Security & privacy
Predictive AI models
Predictive AI models
Data security in Dataro
Like you, we take the security of your donor data very seriously. Dataro is committed to the highest standards of data security, privacy and ethics.
Data Security
Data Security is built into the heart of our system architecture and adheres to strict standards, ensuring that your data is safe in transmission and at rest.
Donor Privacy
We understand the vital role that data security plays in keeping your donors' trust and we build donor privacy into every level of our systems.
AI Transparency
AI shouldn’t be a “black box.” Dataro is committed to ethical, explainable AI, ensuring full transparency into the data that is used by our models.
Trusted by 300+ nonprofits in 20+ countries
Trusted by 300+ nonprofits in 20+ countries
Trusted by 300+ nonprofits in 20+ countries
Protecting your data
Dataro upholds strict standards for data security and donor privacy, including SOC2 Type 2 certification. SOC 2 compliance is considered to be one of the most stringent and industry-accepted auditing standards set forth by the American Institute of Certified Public Accountants (AICPA) to help service providers securely manage data in the cloud.
We support nonprofit clients in over 20 countries, including European organizations bound by the standards of the GDPR, the strongest privacy and security law in the world.
Protecting your data
Dataro upholds strict standards for data security and donor privacy, including SOC2 Type 2 certification. SOC 2 compliance is considered to be one of the most stringent and industry-accepted auditing standards set forth by the American Institute of Certified Public Accountants (AICPA) to help service providers securely manage data in the cloud.
We support nonprofit clients in over 20 countries, including European organizations bound by the standards of the GDPR, the strongest privacy and security law in the world.
Protecting your data
Dataro upholds strict standards for data security and donor privacy, including SOC2 Type 2 certification. SOC 2 compliance is considered to be one of the most stringent and industry-accepted auditing standards set forth by the American Institute of Certified Public Accountants (AICPA) to help service providers securely manage data in the cloud.
We support nonprofit clients in over 20 countries, including European organizations bound by the standards of the GDPR, the strongest privacy and security law in the world.
How we keep your organization and your donors safe
For more detailed technical information, select a category.
Data storage & encryption
All client data is stored at rest in Amazon Web Services (AWS) S3 Buckets which are by default industry-standard AES-256 Encrypted and Private.
Modelling metadata and app-related outputs (outputs for display in the Dataro platform) are stored in an AWS Aurora Postgres database that exists in a private subnet in our own AWS VPC and is not directly accessible from the internet.
Data is processed in virtual machine images (Docker containers) on dynamically allocated compute instances (AWS Batch). As such there are no standing instances to access or compromise. This dramatically reduces our potential attack surface.
Dataro’s web application is architected using a ‘serverless’ framework where backend requests are processed using abstracted compute units (AWS Lambda) instead of standing instances.
AWS is a top-tier cloud vendor and in the cases above there are huge security benefits to using their managed services (Batch, S3, Lambda) instead of managing our own servers. Issues such as patching, disaster recovery, backups, configuration and so forth are handled by AWS as part of their managed service offering.
Confidentiality & access control
We have implemented stringent controls governing this data.
Awareness training is provided to all employees during the on-boarding process which covers the importance of and best practices for handling customer data. Access to the production buckets is provisioned using AWS Identity and Access Management (IAM) and is currently directly accessible to the production processing system and Dataro’s CTO (Chief Technical Officer) and senior engineering staff.
Access to Dataro environments within Dataro is limited only to the most senior employees who have been trained in our security protocols. Control measures include access restriction to privileged groups with additional authentication requiring 2FA and password strength requirements in line with best practice.
Dataro adopts a risk-based approach to processing, in particular, from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to information.
Data security in transit
Data is collected from Customer systems using the Customer’s CRM vendor’s API or it is sent to Dataro directly using best practice Secure File Transfer Protocol (SFTP).
Physical security measures
Physical security controls in our offices ensure robust physical security appropriate to the nature of our business. All Dataro resources are hosted in secure facilities (in Australian, the UK, or US, based on client preference) provided by AWS. AWS has best-in-market data centre controls: https://aws.amazon.com/compliance/data-center/controls/
System updates & security
We deploy updates to our system using a rigorous CI/CD (Continuous Integration and Continuous Delivery) process which includes automated testing for a number of security hazards, including static and dynamic analysis of the code and deployed systems.
Data processing
Contact persons and project managers are identified for all projects. All Dataro employees receive appropriate privacy and annual data security training and are required to comply with Dataro’s IT security policy.
Data modeling & PII
We seek to abide by privacy by design principles and as such, with respect to data about our Customers’ donors, we only capture information which the Customer has agreed to and directly relates to our ability to deliver our service and product. While Dataro stores four types of Personally Identifiable Information (PII): email address, phone, mailing address, and last name, we do not use any PII for modeling. Our proprietary data models are trained on non-personal data in our global data set (the Dataro data pool).
Data integrity & business continuity
Administration activities on servers are only carried out by trained personal who are the most senior at Dataro. 2FA is compulsory for all activities involving access to customer data stored by Dataro. We care about the resilience of our products and appreciate that disruptions can happen, so have developed our Business Continuity Plan appropriate to the size of Dataro and scope of products supplied. Key processes include: annual business continuity plan reviews, including key risks and contingencies, plus building services to utilise redundancy capabilities of our cloud services providers.
Data retention
At the conclusion of your subscription, we delete all the raw data we are holding for your organization, including all personal data.
Data storage & encryption
All client data is stored at rest in Amazon Web Services (AWS) S3 Buckets which are by default industry-standard AES-256 Encrypted and Private.
Modelling metadata and app-related outputs (outputs for display in the Dataro platform) are stored in an AWS Aurora Postgres database that exists in a private subnet in our own AWS VPC and is not directly accessible from the internet.
Data is processed in virtual machine images (Docker containers) on dynamically allocated compute instances (AWS Batch). As such there are no standing instances to access or compromise. This dramatically reduces our potential attack surface.
Dataro’s web application is architected using a ‘serverless’ framework where backend requests are processed using abstracted compute units (AWS Lambda) instead of standing instances.
AWS is a top-tier cloud vendor and in the cases above there are huge security benefits to using their managed services (Batch, S3, Lambda) instead of managing our own servers. Issues such as patching, disaster recovery, backups, configuration and so forth are handled by AWS as part of their managed service offering.
Confidentiality & access control
We have implemented stringent controls governing this data.
Awareness training is provided to all employees during the on-boarding process which covers the importance of and best practices for handling customer data. Access to the production buckets is provisioned using AWS Identity and Access Management (IAM) and is currently directly accessible to the production processing system and Dataro’s CTO (Chief Technical Officer) and senior engineering staff.
Access to Dataro environments within Dataro is limited only to the most senior employees who have been trained in our security protocols. Control measures include access restriction to privileged groups with additional authentication requiring 2FA and password strength requirements in line with best practice.
Dataro adopts a risk-based approach to processing, in particular, from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to information.
Data security in transit
Data is collected from Customer systems using the Customer’s CRM vendor’s API or it is sent to Dataro directly using best practice Secure File Transfer Protocol (SFTP).
Physical security measures
Physical security controls in our offices ensure robust physical security appropriate to the nature of our business. All Dataro resources are hosted in secure facilities (in Australian, the UK, or US, based on client preference) provided by AWS. AWS has best-in-market data centre controls: https://aws.amazon.com/compliance/data-center/controls/
System updates & security
We deploy updates to our system using a rigorous CI/CD (Continuous Integration and Continuous Delivery) process which includes automated testing for a number of security hazards, including static and dynamic analysis of the code and deployed systems.
Data processing
Contact persons and project managers are identified for all projects. All Dataro employees receive appropriate privacy and annual data security training and are required to comply with Dataro’s IT security policy.
Data modeling & PII
We seek to abide by privacy by design principles and as such, with respect to data about our Customers’ donors, we only capture information which the Customer has agreed to and directly relates to our ability to deliver our service and product. While Dataro stores four types of Personally Identifiable Information (PII): email address, phone, mailing address, and last name, we do not use any PII for modeling. Our proprietary data models are trained on non-personal data in our global data set (the Dataro data pool).
Data integrity & business continuity
Administration activities on servers are only carried out by trained personal who are the most senior at Dataro. 2FA is compulsory for all activities involving access to customer data stored by Dataro. We care about the resilience of our products and appreciate that disruptions can happen, so have developed our Business Continuity Plan appropriate to the size of Dataro and scope of products supplied. Key processes include: annual business continuity plan reviews, including key risks and contingencies, plus building services to utilise redundancy capabilities of our cloud services providers.
Data retention
At the conclusion of your subscription, we delete all the raw data we are holding for your organization, including all personal data.
Data storage & encryption
All client data is stored at rest in Amazon Web Services (AWS) S3 Buckets which are by default industry-standard AES-256 Encrypted and Private.
Modelling metadata and app-related outputs (outputs for display in the Dataro platform) are stored in an AWS Aurora Postgres database that exists in a private subnet in our own AWS VPC and is not directly accessible from the internet.
Data is processed in virtual machine images (Docker containers) on dynamically allocated compute instances (AWS Batch). As such there are no standing instances to access or compromise. This dramatically reduces our potential attack surface.
Dataro’s web application is architected using a ‘serverless’ framework where backend requests are processed using abstracted compute units (AWS Lambda) instead of standing instances.
AWS is a top-tier cloud vendor and in the cases above there are huge security benefits to using their managed services (Batch, S3, Lambda) instead of managing our own servers. Issues such as patching, disaster recovery, backups, configuration and so forth are handled by AWS as part of their managed service offering.
Confidentiality & access control
We have implemented stringent controls governing this data.
Awareness training is provided to all employees during the on-boarding process which covers the importance of and best practices for handling customer data. Access to the production buckets is provisioned using AWS Identity and Access Management (IAM) and is currently directly accessible to the production processing system and Dataro’s CTO (Chief Technical Officer) and senior engineering staff.
Access to Dataro environments within Dataro is limited only to the most senior employees who have been trained in our security protocols. Control measures include access restriction to privileged groups with additional authentication requiring 2FA and password strength requirements in line with best practice.
Dataro adopts a risk-based approach to processing, in particular, from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to information.
Data security in transit
Data is collected from Customer systems using the Customer’s CRM vendor’s API or it is sent to Dataro directly using best practice Secure File Transfer Protocol (SFTP).
Physical security measures
Physical security controls in our offices ensure robust physical security appropriate to the nature of our business. All Dataro resources are hosted in secure facilities (in Australian, the UK, or US, based on client preference) provided by AWS. AWS has best-in-market data centre controls: https://aws.amazon.com/compliance/data-center/controls/
System updates & security
We deploy updates to our system using a rigorous CI/CD (Continuous Integration and Continuous Delivery) process which includes automated testing for a number of security hazards, including static and dynamic analysis of the code and deployed systems.
Data processing
Contact persons and project managers are identified for all projects. All Dataro employees receive appropriate privacy and annual data security training and are required to comply with Dataro’s IT security policy.
Data modeling & PII
We seek to abide by privacy by design principles and as such, with respect to data about our Customers’ donors, we only capture information which the Customer has agreed to and directly relates to our ability to deliver our service and product. While Dataro stores four types of Personally Identifiable Information (PII): email address, phone, mailing address, and last name, we do not use any PII for modeling. Our proprietary data models are trained on non-personal data in our global data set (the Dataro data pool).
Data integrity & business continuity
Administration activities on servers are only carried out by trained personal who are the most senior at Dataro. 2FA is compulsory for all activities involving access to customer data stored by Dataro. We care about the resilience of our products and appreciate that disruptions can happen, so have developed our Business Continuity Plan appropriate to the size of Dataro and scope of products supplied. Key processes include: annual business continuity plan reviews, including key risks and contingencies, plus building services to utilise redundancy capabilities of our cloud services providers.
Data retention
At the conclusion of your subscription, we delete all the raw data we are holding for your organization, including all personal data.
Get Started
Fundraise smarter, starting today
AI insights and audiences to make every interaction meaningful.
Enhance campaign targeting and personalize donor engagement with AI-powered insights and audiences.
Get the latest on nonprofit data delivered to your inbox:
Get Started
Fundraise smarter, starting today
AI insights and audiences to make every interaction meaningful.
Enhance campaign targeting and personalize donor engagement with AI-powered insights and audiences.
Get the latest on nonprofit data delivered to your inbox:
Get Started
Fundraise smarter, starting today
AI insights and audiences to make every interaction meaningful.
Enhance campaign targeting and personalize donor engagement with AI-powered insights and audiences.
Get the latest on nonprofit data delivered to your inbox: