What physical security assurances does Millie's cloud service providers offer?
At Millie, we take pride in the robust security measures integrated into every aspect of our operations, including our application development and physical infrastructure. Our application is developed on Heroku, a platform that utilizes Amazon Datacenters, known for their stringent security protocols and industry-leading infrastructure.
By leveraging Heroku's platform, which is built on Amazon Web Services (AWS), we inherit the comprehensive security features and certifications that AWS provides. This includes data encryption, network security, access controls, and regular security audits, ensuring that our application is hosted within a secure and reliable environment.
Moreover, the physical security of Amazon Datacenters, including measures such as strict access controls, surveillance systems, and rigorous personnel screening, directly contributes to the overall security posture of our application. As a result, our users can trust that their data is housed within a secure infrastructure that adheres to the highest standards of physical security.
How does Millie secure user's access to the Millie giving application?
At Millie, we ensure that our partners' users have the tools needed to secure their accounts from unauthorized access. That's why Millie supports SSO with SAML 2.0, and automated provisioning with SCIM 2.0 to make authentication and access control convenient and secure. Moreover, this means we can seamlessly integrate SSO with Auth0, Okta, Microsoft Azure, and OneLogin.
Is Millie giving PCI-DSS compliant?
All credit card information is handed off to our PCI-compliant processor, Stripe. Our servers never see nor store any credit card data.
Who are Millie's Subprocessors?
Millie's subprocessors typically include Stripe, Slack, and Google, but it can also include any of the integrations our partners choose to integrate into their organization on the Giving app.
Does Millie leverage the OWASP top 10 to secure its application development and code?
Millie development teams are trained to understand and address the vulnerabilities outlined in the OWASP Top 10, ensuring that these security risks are proactively mitigated throughout the development lifecycle.
By incorporating the OWASP Top 10 into our development practices, we prioritize the identification and remediation of critical security concerns such as injection attacks, broken authentication, sensitive data exposure, and other common vulnerabilities. This proactive approach allows us to build secure, resilient software that protects our users and their data.