Learn how we protect user data, secure it, and ensure stability in case of catastrophic events.
We take data very seriously as a tech platform, and want to assure you that we go in detail to make everything safe and fun for all of our Partners and Users.
Here are links to the VOMO Terms of Service, Privacy Policy, and SLA. All of these resources have information about what kind of data we have and if we do anything with that info. To put it simply, we don't share information with any third parties, and we do not have ads on our platform.
- Data Protection
- We host all of our services in the Amazon Web Services (AWS) cloud, which is an industry standard hosting company that works with thousands of companies and offers a great service - meaning very little down time, as well as great security controls, processes, etc. Some of the biggest names in technology use AWS for their data storage and server power. We trust their service and protocols.
- The VOMO Platform has all up to date AWS security audits, SSL certificates, etc. to ensure that industry standard practices to secure, encrypt, and protect the databases that live in the AWS cloud.
- VOMO is developed using some of the largest and most successful Open Source packages in use today. Our team keeps current with security patching by following the proper security advisory channels for these packages as well as using automated audit tools to detect any packages that may contain vulnerabilities. Our platform partner is fully SOC 2 and PCI compliant.
- For a list of data stored when a Volunteer Account is created, visit this support article: How do I Create My Volunteer Account?
- Disaster and Recovery Protocols
- VOMO maintains a high availability hosting environment with Amazon AWS. We utilize a number of AWS services to ensure scalability and redundancy. In the event of a catastrophic event that takes down AWS services, our source code and select backups are stored in a tertiary location/service.
- VOMO maintains several instances of the platform service in the AWS cloud and locally on Developer machines to ensure that the platform codebase and data are backed up regularly.
- Access to the AWS environment is controlled and configured with strict Identity and Access Management (IAM) policies, as well as strict Access Control List (ACL) policies to ensure that only the necessary Virtuous Developers have access to AWS. Also, we does not use public S3 buckets, so no data is ever exposed outside of the AWS environment.
- In the event of a Breach, we practice the AWS suggested best practices as detailed at https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/
- How do we access our data in the event of contract termination?
- We can provide a dump of all of the data in CSV format if any partner terminates their agreement.
- If I pay with my Credit Card, is my payment information protected?
- We partner with a service called Stripe for all online payment processing. Stripe is one of the industry leaders in credit card processing, and they power thousands of payments every day. They are highly trusted in our industry for security, and take strong measures to make sure that the data they store on our behalf is secure. They also maintain SOC and PCI compliance on their platform.
- We never stores Credit Card information in our own databases. Everything is always stored directly within the Stripe environment.
- Is the data used in Background Checks protected?
- We partners with Sterling Volunteers and Checkr to run all background checks initiated through the Admin Dashboard. This means that all data collected from Sterling Volunteers and Checkr to complete a background check (SSN, DL, DOB, Address, etc.) are directly run on our partner's servers and stored in their databases. We never sees, stores, or attempts to collect this sensitive data in the process. When the background check is complete, the only thing that our partner passes back to VOMO is the status of the background check and a link to view the background check on your secure Sterling Volunteer or Checkr Dashboard.
- Any manual background checks that are added into VOMO are comprised only of the following data fields: Background Check Completion Date, Background Check Expiration Date, Status of Background Check, and additional notes about the check that is on file in another system.
- Is all donation data from your partner's protected?
- We integrate with Virtuous Payments to allow our customers to connect their donation management solution to their VOMO Account. All donation providers handle all payment information directly, and are SOC and PCI compliant. We never see, store, or attempt to collect donation data in the process. When the donation is complete, the only thing that our giving solution partners pass back is the status of the donation, amount, and a transaction ID to populate the Admin Giving Dashboard.