Protect your data,
byte by byte:

Security & Privacy

At Millie, protecting your data is at the heart of everything we do.Our platform is built to help companies and their teams give back with confidence, and that means keeping information safe, private, and available when you need it.
FAQs

Security

SOC 2 Type II ✅
Millie has a SOC 2 Type II Report and we're audited every year for SOC 2 Type II. Our security controls are not only well-designed but have been proven to operate effectively over time. This independent audit evaluates our practices against the industry-recognized Trust Services Criteria for security, availability, and confidentiality.

Want to review the report?
Email team@milliegiving.com and we’ll share a copy (subject to a standard NDA).
Business Continuity & Disaster Recovery
Redundant infrastructure: Our platform is hosted in geographically diverse, SOC-audited data centers to ensure high availability.

Regularly tested backups: Encrypted backups are taken and tested to enable rapid recovery in the event of an incident.

Documented incident response: We maintain a formal incident response plan and practice it regularly.
Application & Infrastructure Security
Secure development lifecycle: Code changes undergo peer review, automated testing, and security scanning before release.

Regular penetration testing: Independent security firms conduct penetration tests to identify and remediate potential vulnerabilities.

Continuous monitoring: We employ automated monitoring and alerting to detect and respond to threats in real time.

Privacy & Data Protection

integrations collage
Compliance with Global Privacy Regulations
Millie complies with key privacy frameworks, including the EU General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA).Our policies and processes are designed to uphold the highest standards of privacy for our users and partners.
Transparent Practices
Our Privacy Policy and cookie policy clearly explain:What information we collect and whyHow we store, use, and protect that informationYour rights and choices regarding your dataThese policies are kept current and are publicly accessible at all times.
Breach Notification
At Millie, we understand the critical importance of compliance with data breach reporting requirements outlined in the California Privacy Rights Act (CPRA) and the General Data Protection Regulation (GDPR). As such, we commit to notifying relevant supervisory authorities or relevant data controller partners within 72 hours of detecting a breach.
Privacy Reporting
Millie maintains an accurate and up-to-date privacy policy and cookie policy that is available for anyone to read. We commit to transparency about how we handle and secure your data, what we collect, and why we collect it, always. You can find our privacy policy here: https://www.milliegiving.com/privacy-policy
millie collage

Frequently Asked Questions

What physical security assurances does Millie's cloud service providers offer?
At Millie, we take pride in the robust security measures integrated into every aspect of our operations, including our application development and physical infrastructure. Our application is developed on Heroku, a platform that utilizes Amazon Datacenters, known for their stringent security protocols and industry-leading infrastructure.

By leveraging Heroku's platform, which is built on Amazon Web Services (AWS), we inherit the comprehensive security features and certifications that AWS provides. This includes data encryption, network security, access controls, and regular security audits, ensuring that our application is hosted within a secure and reliable environment.

Moreover, the physical security of Amazon Datacenters, including measures such as strict access controls, surveillance systems, and rigorous personnel screening, directly contributes to the overall security posture of our application. As a result, our users can trust that their data is housed within a secure infrastructure that adheres to the highest standards of physical security.
How does Millie secure user's access to the Millie giving application?
At Millie, we ensure that our partners' users have the tools needed to secure their accounts from unauthorized access. That's why Millie supports SSO with SAML 2.0, and automated provisioning with SCIM 2.0 to make authentication and access control convenient and secure. Moreover, this means we can seamlessly integrate SSO with Auth0, Okta, Microsoft Azure, and OneLogin.
Is Millie giving PCI-DSS compliant?
All credit card information is handed off to our PCI-compliant processor, Stripe. Our servers never see nor store any credit card data.
Who are Millie's Subprocessors?
Millie's subprocessors typically include Stripe, Slack, and Google, but it can also include any of the integrations our partners choose to integrate into their organization on the Giving app.
Does Millie leverage the OWASP top 10 to secure its application development and code?
Millie development teams are trained to understand and address the vulnerabilities outlined in the OWASP Top 10, ensuring that these security risks are proactively mitigated throughout the development lifecycle.

By incorporating the OWASP Top 10 into our development practices, we prioritize the identification and remediation of critical security concerns such as injection attacks, broken authentication, sensitive data exposure, and other common vulnerabilities. This proactive approach allows us to build secure, resilient software that protects our users and their data.
video thumbnail
Watch a 2 minute Millie tour
arrow

Ready to make an impact?

Get started on Millie to launch or grow your corporate social impact program. Connect with employees and stakeholders by making impactful positive change with a low lift. Demo Millie’s real time corporate social responsibility tools with our all-in-one social impact platform.
Grab a Demo
Rated #1 on G2 based on user satisfaction 😊
You’ll be in very good company