Security

Learn about HelloCure's data and application security.

Core Technologies

Payments

HelloCure’s payment processing is managed by Stripe. Stripe is PCI Service Provider Level 1 certified, the highest level of certification attainable within the payments industry, and uses industry-standard encryption and strict compliance with PCI DSS regulations, ensuring that data is always kept protected. This ensures that all transactions are securely processed. To learn more about Stripe's payment security, more information is available in their documentation here.

HelloCure does not store or process any credit card information.

Data Storage

HelloCure uses industry best practices in keeping data secure. HelloCure uses Heroku and Amazon Web Services (AWS), both recognized leaders in secure data, for hosting of services and collection and storage of data.

User information, including nonprofit, parent, and ally (donor) details such as names, emails, addresses, donation amounts, is stored securely on Amazon's RDS servers located in The United States (us-east-2a). Files including nonprofit logos, donation page cover images/videos, and any other images uploaded into HelloCure settings, are stored in Amazon’s S3 in The United States (us-east-2).

Data is encrypted at rest using industry standard AES-256 encryption.

We do not share or sell user data with third parties.

Web Application Firewall

In addition to application level security, HelloCure’s services also use a Web Application Firewall (WAF) for added security measures to safeguard against various threats. This includes DDOS flood protection, the OWASP Top 10 vulnerabilities list, and automatic detection and blocking of attacks targeting common web frameworks.

SSL Certificate

All data undergoes encryption through SSL or TLS protocols, guaranteeing secure transmission over the internet. Users can validate the authenticity of HelloCure's SSL Certificate on any hellocure.org webpages.

User Authentication

HelloCure's services employ two distinct login systems tailored to account profiles. Nonprofit and parent logins utilize Auth0, an industry leader in user authentication. For allies (donors), login options include Google Login, Facebook Login, and email authentication. For email-based authentication, HelloCure utilizes Django’s authentication framework, guaranteeing secure session management. HelloCure never stores user passwords.