Information Security at ChangeUp

Our Promise to You

At ChangeUp, we recognize the importance of data security and privacy as the cornerstone of trust with our clients and partners. Our commitment to protecting your information is unwavering, and we employ a multifaceted approach to safeguard your data, in compliance with the highest industry standards and regulations.

Comprehensive Compliance and Certifications

  • SOC 2 Type II Compliant: Our operations meet and exceed the stringent requirements for security, availability, processing integrity, confidentiality, and privacy.
  • PCI DSS Compliant (SAQ A): We maintain a secure transaction environment that adheres to the Payment Card Industry Data Security Standard.
  • IRS Compliant: Our tax handling processes are designed to align with IRS compliance, ensuring accurate and secure financial transactions.
  • US Data Privacy: (USDP) framework is a compliance solution that combines requirements from various US state laws, including CCPA, CPRA, UCPA, CTDPA, CPA, and VCDPA, to help organizations manage personally identifiable information (PII) following state-level privacy regulations.

Robust Data Governance

Led by our Data Protection, our data governance policies ensure adherence to GDPR, CCPA, and other data protection laws. We are dedicated to upholding the rights of our clients through:

  • Data Protection and Privacy: Implementing strict controls over personal data in accordance with legal and ethical standards.
  • Regular Audits and Assessments: Evaluating and improving our security posture with regular audits to identify and address potential risks.
  • Employee Training and Awareness: Educating our team to reinforce their role in maintaining the highest standards of security and privacy.

Platform Security

Safe and Secure Platform

ChangeUp uses AWS’s top security practices to secure infrastructure. AWS incorporates industry-leading security practices and is engineered to safeguard customers from threats by implementing security measures across all layers, from the physical infrastructure to the application level. ChangeUp and its information stand-alone, getting quick security updates automatically without needing any work from users or stopping the service.

Enterprise-Grade Infrastructure

ChangeUp is built on AWS ECS cloud architecture and can effortlessly handle millions of donation transactions, ensuring unparalleled scalability, security, and compliance.

With horizontally scalable architecture, partner applications can seamlessly handle large volumes of transactions without compromising performance—further, an elastic infrastructure scales to meet demand, ensuring a smooth and uninterrupted experience for customers.

On the front end, we harness the power of ExtJS, Preact, and Chakra UI to create intuitive user interfaces. ExtJS offers a comprehensive framework with robust features, while Preact provides lightning-fast widget rendering. With Chakra UI, designs come to life with beautiful and customizable components. TypeScript enhances productivity and maintainability, allowing for quick and easy development.

The ChangeUp backend leverages the capabilities of NestJS and TypeScript to build a solid foundation. NestJS, a robust backend framework, enables rapid and efficient development, while TypeScript ensures better code quality. Our integration with MongoDB, a NoSQL database, empowers the storage and retrieval of data with speed and flexibility.

High Availability

We take pride in our consistent reliability, ensuring your operations proceed without interruption. In the event of an incident, we’re equipped with thorough incident response and clear customer communication plans.

Third-Party Penetration Testing

ChangeUp takes a proactive approach to security by collaborating with third-party security experts who perform an annual penetration test on our cloud platform. This yearly assessment identifies and addresses potential vulnerabilities while following the strictest web application security standards. Following the guidelines set by the Open Web Application Security Project (OWASP) Web Application Penetration testing methodology, the evaluation encompasses security assessments of source code, the ChangeUp APIs, and comprehensive penetration testing.

Transparent Practices​

Our commitment to transparency is reflected in our privacy compliance policy, which outlines the responsible handling of personal information. We ensure clear communication regarding data subject access requests (DSAR/SAR), breach notification, and identity verification processes.

Consumer Rights and Access

We respect and uphold consumer rights, providing a streamlined process for individuals to access, correct, or delete their personal data. Our SAR/DSAR response protocol is efficient and respectful, ensuring prompt and appropriate action on consumer requests.

Continuous Improvement and Open Communication

ChangeUp is dedicated to continuous improvement in information security and privacy. We welcome feedback and engage with our community to refine and strengthen our security measures. For security concerns or inquiries, please reach out to security@changeup.com.

Useful Links

Support Ukraine