed daily with ongoing incremental backups providing high data protection in case of loss.
  • All backup data is stored on multiple servers to further ensure the protection of our customer’s valuable data.
  • Our data centre is a fully redundant network, storage and server architecture. In the event of a failure in any of these systems, automatic failover will allow ActiveDonor to continue to provide services to its clients immediately, or within a very short period of time (typically within minutes).
Operational Security
  • Our systems’ health is constantly monitored. We get reports in real-time so we can instantly react in case a potential issue arises.
  • We constantly monitor security, performance, and availability 24/7/365. We run automated testing on an ongoing basis. We prioritize, resolve, and deploy discovered security issues quickly after discovery.
  • The ActiveDonor security infrastructure is regularly audited and inspected to ensure the security tools utilized are up to date.
  • We never access your data in ActiveDonor, unless required for support reasons and only with your explicit permission.
  • All employees attend annual information security training, and we own our Intellectual Property.