CanadaHelps takes the security of donors and charities very seriously. In our 20 years, we have maintained a spotless security record. 

We ensure all data is 100% secure, private, backed up and remains in Canada. Our data centers are located in Canada – the servers have redundant backups and are constantly monitored for security breaches. Data Centers are kept physically secure using a number of precautions, including locked cages and cabinets, limited access to the buildings and advanced security and surveillance systems. Access to production data including donor and charity PII requires 2-factor authentication, and only authorized personnel are granted access. CanadaHelps also utilizes the cloud services provided by Microsoft. CanadaHelps is only utilizing Microsoft’s Canadian data centres for our servers and data storage. Remote access to our cloud servers and storage is limited and uses the principle of least privilege. Furthermore, CanadaHelps never stores any credit card details on our servers. All payment and credit card details are saved by Chase Paymentech, whose service we access using secure communication channels. Chase Paymentech uses world class security and processes 900 transactions each second – that’s over 77 million transactions daily.

We ensure payment processing is secure. We follow stringent security standards and maintain the highest level of PCI compliance, currently 3.2.1 PCI (Payment Card Industry’s Data Security Standards) is the current gold standard in the industry and was created by major card brands, Visa, MasterCard, Discover, AMEX and JCB; it is designed to ensure that processing, storing and transmitting credit card information is secure. Learn more about PCI. All of our datacentres conform to these high standards that can also be applied to the transmission and storage of any form of sensitive data.

We ensure we are current in all processes and standards. We have set monthly, quarterly and annual processes to ensure we meet or exceed the latest standards. In addition to being fully PCI compliant, we use an external Qualified Security Assessor (QSA) to ensure we are in full compliance. We also have an Extended Validation Certificate so that Canadians can trust we have passed a rigorous independent audit of our encryption technology.

Supporting Documents:
We do monthly vulnerability scans and make the results available on a quarterly basis.  The current scan is available upon request.

Security Policies:
CanadaHelps have clear written policies to cope with security breaches. We also perform background checks on all employees and require them to read and understand our corporate policies regarding the handling and protection of sensitive data.