Privacy & Security

In a digital world, data privacy and security is of paramount importance. Fundmetric has multiple levels of security including our server security, office security and security training and protocols for our team. Your data is never sold or shared among organizations or third parties.

Fundmetric Privacy Policy

Overview

Fundmetric has some core principles around data protection and security.

Notice: Our data breach protocol requires us to notify clients within 24 hours of a data breach. We also will notify you about how your data is being used should this change. Fundmetric maintains detailed access logs and has systems in place for real-time notification, mitigation and containment procedures should a problem arise.

Consent

We ask for consent before changing our procedures with the exception of system updates, should Fundmetric change it’s data handling procedure, which only allows Fundmetric staff having signed confidentiality agreements and receiving annual privacy and security agreements.

Onward Transfer

We do not permit onward transfer without the consent of the client. This is done using end to end encryption. There are three exceptions:

- Third party credit card processes (if using credit card processing through Fundmetric)
- Mailgun for email services, a provider of transactional and marketing email serves
- Email Validation Services (if elected by the client)

Data Transfer

Data Transfer uses TLS 1.2 and is secure and encrypted.

Security

We use 256 bit SSL certificates and limit the access points through which data can be accessed. We have several internal monitoring systems and access to Microsoft Security Architects for the engineering on a private server network.They review our infrastructure periodically.

Access

Access to the system is tightly controlled. Anti-Phishing training is ongoing and Fundmetric is vigilant against both technical threats and social engineering. Our staff are trained annually on the procedures and security threats both physical, social and virtually.

All computers used for the purposes of our work are Fundmetric property and subject to Fundmetric data protection and breach protocol procedures.

Fundmetric also has special screening procedures for people who may pose a threat from either a terrorism or espionage standpoint.

Fundmetric requires written permission to give user accounts and will generally check with the point of contact. There are various role-based permissions that restrict access to certain functionality for security purposes.

Enforcement

Protocols are enforced using both automated best practices as well as a streamlined reporting structure. Protocols exist for the method of communication in the event of threat to eliminate the ability for forged communications to complicate matters. A data-breach protocol is in place that is reviewed, practiced and put into practice. While we do not release the protocol itself, it does include mitigation and notification provisions for stakeholders including clients.

Fundmetric holds a Comprehensive Technology and Cyber Security insurance policy.  This is in addition to our general liability insurance.

This includes:
(A) Professional Services, Technology Services and Technology
Products Liability
(B) Media and Advertising Liability
(C) PCI DSS Assessment  
(D) Network Security and Privacy Liability
(E) Network Extortion Threat  
(F) Breach Event Services and Expenses  Yes  No
(G) Corporate Brand Protection / Crisis Management Expenses
(H) Business Interruption
(I) Data Protection and System Restoration

Product Security

Permissions

Fundmetric enables permission levels within the app to be set for your teammates. Permissions can be set to include the ability to edit or view constituent.

Passwords and Credentials

Credentials are stored using secure hash algorithms.

Uptime

Fundmetric has an uptime of 99.9% or higher.

Network and Application Security

Data Hosting and Storage

All of our servers are within our own virtual private cloud (VPC) with network access control lists that prevent unauthorized requests.

Virtual Private Cloud

Credentials are stored using secure hash algorithms.

Encryption

All data sent to or from Fundmetric is encrypted in transit using 256 bit encryption.

Backups and Monitoring

Backups are weekly for all constituent data.

Permissions and Authentication

Fundmetric is served 100% over https. Access to constituent data is limited to authorized employees who require it for their job. Fundmetric runs a zero-trust corporate network. There are no corporate resources or additional privileges that come from being on Fundmetric’s network. We have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies on tools used to build the Fundmetric platform to ensure access to cloud services are protected.

Incident Response

Fundmetric has a data breach protocol that is not publicly shared but that any customer can view upon request.

Additional Security Features

Confidentiality

All Fundmetric employment contracts include a confidentiality agreement that must be signed and returned prior to commencing employment.

Training

Annual Security and Awareness training is completed by all Fundmetric employees.

Policies

Fundmetric has developed, and frequently update, a comprehensive set of security policies. These policies cover a wide-range of topics and are shared with all employees.

PCI Obligations

All aspects of PCI compliance are handled through third party processors. Fundmetric does not store credit card information.

Organizations are using Fundmetric to help solve their toughest problems.

We are living in the era of data, and with AI implementation on the horizon for so many organizations, never before has it been more important that people and technology are brought together.

Schedule a demo