Security

Bank-Level Security

All data encrypted in transit and at rest.

This image has an empty alt attribute; its file name is image-26.png

Plaid Secure Connections

We use Plaid for read-only access. No banking credentials stored.

Stripe Payment Security

Stripe handles all payment tokenization and processing.

PCI Compliance

Our infrastructure follows PCI DSS standards.

Transparency

Every donation is tracked, reconciled and auditable.

Full Security Policy


Effective Date: 1 November 2025

Tributive takes security seriously. This Security Policy outlines how we protect donor data and ensure secure operation of our platform.

1. Hosting

Servers hosted on Amazon Web Services (AWS) with SOC 2, ISO 27001, and PCI DSS compliance.

All server instances hardened and regularly patched.

2. Data Protection

Encryption in Transit: TLS 1.2+

Encryption at Rest: AES-256

Key Management: Managed via AWS KMS

3. Access Controls

Role-based access with principle of least privilege.

Two-factor authentication enforced for all production systems.

4. Monitoring & Logging

Centralized logging of access and transactions.

Automated alerts for anomalies or suspicious activity.

5. Incident Response

Documented incident response plan with triage, notification, and remediation steps.

Users are notified promptly if their data is involved in a breach.

6. Vendor Management

Vendors (e.g., Plaid, Stripe) undergo security review before integration.

Vendor compliance with SOC 2 and PCI DSS required.

7. User Responsibilities

Protect your account credentials.

Notify us immediately if you suspect unauthorized access.