We take security of payments and the privacy your organisation and donor data very seriously. Our team have take all steps possible to carefully build a system with integrity, so that today we can say we are confident in our security measures that protect those who use our system.
The measures we have implemented to ensure our platform is as secure include:
- Secure TLS protocols
- PCI compliance
- Encryption of sensitive data
- IP checks to prevent suspicious transaction or registration activity
- Cross Site Request Forgery (CSRF) & XSS prevention
- Dos attack protection
- Invisible reCAPTCHA to stop bots
- Multi-factor authentication for all users (organisations and donors)
- Auto logout (after 30 mins)
- User lockout (after consecutive fail attempts to login, register and reset password)
- Strict auditing all ABNs, organisations and causes (maintaining a history of changes)
- Role based access control for OrgHQ users
- No storage of donor credit card details
It is important that organisations know that we will never:
- contact you via text message or phone, seeking detailed information about your personnel, donors, and organisation bank account payment details. We will only communicate in written form via email to:
- your organisation: via the registered email addresses for your OrgHQ users, that will include a request to update OrgHQ only.
- a donor: via the email address registered when they made the donation via our platform. The email will include a link to enter their password to and then update their contact or payment details on MyGiving only. Existing payment details are masked.