Salsa Security and Data Protection

Protecting and securing your supporter data is our priority so constituents can have confidence that their personal and payment information is safe. The team at Salsa maintains strict privacy policies and security controls so your organization – and supporters – can have confidence that their information is safe and protected.

With the confidence that Salsa is maintaining the highest level of protection, your organization can focus on the important stuff -- growing your supporter base, organizing for action, advocating for change, and fundraising.

Your data is in good hands.

Salsa Platform Security Features

Strict Policies
We review and update security policies regularly. They cover a wide range of the most critical security topics including workforce clearance, physical safeguards, network standards, passwords, patching, auditing, media retention and destruction… and much more. We vigilantly monitor these written policies to make absolutely sure any and all vulnerabilities are quickly addressed and the systems stay consistently protected. Always.

There are multiple layers of security controls in place, documented in policies and procedures, integrated into the software used for monitoring access to information, and, of course, incorporated into the protection of the physical computing and data environment.

360-degrees of protection for your data means peace of mind for your constituents.

Strong Data Protection
Our policies and procedures are in place to ensure all data is protected from the moment Salsa receives it.

From policies that govern how data is handled, to separation between development and operations staff, to customer-driven security options and specific policy around handling credit card information – the team at Salsa maintains high standards for data protection.

To uphold the rigorous standards of security for your organization, Salsa works with several regulatory and standards organizations to ensure compliance:

  • PCI Compliant: When supporters donate through the Salsa platform, they are protected by the Payment Card Industry (PCI) Data Security Standard (DSS). Salsa undergoes annual recertification to achieve PCI Level 1 status. Donor information is secured at the highest industry standards
  • SSAE-16 Compliant: Issued by the American Institute of Certified Public Accountants, Standards for Attestation Engagements No. 16 (SSAE-16) certifies the control processes for organizations like Salsa that manage multiple clients through a single environment

Secure Data Backups
All data is backed up regularly and are stored offsite at the secure co-located data center with the operational expertise, standards compliance, physical security and appropriate network ecosystem to effectively protect your information at all times.

The best-in-class security protocols in place at the data center include 24/7 physical security by staff members that have been background checked. In addition, the data center has redundant and backup power supplies and redundant data communications connections. Data backup and the security of that backup is a top priority.

Robust Application, Software & Network Security
The Salsa security enforcement starts at the source – the code itself. Salsa software is developed using the most secure coding practices. Part of this process is ensuring Salsa users have a secure experience using the platform with features such as:

  • Encryption of sensitive data when transmitted
  • Access to Salsa via https only
  • Strong password requirements for user accounts
  • API tokens
  • Limited unsuccessful logins & timeout after inactivity

Additionally, all Salsa employees (anyone who can access user data) must use two factors to verify their identity before accessing the Salsa platform from a remote location. This second identifying factor ensures only appropriate, safe users are accessing the platform, and all access points are secure.

Committed to Continuity
The Salsa platform is designed to provide organizations with service around the clock – 24 hours a day, 7 days a week, 365 days a year. When you need real-time information about Salsa service status, check @salsalabsops on Twitter.