Security Description

Last Updated: 2020-03-06

At Do Some Good we are committed to providing our users with state of the art software that excels in performance, user experience and data security. This is what we have done to maintain that commitment:


  • Built using the modern React framework and Flux Architecture.
  • Mobile web application will leverage React Native, utilizing shared components for performance on both desktop and mobile.
  • Credentials verified using modern industry standard protocols.
  • API leverages the power of the ACID compliant and highly performant PostgreSQL database.
  • Uploaded media hosted by Amazon S3 & CloudFront services for highly scalable content delivery.
  • Modular architecture separates Front-end page delivery, Authorization provider, API, Database, Workers (Image Resizing, etc), and Content Delivery making each aspect individually scalable.

Security Measures

  • Sectigo Wildcard SSL Certificate for all platform pages, API endpoints and static web content.
  • Content Delivery Network, and all other secondary services protected by a wildcard SSL certificate to ensure even minor services provide end-to-end encryption.
  • Passwords are hashed using the advanced scrypt key-derivation functions, ensuring that passwords are secure from computational attacks.
  • Servers are protected by SSH private/public key-pairs instead of traditional passwords preventing issues related to weak passwords or brute force attacks.
  • Customer data and document submissions stored in a secure data centre facility monitored 24/7 on unmarked servers located in British Columbia, Canada and governed by provincial and federal privacy laws.
  • Enterprise-grade hardware firewalls in addition to software-based firewalls on each server.
  • Payment processing performed by Stripe, a PCI-Compliant 3rd party - no credit card/billing information is stored by Do Some Good Community Contribution Company.