Data Privacy & Security

Last updated: March 1, 2025

At DonateStock, we recognize the sensitive nature of data entrusted to us. Protecting customer information is a high priority and part of our standard business processes. To this end, DonateStock, Inc. (DonateStock) has established a formal information security program designed to reduce cyber risk and protect sensitive customer information from loss or unauthorized disclosure.

The goal of this Security Statement is to ensure transparency regarding our security practices, and to help reassure you that your data is appropriately protected.

You may report security issues to us at [email protected]

 

Datacenter / Physical

DonateStock utilizes Amazon Web Services (“AWS”) in order to take advantage of the scalability, reliability, and security of the AWS Infrastructure as a cloud service.

All data is stored and processed through AWS’s certified-secure facilities:

  • AWS is the proven leader for security and compliance in financial industry applications. learn more
  • DonateStock utilizes best in class Identity and Access Management (IAM), Resource access managment, and network topology.

 

Infrastructure

  • AWS supports 143 security standards and compliance certifications, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-3, and NIST 800-171.
  • Performance and availability metric monitoring tools alert on-call teams for quick detection and triage of application issues.
  • Internet-facing services and operating system packages are continuously assessed for security vulnerabilities through internal mechanisms and regular third party audits.
  • DonateStock leverages Cloudflare CDN to mitigate DDoS attacks and filter malicious traffic.

 

Application

  • DonateStock enforces in-transit encryption for all data on untrusted networks and supports TLS 1.3 for all inbound client communication.
  • A web application firewall is implemented to detect and block unwanted reconnaissance and malicious application-layer attacks.
  • Sensitive data and electronic files are encrypted at rest.
  • DonateStock monitors and responds to application security events.
  • Passwords are stored using a secure hashing algorithm with an industry standard work-factor.
  • Web application security is tested using periodic automated vulnerability scanning.

 

Employee Training & Policies

  • All DonateStock employees are bound by confidentiality agreements and stringent policies regarding data handling.
  • All DonateStock employees receive regular training on security best practices and compliance with privacy regulations.

 

Data Loss Prevention & Breach Preparedness

  • Disaster recovery processes are tested on a quarterly basis using automation for data recovery and application restoration.
  • DonateStock maintains a security breach response plan to respond to data breaches promptly and effectively.

 

Physical & Workstation Security

  • DonateStock workstations enforce full-disk encryption and lock sessions based on an inactivity timeout.
  • All workstations have modern anti-malware software installed.
  • Operating system and software security updates are applied at regular intervals.
  • Web browsing activity is monitored and access to malicious websites is automatically blocked.

 

Data Privacy, Compliance, & Audit

  • DonateStock retains external counsel to advise on data privacy & security regulations, as well as compliance best practices.
  • DonateStock does not sell, rent, or lease personal or business details to any third-party. Data sharing with nonprofits and partners complies with our publicly posted Terms of Use.
  • We also comply with other key data privacy requirements stipulated by the California Consumer Privacy Act (CCPA) and General Data protection Regulation (GDPR). See our publicly posted Privacy Policy for more.