Privacy and security are our #1 priority.
This is how we keep your data safe.
Our priority is to use every measure at our disposal to safeguard data at every technical touchpoint, which we accomplish through a multifaceted approach focusing on technical optimization, user defined retention, and highly restrictive access.
All customer data is transferred securely using TLS v1.2 and above from CardUP webpages to the cloud. All requests are routed through Cloudflare which acts as a firewall. At rest, data is encrypted using AWS for databases and Cloudflare for object storage. Both AWS and Cloudflare use AES256 for disk encryption. Our IT infrastructure is 100% cloud-based.
When your device is connected to internet, data syncs to CardUP automatically, and all records are stored in CardUP's database. Backups are taken every day and stored off-site in either the AWS US-East-1 data center in Virginia, US-West-1 data center in California, or US-West-2 data center in Oregon. AWS oversees the physical security of these facilities.
CardUP stores your data indefinitely while you’re a customer. We can delete data upon explicit request. Customer data is available for download as a CSV file through the dashboard. Data can be anonymized, which removes all personally identifiable information from your Order Log, upon request. CardUP may retain customer data for up to 30 days after account closure.
We have a strict to respect the privacy of sensitive customer data: we will never sell your donor or o data, and we will not contact your donors or employees without explicit permission. Our support team will only access your account in the event of a technical support issue that requires real-time access.
CardUP provides in-product admin controls and both user and object-level permissions, plus the ability to define which third-party applications are able to access your account. Additional protocols can be utilized to integrate with your CardUP account to further regulate access for all account-level access and user-access upon request.
We have made significant efforts to ensure we are in compliance with the General Data Protection Regulation (GDPR) and to help our customers comply with GDPR contractual obligations. To enter into CardUP's Data Processing Addendum (DPA), please contact to receive a copy for review and signature.
CardUP offers transparency into real-time and historicaland a 99.9% uptime commitment to our Enterprise customers. To view our Status Dashboard, visit status.getcardup.com.
CardUP's infrastructure investments provide daily backups, regional backups, and recovery procedures for restoring services in the event of unavoidable failures. We are committed to proactive optimizations.
CardUP's information security team continuously implements new security controls and monitors CardUP for malicious activity across physical data centers, networks, and IT devices to ensure optimal security.
Supporting your compliance needs
We understand the impact that compliance requirements have on your business. That’s why we're committed to providing features that may help you with your compliance strategies, in addition to enhancing our own body of compliance certifications.
EU General Data Protection Regulation (GDPR)
Service Organization Controls (SOC)
Federal Information Security Modernization Act (FISMA)
Get a personalized demo.
Get in touch with us to take a deeper dive into CardUP's security practices and philosophy. You can also learn more today by downloading our Trust and Security Whitepaper.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.