Talk to our team!

Fill out the form below to schedule a demo or call our sales team at
469-564-3922

Book your demo!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By providing your contact information you agree to receive communications from Subsplash including but not limited to emails, phone calls, and text messages. Message and data rates may apply. Message frequency varies. Opt out available. You can learn more about how we handle your personal data and your rights by reviewing our privacy policy.

Subsplash Security & Reliability—Keeping your data safe

Last updated September 4, 2024

The Subsplash Platform is built with the highest level of security to keep you and your community safe.

ORGANIZATIONAL SECURITY

Information Security Program

We have a robust Information Security Program in place that is communicated throughout the company.

Third-Party Audits & Penetration Testing

Subsplash undergoes independent third-party assessments to test our security and compliance controls. Additionally, we perform an independent third-party penetration at least annually to ensure that the security of our services is uncompromised.

Roles & Responsibilities

The roles and responsibilities related to our Information Security Program and the protection of customer and user data are well-defined and documented. Our entire team is required to review and accept all of the current security policies.

Security Awareness Training

Our team also completes security awareness training that covers industry-standard practices and information security topics such as phishing and password management. This training occurs during the onboarding process for new employees and annually thereafter.

Confidentiality

All employees are required to agree and adhere to an industry-standard confidentiality agreement prior to their first day of work.

Background Checks

Background checks are performed on all new employees in accordance with local laws.

Security Bug Bounty

We run an ongoing bounty program through Bugcrowd to provide penetration testing across all of our products on the Subsplash Platform. These security researchers are some of the best in the world at finding vulnerabilities and responsibly disclosing them. Our bounty program is open to anyone who finds a security vulnerability. (To report a vulnerability, please request an invite to our program by contacting us at security@subsplash.com.)

PCI Compliance

The Payment Card Industry Data Security Standards are a set of standards set forth by the four major card associations to protect cardholder data. All merchants and processors need to have physical, electronic, and procedural controls in place to ensure that cardholder data is stored and handled securely at all times. Subsplash is PCI Level 1 Compliant and has the highest level of data security to ensure that your church’s and donor’s data is protected.

Our primary payment processor is Stripe. They are one of the largest, most secure payment processors in the world. Stripe is also a certified PCI Service Provider Level 1 payment processor.

CLOUD SECURITY

Cloud Infrastructure Security

While we primarily use Amazon Web Services (AWS) as our hosting provider, we also run workloads on other cloud providers all of which have robust security policies in place. For more information on AWS’s security processes, please visit AWS Security.

Encryption at Rest & in Transit

Subsplash keeps your data encrypted and secure. All databases are encrypted at rest, and Subsplash applications encrypt in transit with TLS/SSL only.

Vulnerability Scanning

We perform vulnerability scanning and actively monitor for threats.

Business Continuity & Disaster Recovery

We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.

Incident Response

We have processes in place for handling information security events, including escalation procedures, rapid mitigation, and communication.

ACCESS & MANAGEMENT SECURITY

Permissions & Authentication

Access to cloud infrastructure and other sensitive tools is limited to authorized employees who require it for their role. Where available, we implement Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies to ensure that access to cloud services is protected.

Least Privilege Access Control

We follow the principle of least privilege with respect to identity and access management.

Quarterly Access Reviews

Quarterly access reviews are performed on all employees with access to sensitive systems.

Password Requirements

Our entire team is required to adhere to a minimum set of password requirements and complexity for access.

Local Equipment Security

All company-issued laptops are encrypted and utilize a password manager for team members to manage passwords and maintain password complexity.

VENDOR & RISK MANAGEMENT

Annual Risk Assessments

At least annually, we undergo risk assessments to identify any potential threats, including considerations for fraud.

Vendor Risk Management

Vendor risk is determined and the appropriate vendor reviews are performed prior to authorizing a new vendor.

QUESTIONS

If you have any further questions about security, please get in touch with our team. Read more in our Privacy Policy and Terms of Service.

GET IN TOUCH
Connect
SupportSystem statushello@subsplash.comTalk to sales: 469-564-3922
PLATFORM
Platform updatesSecurity
ABOUT US
CompanyCareersNewsroom
LEGAL
Terms of serviceTerms of usePrivacyDo not sell my personal information
Cookies settings