|Secure Data Storage And Backups|
|PCI-Compliant Payment Processing|
If you speak Geek and want to know all the specs and various acronyms, proceed below (or pass the information on to your IT person).
Storage And Certifications
Your data is stored using Amazon Web Services (AWS), based in the U.S. Certifications for AWS data centers include SOC2, PCI-DSS Level 1, and ISO 27001. For more detailed information on security controls and certifications, see the AWS Cloud Security page.
All of your data is automatically backed up using Amazon Relational Database Service (Amazon RDS) so you don't have to worry about losing any of the information you enter in the software.
Disaster Recovery Protocols
We have a system in place for customer data recovery. Your data is backed up and archived nightly at a secondary secured location so it can be recovered if a disaster occurs.
Secure Payment Processing
Aplos is fully PCI compliant, and equips you to securely collect donations and other payments using our payment partners, which are fully PCI compliant, use data encryption, and monitor for fraud.
All network traffic at Aplos is encrypted via 256-bit Transport Layer Security (TLS). Your requests to our load balancers, the traffic between the load balancers and our servers, and the traffic between our servers are all protected via high-grade security certificates. All transaction services with TLS use HTTPS.
Multi-Level Firewall Protection
Each firewall system level includes protection and safeguards to keep your information private and secure.
We frequently monitor the software for stability and security, and we perform monthly OWASP/SANS Security Scans.
All users have unique email logins. A user may securely log in with their Google account or with a strong unique password. Passwords have a minimum character requirement, and they must include a combination of uppercase and lowercase letters, numbers, and symbols. Users will also automatically be logged out of the software after a period of inactivity.
Monitor Users With Activity Logs
You are able to know exactly what users are doing in the software by monitoring a detailed activity log that can't be edited.
We offer role-based permissions so you can control who can access different reports or areas of the software. Administrators can adjust permissions as well as add or remove users anytime.
Lock Down Information
You can reduce the risk of financial reporting fraud by locking down transactions after bank reconciliations or closing periods so those transactions can no longer be changed.
We participate in the E.U.-U.S. Privacy Shield Frameworks and comply with the Privacy Shield Principles. Go to privacyshield.gov to learn more.