Learn how VOMO protects user data, secures it, and ensures stability catastrophic events
We take data very seriously as a tech platform, and want to assure you that we go in detail to make everything safe and fun for all of our Partners and Users.
- Data Protection
- We host all of our services in the Amazon Web Services (AWS) cloud, which is an industry standard hosting company that works with thousands of companies and offers a great service - meaning very little down time, as well as great security controls, processes, etc. Some of the biggest names in technology use AWS for their data storage and server power. We trust their service and protocols.
- The VOMO Platform has all up to date AWS security audits, SSL certificates, etc. to ensure that industry standard practices to secure, encrypt, and protect the databases that live in the AWS cloud.
- VOMO is developed using some of the largest and most successful Open Source packages in use today. Our team keeps current with security patching by following the proper security advisory channels for these packages as well as using automated audit tools to detect any packages that may contain vulnerabilities. Our platform partner is fully SOC 2 and PCI compliant.
- For a list of data stored when a Volunteer Account is created, visit this support article: support.vomo.org/how-do-i-create-my-volunteer-account.
- Disaster and Recovery Protocols
- VOMO maintains a high availability hosting environment with Amazon AWS. We utilize a number of AWS services to ensure scalability and redundancy. In the event of a catastrophic event that takes down AWS services, our source code and select backups are stored in a tertiary location/service.
- VOMO maintains several instances of the platform service in the AWS cloud and locally on Developer machines to ensure that the platform codebase and data are backed up regularly.
- Access to the VOMO AWS environment is controlled and configured with strict Identity and Access Management (IAM) policies, as well as strict Access Control List (ACL) policies to ensure that only the necessary VOMO Developers have access to AWS. Also, VOMO does not use public S3 buckets, so no data is ever exposed outside of the AWS environment.
- In the event of a Breach, VOMO practices the AWS suggested best practices as detailed at https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/
- How do we access our data in the event of contract termination?
- We can provide a dump of all of the data in CSV format if any partner terminates their agreement.
- If I pay with my Credit Card, is my payment information protected?
- VOMO partner with a service called Stripe for all online payment processing. Stripe is one of the industry leaders in credit card processing, and they power thousands of payments every day. They are highly trusted in our industry for security, and take strong measures to make sure that the data they store on our behalf is secure. They also maintain SOC and PCI compliance on their platform.
- VOMO never stores Credit Card information in our own databases. Everything is always stored directly within the Stripe environment.
- Is the data used in Background Checks protected?
- VOMO partners with Sterling Volunteers and Checkr to run all background checks initiated through the Admin Dashboard. This means that all data collected from Sterling Volunteers and Checkr to complete a background check (SSN, DL, DOB, Address, etc.) are directly run on our partner's servers and stored in their databases. VOMO never sees, stores, or attempts to collect this sensitive data in the process. When the background check is complete, the only thing that our partner passes back to VOMO is the status of the background check and a link to view the background check on your secure Sterling Volunteer or Checkr Dashboard.
- Any manual background checks that are added into VOMO are comprised only of the following data fields: Background Check Completion Date, Background Check Expiration Date, Status of Background Check, and additional notes about the check that is on file in another system.
- Is all donation data from your partner's protected?
- VOMO integrates with QGiv, iDonate, Generosity by Lifeway, and Giving Fuel to allow our partners to connect their donation management solution to their VOMO Account. All donation providers handle all payment information directly, and are SOC and PCI compliant. VOMO never sees, stores, or attempts to collect donation data in the process. When the donation is complete, the only thing that our partner passes back to VOMO is the status of the donation, amount, and a transaction ID to view the donation record on your giving solution's dashboard.