Trusted by nonprofits and grant makers around the world, Resilia takes a first principles approach to security and data protection. Robust policies and best practices around our people, processes and technology work together to keep your data safe and secure.

Key security offerings

Data Privacy

  • Privacy: Our privacy policy, including how we comply with GDPR and CCPA, can be found at https://www.resilia.com/privacy.

  • SOC 2: We're committed to handling our user and partner data securely, so we built our technology and our internal controls from security best practices, with SOC 2 compliance in mind. We will be actively pursuing SOC 2 Type II certification. The SOC 2 (System and Organization Controls) Type II report is a globally recognized security measure that rates a service provider's compliance with security, availability, and confidentiality best practices.

  • HIPAA: While Resilia itself is not a HIPAA compliant organization, our underlying technology vendors that manage our persisted data and documents are. We periodically evaluate our HIPAA standing should the need to become compliant arise.

Account Security

Payment Data

All payment data is housed and managed directly by Stripe.com, the world's leader in online payments processing (https://stripe.com/docs/security/stripe).

Hosting

Hosted on Heroku cloud service (a Salesforce subsidiary), Resilia benefits from the comprehensive security controls in place to secure our servers physically and virtually (https://www.heroku.com/policy/security).

Customer Data

Customer data is persisted on servers managed by Heroku (see Hosting above) and protected internally via strict access controls, including but not limited to 2FA. All network communication secured with TLS 1.2.

Quality Controls

Every code change is done in house and reviewed by peers, whether it’s a new feature or bug fix. Security reviews are performed as appropriate for the work. Extensive testing and vulnerability assessments are performed continuously and automatically against all code before it ever gets deployed into the real world.