Security
If you speak Geek and want to know all the specs and various acronyms, proceed below (or pass the information on to your IT person).
Secure data storage and backups
PCI-compliant payment processing
TLS encryption
Firewall protection
Frequent monitoring
Internal controls
Privacy safeguards
Your data is protected with AES 256 encryption and stored using Amazon Web Services (AWS), based in the U.S. Certifications for AWS data centers include SOC2, PCI-DSS Level 1, and ISO 27001. For more detailed information on security controls and certifications, see the AWS Cloud Security page.
All of your data is automatically backed up using Amazon Relational Database Service (Amazon RDS) so you don't have to worry about losing any of the information you enter in the software.
We have a system in place for customer data recovery. Your data is backed up and archived nightly at a secondary secured location so it can be recovered if a disaster occurs.
Aplos is fully PCI compliant, and equips you to securely collect donations and other payments using our payment partners, which are fully PCI compliant, use data encryption, and monitor for fraud.
All network traffic at Aplos is encrypted via 256-bit Transport Layer Security (TLS). Your requests to our load balancers, the traffic between the load balancers and our servers, and the traffic between our servers are all protected via high-grade security certificates. All transaction services with TLS use HTTPS.
Each firewall system level includes protection and safeguards to keep your information private and secure.
We frequently monitor the software for stability and security, and we perform monthly OWASP/SANS Security Scans.
IDAM and MFA (Multi-Factor Authentication) protect against emerging security threats, empowering your nonprofit to stay ahead of potential risks and safeguard valuable data and your organization's reputation.
All users have unique email logins. A user may securely log in with their Google account or with a strong unique password. Passwords have a minimum character requirement, and they must include a combination of uppercase and lowercase letters, numbers, and symbols. Users will also automatically be logged out of the software after a period of inactivity.
You are able to know exactly what users are doing in the software by monitoring a detailed activity log that can't be edited.
We offer role-based permissions so you can control who can access different reports or areas of the software. Administrators can adjust permissions as well as add or remove users anytime.
You can reduce the risk of financial reporting fraud by locking down transactions after bank reconciliations or closing periods so those transactions can no longer be changed.
Aplos understands how important it is for your organization's data to be private, so we are committed to keeping it secure. Our staff is trained and required to safeguard all data with established policies and procedures. We will not, under any circumstances, sell your personal information or entered data. For questions on our privacy practices, view our Privacy Policy.
We participate in the E.U.-U.S. Privacy Shield Frameworks and comply with the Privacy Shield Principles. Go to privacyshield.gov to learn more.
Setup assistance, training resources, and help with data migration
Free, ongoing software support
Award-winning Aplos Academy and Support Center for tutorials
